chef - [chef] Re: Ideas for using Chef across VPN

Subscribers: 1946
Owners
Bryan McLellan
Joshua Timberman
Nathen Harvey
Seth Chisamore
Serdar Sutay

Subscribe
Unsubscribe
Info
Archive

Post

RSS
Shared documents

General discussion about Chef

[chef] Re: Ideas for using Chef across VPN

From: Bryan McLellan < >
To:
Subject: [chef] Re: Ideas for using Chef across VPN
Date: Mon, 17 May 2010 10:39:28 -0700

On Sun, May 16, 2010 at 4:25 AM, Dmitry V'yal
< >
wrote:
> I have some ideas about using chef-solo to bootstrap chef-client and OpenVPN
> client on the workstations but I'm interesting in comments from more
> experienced chef users.
>
> Is it a feasible idea? How best to manage openvpn keys?

I've done this with EC2 nodes that needed to communicate with other
servers in a physical datacenter.

I manually created the keypairs and added them to a central chef
repository. When a new node is built, a number of prerequisite tasks
are completed related to the EC2 instance, then the openvpn cookbook
is copied out to the node. Chef-solo runs, and brings up a vpn
connection. Then chef-client runs to register with a chef-server on
the other side of the VPN link.

It took quite a bit of tinkering to get this functional, mostly
because of OpenVPN being quirky, but once I did its easy to appreciate
configuration management when it can bring up an openvpn link on a
fresh EC2 node in an instant.

Bryan

[chef] Ideas for using Chef across VPN, Dmitry V'yal, 05/16/2010
- [chef] Re: Ideas for using Chef across VPN, dreamcat four, 05/16/2010
  - [chef] Re: Re: Ideas for using Chef across VPN, Dmitry V'yal, 05/16/2010
    - [chef] Re: Re: Re: Ideas for using Chef across VPN, dreamcat four, 05/16/2010
      - [chef] Re: Re: Re: Re: Ideas for using Chef across VPN, Joshua Timberman, 05/17/2010
- [chef] Re: Ideas for using Chef across VPN, Bryan McLellan, 05/17/2010
  - [chef] Re: Re: Ideas for using Chef across VPN, Dmitry V'yal, 05/20/2010