[chef] Re: Re: Re: RE: Re: Chef Node Access to Server via Relay Machine

[Mike Thibodeau < >]

That is a great idea and quite powerful. It would enable chef-server, or a duly appointed node, to use cookbooks to manage almost anything. I have an immediate example: IBM Datapower. The config is nearly all XML.

Having chef able to manage the node externally via any combination of ssh, http, serial, directly or through another node removes these devices from my list of gaps. 

Could do same for almost any special hardware by defining the primitives and adding recipes for the DCL

On Jul 12, 2014, at 3:13 AM, Tensibai Zhaoying < "> > wrote:

It makes me think about an old term: managed nodes, where client on the node is not possible for different reasons.

The main idea is box A run chef with ohai from box B got by ssh or other mean, converge localy and do the necessary changes by the same way.

Would be useful for dmz boxes, switches, and probably others I don't think of.

Is the managed node still on the chef roadmap or is it something to be created from scratch ?

---- Noah Kantrowitz a écrit ----

> What you are describing is a proxy, so if a proxy is disallowed you can't do that either.
>
> --Noah
>
> On Jul 11, 2014, at 7:07 PM, Kapil Shardha < "> > wrote:
>
> > Thanks for the suggestion. I am aware of the proxy settings but in this case, setting up a proxy may or may not be allowed (due to some constraints).
> >
> > That is why I wanted to discuss and learn about some alternate solution.
> >
> > I forgot to mention one point in my suggested approach. I will have to consider allowing/adding routes for other  URLs if I would be using some community cookbook where the files etc are hosted on AWS.
> >
> > Thanks
> >
> > -Kapil
> >
> >
> > -----Original Message-----
> > From: Julian C. Dunn [mailto: "> ]
> > Sent: Friday, July 11, 2014 5:16 PM
> > To: ">
> > Subject: [chef] Re: Chef Node Access to Server via Relay Machine
> >
> > Why not just set up a proxy server between the Chef server and the node under management? Chef Client can connect to the Chef Server via a HTTP proxy.
> >
> > - Julian
> >
> > On Fri, Jul 11, 2014 at 4:58 PM, Kapil Shardha < "> > wrote:
> >> Hi,
> >>
> >>
> >>
> >> In the Chef requirement doc
> >> (http://docs.opscode.com/chef_system_requirements.html) , it is
> >> mentioned that each node and workstation must have access to the Chef
> >> Server via HTTPS.
> >>
> >> I have a scenario where a chef node is in an isolated network and does
> >> not have direct connection/ access to internet. In this scenario the
> >> Chef Server is hosted outside this network and is accessible over the
> >> internet. The same network has another machine that can connect to the
> >> internet. Is there a way to configure chef-client on the node to
> >> connect to chef-server via the machine that can access internet, as a relay machine?
> >>
> >>
> >>
> >> If not, I was thinking of following configuration and before I test it
> >> out, just want to get some input from others:
> >>
> >>
> >>
> >> 1.       Configure static mapping of Chef-server IP-URL in Hosts file (node
> >> is running Windows OS)
> >>
> >> 2.       On the node, create a static route for Chef-server IP with internet
> >> accessing machine as the Gateway.
> >>
> >>
> >>
> >> Do you see any issues with this setup?
> >>
> >>
> >>
> >> Thanks
> >>
> >>
> >>
> >> -Kapil
> >>
> >>
> >>
> >>
> >
> >
> >
> > --
> > [ Julian C. Dunn < "> >          * Sorry, I'm    ]
> > [ WWW: http://www.aquezada.com/staff/julian   ; * only Web 1.0  ]
> > [ gopher://sdf.org/1/users/keymaker/          ; * compliant!    ]
> > [ PGP: 91B3 7A9D 683C 7C16 715F 442C 6065 D533 FDC2 05B9       ]