Adam Gibbins - Blog
<< Back

Installing MCollective 2.2.0 on CentOS 6

Sep 22, 2012   609 words   #software #mcollective #centos

I have recently been reintroduced to CentOS having not used a RedHat distribution in anger since around RedHat Linux 7 (pre-RHEL). One of the first things I wanted to do was install MCollective, so I thought I’d document my journey. Below is how I went about installing ActiveMQ 5.5 for the messaging and MCollective 2.2.0, the most recent stable version at the time of writing on CentOS 6.3. I was suprised to learn that Puppet Labs have made this an incredibly easy process since my last attempt, specifically with their excellent ActiveMQ packaging.

First things first, install the Puppet Labs repository: rpm -Uvh http://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-5.noarch.rpm

ActiveMQ

Install Java 1.6 as 1.7 is not yet supported. The Oracle JRE works just as well however is not packaged in CentOS anymore due to inane distribution restrictions imposed by Oracle. So we’re going to go with OpenJDK: yum install java-1.6.0-openjdk

Install ActiveMQ: yum install activemq

Edit /etc/activemq/activemq.xml with the following configuration, obviously replacing the passwords as you go:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67

<beans
  xmlns="http://www.springframework.org/schema/beans"
  xmlns:amq="http://activemq.apache.org/schema/core"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
    http://activemq.apache.org/schema/core http://activemq.apache.org/schema/core/activemq-core.xsd
    http://activemq.apache.org/camel/schema/spring http://activemq.apache.org/camel/schema/spring/camel-spring.xsd">

    <broker xmlns="http://activemq.apache.org/schema/core" brokerName="localhost" useJmx="true" schedulePeriodForDestinationPurge="60000">
        <destinationPolicy>
            <policyMap>
              <policyEntries>
                <policyEntry topic=">" producerFlowControl="false"/>
                <policyEntry queue="*.reply.>" gcInactiveDestinations="true" inactiveTimoutBeforeGC="300000"/>
              </policyEntries>
            </policyMap>
        </destinationPolicy>

        <managementContext>
            <managementContext createConnector="false"/>
        </managementContext>

        <plugins>
          <statisticsBrokerPlugin/>
          <simpleAuthenticationPlugin>
            <users>
              <authenticationUser username="mcollective" password="eeVah9pahNgeefaikietohMa" groups="mcollective,everyone"/>
              <authenticationUser username="admin" password="Thih0theipeesuocie6eif9h" groups="mcollective,admins,everyone"/>
            </users>
          </simpleAuthenticationPlugin>
          <authorizationPlugin>
            <map>
              <authorizationMap>
                <authorizationEntries>
                  <authorizationEntry queue=">" write="admins" read="admins" admin="admins"/>
                  <authorizationEntry topic=">" write="admins" read="admins" admin="admins"/>
                  <authorizationEntry queue="mcollective.>" write="mcollective" read="mcollective" admin="mcollective"/>
                  <authorizationEntry topic="mcollective.>" write="mcollective" read="mcollective" admin="mcollective"/>
                  <authorizationEntry topic="ActiveMQ.Advisory.>" read="everyone" write="everyone" admin="everyone"/>
                </authorizationEntries>
              </authorizationMap>
            </map>
          </authorizationPlugin>
        </plugins>

        <systemUsage>
            <systemUsage>
                <memoryUsage>
                    <memoryUsage limit="20 mb"/>
                </memoryUsage>
                <storeUsage>
                    <storeUsage limit="1 gb"/>
                </storeUsage>
                <tempUsage>
                    <tempUsage limit="100 mb"/>
                </tempUsage>
            </systemUsage>
        </systemUsage>

        <transportConnectors>
            <transportConnector name="openwire" uri="tcp://0.0.0.0:6166"/>
            <transportConnector name="stomp" uri="stomp://0.0.0.0:6163"/>
        </transportConnectors>
    </broker>

    <import resource="jetty.xml"/>
</beans>

Restart ActiveMQ to load the new configuration: service activemq restart

MCollective Server

Next we need to install MCollective on each node you wish to be part of the collective: yum install mcollective

Configure MCollective in /etc/mcollective/server.cfg with some basic settings:

topicprefix = /topic/
main_collective = mcollective
collectives = mcollective
libdir = /usr/libexec/mcollective
logfile = /var/log/mcollective.log
loglevel = info
daemonize = 1

# Plugins
securityprovider = psk
plugin.psk = eiqu5aeKahxeemith6Sahkah

connector = stomp
plugin.stomp.host = localhost
plugin.stomp.port = 6163
plugin.stomp.user = mcollective
plugin.stomp.password = eeVah9pahNgeefaikietohMa

# Facts
factsource = yaml
plugin.yaml = /etc/mcollective/facts.yaml

Restart MCollective to load the new configuration: service mcollective restart

MCollective Client

Install the client: yum install mcollective-client

Likewise configure the client with similar settings in /etc/mcollective/client.cfg:

topicprefix = /topic/
main_collective = mcollective
collectives = mcollective
libdir = /usr/libexec/mcollective
logger_type = console
loglevel = warn

# Plugins
securityprovider = psk
plugin.psk = eiqu5aeKahxeemith6Sahkah

connector = stomp
plugin.stomp.host = localhost
plugin.stomp.port = 6163
plugin.stomp.user = mcollective
plugin.stomp.password = eeVah9pahNgeefaikietohMa

# Facts
factsource = yaml
plugin.yaml = /etc/mcollective/facts.yaml

Now verify you can now communicate with your node:

aeg@client ~ % mco inventory node1.example.com
Inventory for node1.example.com:

   Server Statistics:
                      Version: 2.2.0
                   Start Time: Sat Sep 22 03:19:52 +0100 2012
                  Config File: /etc/mcollective/server.cfg
                  Collectives: mcollective
              Main Collective: mcollective
                   Process ID: 1567
               Total Messages: 1
      Messages Passed Filters: 1
            Messages Filtered: 0
             Expired Messages: 0
                 Replies Sent: 0
         Total Processor Time: 0.02 seconds
                  System Time: 0.02 seconds

 Agents:
    discovery       rpcutil

 Data Plugins:
    agent           fstat

 Configuration Management Classes:
    No classes applied

 Facts:
    mcollective => 1

In future posts I’ll cover securing MCollective from traffic sniffing and man in the middle attacks.

comments powered by Disqus