- From: Jesse Nelson <
>
- To: "
" <
>
- Cc: "
" <
>
- Subject: [chef] Re: Chef and information security between nodes
- Date: Tue, 24 Apr 2012 09:22:16 +0900
Sounds like you need to run a server per client. Use platform. Or code OSS
server to support organizations like platform.
On Apr 24, 2012, at 5:51 AM,
<
>
wrote:
>
Hello,
>
>
We have evaluated Puppet and Chef during one and a half month and have
>
"almost"
>
decided to go with Chef !
>
>
"Almost" because we have got a "no-go" from the responsable of the
>
infrastructure due to the lack of security on node informations :(
>
>
I explain:
>
We will have different VMs for different customers connected to the same
>
Chef
>
Server.
>
>
When a node is connected to the Chef Server, with a properly knife
>
configured
>
on it, it is possible to retrieve the list of all nodes from the Chef
>
Server,
>
show the attributes of the different nodes, search the attributes among all
>
the
>
nodes, and so on...
>
>
This is a big issue for us since we must prevent a customer to see any
>
information about other customer. And I guess we are not the only ones who
>
met
>
this issue...
>
>
We consider as a security threat that, from a node, it is possible to show
>
information on other nodes.
>
>
We have looked for solution, and the only one we have found so far is to
>
modify
>
the source code of the Chef Server API in order to add restriction such "a
>
node
>
is able to see only its own information".
>
>
Before we start to look more deeply in this solution, could you please let
>
us
>
know if you see any other solution to our problem please ?
>
>
Thanks in advance for your feedback.
>
>
Best regards,
>
Christophe
Archive powered by MHonArc 2.6.16.