-The default message targets looks like this:
-
-{% highlight console %}
- /topic/mcollective.agentname.command
- /topic/mcollective.agentname.reply
-{% endhighlight %}
-
-If you are using Subcollectives each subcollective will have topics like:
-
-{% highlight console %}
- /topic/subcollective.agentname.command
- /topic/subcollective.agentname.reply
-{% endhighlight %}
-
-For a node to belong to a sub collective he also need rights to these topics.
-
-The nodes only need read access to the command topics and only need write access to the reply topics. The examples below also give them admin access so these topics can be created dynamically. For simplicity we'll wildcard the agent names, you could go further and limit certain nodes to only run certain agents. Adding these controls effectively means anyone who gets onto your node will not be able to write to the command topics and so will not be able to send commands to the rest of the collective.
-
-There's one special case and that's the registration topic, if you want to enable the [registration feature][Registration] you should give the nodes access to write on the command channel for the registration agent. Nothing should reply on the registration topic so you can limit that in the ActiveMQ config.
-
-We'll let mcollective log in as the mcollective user, create a group called mcollectiveusers, we'll then give the mcollectiveusers group access to run as a typical registration enabled mcollective node.
-
-The rip user is a mcollective admin and can create commands and receive replies.
-
-First we'll create users and the groups.
-
-{% highlight xml %}
- <simpleAuthenticationPlugin>
- <users>
- <authenticationUser username="mcollective" password="pI1SkjRi" groups="mcollectiveusers,everyone"/>
- <authenticationUser username="rip" password="foobarbaz" groups="admins,everyone"/>
- </users>
- </simpleAuthenticationPlugin>
-{% endhighlight %}
-
-Now we'll create the access rights: