- From: <
- Subject: [chef] Chef and information security between nodes
- Date: Mon, 23 Apr 2012 13:51:56 -0700 (PDT)
We have evaluated Puppet and Chef during one and a half month and have
decided to go with Chef !
"Almost" because we have got a "no-go" from the responsable of the
infrastructure due to the lack of security on node informations :(
We will have different VMs for different customers connected to the same Chef
When a node is connected to the Chef Server, with a properly knife configured
on it, it is possible to retrieve the list of all nodes from the Chef Server,
show the attributes of the different nodes, search the attributes among all
nodes, and so on...
This is a big issue for us since we must prevent a customer to see any
information about other customer. And I guess we are not the only ones who met
We consider as a security threat that, from a node, it is possible to show
information on other nodes.
We have looked for solution, and the only one we have found so far is to
the source code of the Chef Server API in order to add restriction such "a
is able to see only its own information".
Before we start to look more deeply in this solution, could you please let us
know if you see any other solution to our problem please ?
Thanks in advance for your feedback.
- [chef] Chef and information security between nodes, cl.subscription, 04/23/2012
Archive powered by MHonArc 2.6.16.