[chef] Re: Re: Re: Re: Re: Rack vulnerabilities in chef-server-webui in Chef Server 11

[Jesse Campbell < >]

If you get a json editor that runs either in the shell or in a window, you can run knife node edit with -e followed by the editor of your choice...

-jesse

On Mon, Feb 11, 2013 at 11:44 AM, Paul Graydon < " target="_blank"> > wrote:

Another +1 for the WebUI.  We use it all the time.  I'd argue it's my predominant way of interacting with chef for that matter.  About the only thing I do from the command line is cookbook stuff.  I know I'm not the only one that I absolutely hates editing json.  knife node edit pisses me off almost every time I use it, through syntax mistakes etc. etc.

Paul

On 2/11/2013 4:13 AM, Mat Davies wrote:

I have to say I agree with others like Tensibai, Senthilvel and Joshua that chef without webui is a major negative to me. 

a basic webui that allows for easy checking of basic status and node editing is needed for a lot of us to show this isn't some black art to other sysadmins and managers and that it is something they can get behind.

On 10 February 2013 02:26, Bryan McLellan < " target="_blank"> > wrote:

I'm not sure how I successfully disabled the webui this morning, but
other Opscode folks tell me the correct
/etc/chef-server/chef-server.rb entry to disable the webui is this:

chef_server_webui['enable'] = false

Then run 'sudo chef-server-ctl reconfigure'

On Sat, Feb 9, 2013 at 12:53 PM, Jesse Campbell < " target="_blank"> > wrote:
> Is the intention that starting with chef 12 server, the webui will be a
> value add of the hosted/private offerings?

Not exactly. Opscode Hosted and Private Chef (OHC + OPC) have had a
separate webui from Open Source for a long time. As we recently
announced [1], we've rewritten the OHC/OPC webui and added support for
new OPC features (and OHC where applicable) like activity reporting
and push client runs. So yes, there is a big value-add there, but
that's not why we're deprecating it.

In the history of the Open Source chef-server-webui project there have
only been 20 contributions with 37 commits (since August 2009). That's
less than one a month if you spread it out. We breathed a little life
into it by porting it from merb to rails3 but it is a completely
different project from our webui, so there's nothing to trickle down
to it. In the face of multiple security patches in under a week, most
people not using it, and very few developing it, it is more of a
liability than a feature.

Now, if anyone was about to say, "I love the webui, wanted to work on
it and just found a ton of spare time," we should talk about long-term
possibilities.

Bryan

[1] http://www.opscode.com/press-releases/opscode-announces-next-generation-of-private-chef-for-the-enterprise/