This document outlines the changes that need to be made to the MCollective Chef cookbook for a 1.0.0 release.
The mcollective client can optionally be configured with separate middleware credentials. By default, the client will use the same credentials as the server. Two new attributes have been added to specify the client credentials:
node['mcollective']['stomp']['username']
node['mcollective']['stomp']['password']
node['mcollective']['stomp']['client_username']
node['mcollective']['stomp']['client_password']
As part of this change, credentials have been moved from
plugin.d/activemq.cfg
and plugin.d/rabbitmq.cfg
to client.cfg
and server.cfg
.
This has been updated in git, but not released - retest to see which changes are required.
It has been reported that this method only works correctly when chef-client is running (pid exists), and otherwise reports an error. This should be more similar to the Puppet agent output:
- OK => chef-client is running
- Stopped => chef-client is configured, but not running (init script present but pid file absent?)
- Missing => no init script present (?)
MCollective plugins are now typically shipped as OS packages (for rhel/debian platform_family's, at least). It should not be necessary to write a write a wrapper cookbook to specify additional packages to install - instead, provide some attributes.
Attribute changes:
node['mcollective']['agent_packages']
- array of package names(?)
The cookbook only provides attributes for specifying a single activemq/rabbitmq server, and lacks attributes for configuring any other connector options. It should be possible to configure a pool of servers, and the remaining options listed in the documentation should also be added:
- http://docs.puppetlabs.com/mcollective/reference/plugins/connector_activemq.html
- http://docs.puppetlabs.com/mcollective/reference/plugins/connector_rabbitmq.html
The cookbook provides an attribute to specify which security provider will be used, but only has attributes for the PSK provider. Add attributes for configuring the SSL plugin.
The current agent has a "wake_daemon" action, which will signal a running chef-client daemon to run. There is no analogous action to run chef-client once (if it's not already running).
Add a "runonce" action with the following behaviour:
- if chef-client is running, do the same thing as
wake_daemon
- if chef-client is configured but not running, run it with the
--once
option. - if chef-client not configured, return an error/
TODO.md (in the repo) hints at a few more possible improvements and additions, and I have other things in mind (eg, enhancements to the agent plugin, add an application plugin, expose Chef status through a data plugin).
It might be better to create Github issues for some (or all) of these.