Sounds like you need to run a server per client. Use platform. Or code OSS server to support organizations like platform.
On Apr 24, 2012, at 5:51 AM, < "> > wrote:
> Hello,
>
> We have evaluated Puppet and Chef during one and a half month and have "almost"
> decided to go with Chef !
>
> "Almost" because we have got a "no-go" from the responsable of the
> infrastructure due to the lack of security on node informations :(
>
> I explain:
> We will have different VMs for different customers connected to the same Chef
> Server.
>
> When a node is connected to the Chef Server, with a properly knife configured
> on it, it is possible to retrieve the list of all nodes from the Chef Server,
> show the attributes of the different nodes, search the attributes among all the
> nodes, and so on...
>
> This is a big issue for us since we must prevent a customer to see any
> information about other customer. And I guess we are not the only ones who met
> this issue...
>
> We consider as a security threat that, from a node, it is possible to show
> information on other nodes.
>
> We have looked for solution, and the only one we have found so far is to modify
> the source code of the Chef Server API in order to add restriction such "a node
> is able to see only its own information".
>
> Before we start to look more deeply in this solution, could you please let us
> know if you see any other solution to our problem please ?
>
> Thanks in advance for your feedback.
>
> Best regards,
> Christophe
Archive powered by MHonArc 2.6.16.