More secure implementation of the puppet push update function via mcollective

1 Introduction

1.1 Mcollective Introduction

Mcollective is a framework for building server orchestration (servers orchestration) and parallel work execution systems.
First, mcollective is a system management solution for programmable control of server clusters. At this point, it functions similarly: Func,fabric and Capistrano.

Second, Mcollective's design breaks down on central-storage systems and tools like SSH, and is no longer just obsessed with ssh for loops. It uses modern tools such as publishing subscription middleware (Publish Subscribe middleware) and the modern idea of discovering network resources in real time through target data (metadata) rather than host name (hostnames). Provides an extensible and rapid, parallel execution environment.

The Mcollective tool is a command-line interface, but it can communicate with thousands of application instances, and the speed of transmission is staggering. Regardless of where the deployed instance is located, communication can be transmitted at wire speed, using a similar multicast push information system. The Mcollective tool does not have a visual user interface, and users can only retrieve instances that need to be applied by retrieving them. Puppet Dashboard provides this part of the functionality.

Mcollective Features:

Ability to interact with small to large server clusters

Using the broadcast paradigm (broadcast paradigm) for request distribution, all servers receive requests at the same time, and only servers that match the filters that are included with the request will execute those requests. Without a central database to synchronize, the network is the only truth

The complex naming rules that used the host name as the authentication method were broken. Use the rich target data provided by each machine itself to locate them. The target data comes from: Puppet, Chef, Facter, Ohai, or a plugin provided by itself

To invoke a remote proxy using the command line

Ability to write a customized device report

A large number of agents to manage packages, services, and other common components from the community

Allow SIMPLERPC-style proxies, clients, and use Ruby to implement Web UIs

External pluggable (pluggable) to achieve local requirements

The middleware system has a rich authentication and authorization model, which is used as the first line of defense.

Reuse middleware for clustering, routing, and network isolation for secure and extensible installation.

Mcollective is a frame, an empty shell. It can be replaced by custom except for the MCO command.

Note: For more information please refer to http://docs.puppetlabs.com/

Introduction to 1.2 Middleware (RABBITMQ, ActiveMQ)

RABBITMQ is a Message Queuing service that implements the advanced Message Queuing Protocol (AMQP). RABBITMQ is built based on the OTP (Open Telecom Platform, development telecommunications platform) and is implemented using the Erlang language and runtime environment.
ActiveMQ is the most popular and powerful open source message bus produced by Apache. ActiveMQ is a JMS provider implementation that fully supports JMS1.1 and Java EE 1.4 specifications

Note: Mcollective is developed and tested based on the Apache ACTIVEMQ middleware, but its reliance on Java and XML-formatted configuration files allows us to shift our attention and interest to RABBITMQ middleware services. Deploying ACTIVEMMQ is a better option, given performance and scalability.

1.3 Working principle Diagram

Mcollective Trigger Update diagram

Note: For more details please refer to
Http://docs.puppetlabs.com/mcollective/reference/basic/messageflow.html