[chef] Re: chef server to manage EC2 instances


Chronological Thread 
  • From: Vladimir Girnet < >
  • To:
  • Subject: [chef] Re: chef server to manage EC2 instances
  • Date: Wed, 23 Jan 2013 17:05:49 +0200

You can set an additional protection layer by using httpd in fron of Chef Server
http://wiki.opscode.com/display/chef/How+to+Proxy+Chef+Server+with+Apache



Hi,

I have setup a chef server on EC2, to manage EC2 instances.   I have assigned
the DNS entry for chef.example.com to the public IP, so the web gui is
reachable from anywhere on the internet.     When it comes to bootstrapping
clients, I can create an entry in /etc/hosts , which points chef.example.com to
the private IP, which seems more secure , or I can open port 4000 in the
firewall, and use the public IP address.   Each has pros and cons.

The problem with adding the private IP into the hosts file, is that it's
pre-bootstrap manual labor every time, and in the event of an IP change, it
will be a lot of fixing.

The problem with using the public IP, is that port 4000 is open to the world.
Is that dangerous?

Any general comments or suggestions?

Thanks.

--
Vladimir Girnet
Senior Infrastructure Engineer
Tacit Knowledge
http://www.tacitknowledge.com




Archive powered by MHonArc 2.6.16.

§