General discussion about Chef

[chef] Re: *** PROBABLY SPAM *** Re: Re: Rack vulnerabilities in chef-server-webui in Chef Server 11


Chronological Thread 
  • From: Tensibai < >
  • To: < >
  • Subject: [chef] Re: *** PROBABLY SPAM *** Re: Re: Rack vulnerabilities in chef-server-webui in Chef Server 11
  • Date: Mon, 11 Feb 2013 14:46:30 +0100

...

Well ... no web-ui is a showstopper for us.

We have a lot of people working with it, mainly doing attribute edition and role/node association.

Peolple involved for this are quite unable to work with command line tools :/

I "wish" to find time to add ldap/AD support for web-ui authentication but I can't for now.

 

Learning web-ui will be discontinued is really sad for me as I spent time to spread chef usage within my company and this only point will be a wall on the road.

Moreover and talking only for myself (but that may apply elsewhere): this is the typical choice to give a cold shower toward any company 'trying' an open source project to see if it will fit or not.

 

In brief: I've the feeling I did loose 3 or 4 months working and talking about chef here as I know it won't be deployed more widely without a web-ui.

 

Regards.

 

Le 2013-02-10 03:26, Bryan McLellan a écrit :

I'm not sure how I successfully disabled the webui this morning, but
other Opscode folks tell me the correct
/etc/chef-server/chef-server.rb entry to disable the webui is this:

chef_server_webui['enable'] = false

Then run 'sudo chef-server-ctl reconfigure'

On Sat, Feb 9, 2013 at 12:53 PM, Jesse Campbell <
 
 ">
 > wrote:
Is the intention that starting with chef 12 server, the webui will be a value add of the hosted/private offerings?
Not exactly. Opscode Hosted and Private Chef (OHC + OPC) have had a
separate webui from Open Source for a long time. As we recently
announced [1], we've rewritten the OHC/OPC webui and added support for
new OPC features (and OHC where applicable) like activity reporting
and push client runs. So yes, there is a big value-add there, but
that's not why we're deprecating it.

In the history of the Open Source chef-server-webui project there have
only been 20 contributions with 37 commits (since August 2009). That's
less than one a month if you spread it out. We breathed a little life
into it by porting it from merb to rails3 but it is a completely
different project from our webui, so there's nothing to trickle down
to it. In the face of multiple security patches in under a week, most
people not using it, and very few developing it, it is more of a
liability than a feature.

Now, if anyone was about to say, "I love the webui, wanted to work on
it and just found a ton of spare time," we should talk about long-term
possibilities.

Bryan

[1] http://www.opscode.com/press-releases/opscode-announces-next-generation-of-private-chef-for-the-enterprise/

 

 

Archive powered by MHonArc 2.6.16.

§