- From: Ritesh Angural <
>
- To:
- Subject: [chef] Re: Any security issues with creating EC2 ami with Chef Server installed?
- Date: Sat, 21 Dec 2013 01:35:37 +0800
Thanks Julian! Exactly the clarification I was looking for :)
Ritesh
On Dec 20, 2013, at 10:56 PM, Julian C. Dunn
<
>
wrote:
>
On Fri, Dec 20, 2013 at 1:18 AM, Ritesh Angural
>
<
>
>
wrote:
>
>
> I’m relatively new to chef so I’m wondering if there’s any security issues
>
> if I make an ec2 ami of an instance that’s running chef server?
>
>
>
> Currently to create an open source chef server, I’d have to
>
>
>
> 1) Create EC2 instance
>
> 2) SSH into the instance
>
> 3) Wget & dpfg using the omnibus installer
>
> 4) sudo chef-server-ctl reconfigure
>
>
>
> At this point, I’d like to make an EC2 ami & reuse it in future.
>
>
If you do point #4 and then snapshot the machine, the generated keys
>
for the Chef server will be identical for every instance you launch
>
from the AMI. That could be a security problem.
>
>
You should also be aware of
>
https://tickets.opscode.com/browse/CHEF-4883. Until we have a fix,
>
ensure that you launch the instance into a security group that doesn't
>
have wide-open ports.
>
>
- Julian
>
>
--
>
[ Julian C. Dunn
>
<
>
>
* Sorry, I'm ]
>
[ WWW: http://www.aquezada.com/staff/julian * only Web 1.0 ;]
>
[ gopher://sdf.org/1/users/keymaker/ * compliant! ;]
>
[ PGP: 91B3 7A9D 683C 7C16 715F 442C 6065 D533 FDC2 05B9 ]
Archive powered by MHonArc 2.6.16.