[chef] Re: Chef and information security between nodes


Chronological Thread 
  • From: James < >
  • To:
  • Subject: [chef] Re: Chef and information security between nodes
  • Date: Mon, 23 Apr 2012 14:21:42 -0700

You could also use chef-solo for this purpose, though you lose some of the great features in chef-server/hosted. 

James

On Mon, Apr 23, 2012 at 1:51 PM, < " target="_blank"> > wrote:
Hello,

We have evaluated Puppet and Chef during one and a half month and have "almost"
decided to go with Chef !

"Almost" because we have got a "no-go" from the responsable of the
infrastructure due to the lack of security on node informations :(

I explain:
We will have different VMs for different customers connected to the same Chef
Server.

When a node is connected to the Chef Server, with a properly knife configured
on it, it is possible to retrieve the list of all nodes from the Chef Server,
show the attributes of the different nodes, search the attributes among all the
nodes, and so on...

This is a big issue for us since we must prevent a customer to see any
information about other customer. And I guess we are not the only ones who met
this issue...

We consider as a security threat that, from a node, it is possible to show
information on other nodes.

We have looked for solution, and the only one we have found so far is to modify
the source code of the Chef Server API in order to add restriction such "a node
is able to see only its own information".

Before we start to look more deeply in this solution, could you please let us
know if you see any other solution to our problem please ?

Thanks in advance for your feedback.

Best regards,
Christophe




Archive powered by MHonArc 2.6.16.

§