On Thu, Oct 06, 2016 at 08:43:54AM +0100, R.I.Pienaar wrote: > > > ----- Original Message ----- > > From: "Christopher Wood" <christopher_w...@pobox.com> > > To: "mcollective-users" <mcollective-users@googlegroups.com> > > Sent: Wednesday, 5 October, 2016 22:19:50 > > Subject: Re: [mcollective-users] translate activemq subcollectives to > > nats.io > > > Subcollectives indeed work fine. So far I have things running on a single > > host > > and the setup was much easier than doing something similar with activemq > > several years ago. Everything I could think to try works the same. > > > > Next to fully puppetize the setup and persuade the security department to > > open > > another port for nats (oh dear). > > Did you use the module the wiki recommend? It's simple but does what you want > including > clustering > > > Mild nitpick: there doesn't seem to be a client config file option for cert > > and > > key. I know there are environment variable options but enough people will > > forget to set those on every login (environment with no persistent > > .bash_profile or similar, yes indeed). My workaround will be to provide a > > short > > puppet manifest to reshape their client config since any shuffling errors > > will > > be obvious when mailed back. It would definitely be easier to have people > > copy > > activemq cert params into choria cert params. > > why do you wish to change these paths? It defaults to the same ones puppet > use > for a reason - you should not need to make any client configuration at all, > just > put the certs in the puppet location - which 'mco choria request_cert' does > for > you
If I were setting things up from scratch in regular home directories the choria technique would be suitable, but I'm not. I have the usual corporate things going on: 1) The new cert location is not in "$HOME/.mcollective.d". It took a great deal of protracted discussion with the security department to permit .mcollective and .mcollective.d (certs and things) to persist overnight in users' home directories. Most every other file under $HOME on the authorized mco client hosts get removed nightly. I will be re-opening that discussion. 2) Everybody has their own (working) certs and configs from the current production install. It was like pulling teeth the first time to get people set up despite the detailed instructions; what is straightforward and obvious to me is not so obvious to others. That includes running a cert management command based on my experience here. NB: This is of course a policy issue not an mcollective issue, I myself wouldn't go and add this functionality based on the description of the issues. Policies have results and working around them in a corporate environment rarely ends well. > -- > > --- > You received this message because you are subscribed to the Google Groups > "mcollective-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to mcollective-users+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "mcollective-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to mcollective-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.