Re: some questions


Chronological Thread 
  • From: AJ Christensen <aj@junglist.gen.nz>
  • To: chef@lists.opscode.com
  • Subject: Re: some questions
  • Date: Sat, 18 Apr 2009 00:39:00 +1200

This is a major problem, and something we've discussed although no concrete decisions going forward have been made.

I'm interested in potential solutions for this, but walking recipes (server) included on a node for include_recipe and only caching those ones seems like a pretty good solution.

On 17/04/2009, at 11:48 PM, Miguel Cabeça wrote:

Hi,


Chef client will cache all cookbooks available from the Chef server each time.

Does anyone else see a problem with this?This means any node managed by a chef server will have access to recipes, files and templates meant for any other node. If one node is compromised, the atacker will have access to sensitive data for that node and for any other node just by looking at the Chef client cache.

I know that the chef server is dumb and all the smarts are on the chef client by design, but perhaps a smart move would be to give some recipe processing brains to Chef server. At least to let it make decisions about what coockbooks to provide to each client based on "include_recipe" directives.

For now, I'll have to leave my multi-user machines outside of chef management because of that.

I know that this may not be a big problem for the typical use of Chef that I'm aware of (Web app server farms), for for my usage scenario (Computer center of a major University in Portugal, with servers, multi-user clusters and personal workstations) it is.

What are your thoughts on that?

Best Regards

Miguel Cabeça





Archive powered by MHonArc 2.6.16.

§