Kevin Keane
The NetTech
760-721-8339
http://www.4nettech.com
Our values: Privacy, Liberty, Justice
See https://www.4nettech.com/corp/the-nettech-values.html
-----Original message-----
From: Tensibai Zhaoying < >
Sent: Sunday 13th July 2014 12:33
To:
Subject: [chef] Re: Re: Re: Re: Re: Re: RE: Re: Chef Node Access to Server via Relay Machine
OK, sounds like I'll have to work on it for Cisco nexus and checkpoint voiding (?) warranty if something else than their package is installed...
Thanks for the update Noah
---- Noah Kantrowitz a écrit ----
Cisco hasn't really come up much. I know there are builds running on Arista and Cumulus gear, and I think I've heard work done on Broadcom and Juniper. All of those are running embedded linux (or something close enough to it) so it is mostly a question of compiling Ruby/Chef and making nice cookbooks and resources for configuration.
--Noah
On Jul 12, 2014, at 12:38 PM, Tensibai Zhaoying < " target="_blank" title="This external link will open in a new window"> > wrote:
> ?? How could chef run on a Cisco device ?
> For the others I may one way or two, but in switches...
>
>
>
> ---- Noah Kantrowitz a écrit ----
>
> This is was mostly being discussed as a way to work with Chef+networking hardware, and instead that has gone in the direction of running chef on the devices themselves.
>
> --Noah
>
> On Jul 12, 2014, at 12:13 AM, Tensibai Zhaoying < " target="_blank" title="This external link will open in a new window"> > wrote:
>
> > It makes me think about an old term: managed nodes, where client on the node is not possible for different reasons.
> >
> > The main idea is box A run chef with ohai from box B got by ssh or other mean, converge localy and do the necessary changes by the same way.
> >
> > Would be useful for dmz boxes, switches, and probably others I don't think of.
> >
> > Is the managed node still on the chef roadmap or is it something to be created from scratch ?
> >
> > ---- Noah Kantrowitz a écrit ----
> >
> > > What you are describing is a proxy, so if a proxy is disallowed you can't do that either.
> >
> >
> > >
> >
> >
> > > --Noah
> >
> >
> > >
> >
> >
> > > On Jul 11, 2014, at 7:07 PM, Kapil Shardha < " target="_blank" title="This external link will open in a new window">
> > > wrote:
> >
> >
> > >
> >
> >
> > > > Thanks for the suggestion. I am aware of the proxy settings but in this case, setting up a proxy may or may not be allowed
> > (due to some constraints).
> >
> >
> > > >
> >
> >
> > > > That is why I wanted to discuss and learn about some alternate solution.
> >
> >
> > > >
> >
> >
> > > > I forgot to mention one point in my suggested approach. I will have to consider allowing/adding routes for other URLs if I
> > would be using some community cookbook where the files etc are hosted on AWS.
> >
> >
> > > >
> >
> >
> > > > Thanks
> >
> >
> > > >
> >
> >
> > > > -Kapil
> >
> >
> > > >
> >
> >
> > > >
> >
> >
> > > > -----Original Message-----
> >
> >
> > > > From: Julian C. Dunn [mailto: " target="_blank" title="This external link will open in a new window">
> > ]
> >
> >
> > > > Sent: Friday, July 11, 2014 5:16 PM
> >
> >
> > > > To: " target="_blank" title="This external link will open in a new window">
> >
> >
> >
> > > > Subject: [chef] Re: Chef Node Access to Server via Relay Machine
> >
> >
> > > >
> >
> >
> > > > Why not just set up a proxy server between the Chef server and the node under management? Chef Client can connect to
> > the Chef Server via a HTTP proxy.
> >
> >
> > > >
> >
> >
> > > > - Julian
> >
> >
> > > >
> >
> >
> > > > On Fri, Jul 11, 2014 at 4:58 PM, Kapil Shardha < " target="_blank" title="This external link will open in a new window">
> > > wrote:
> >
> >
> > > >> Hi,
> >
> >
> > > >>
> >
> >
> > > >>
> >
> >
> > > >>
> >
> >
> > > >> In the Chef requirement doc
> >
> >
> > > >> (http://docs.opscode.com/chef_system_requirements.html
> > ) , it is
> >
> >
> > > >> mentioned that each node and workstation must have access to the Chef
> >
> >
> > > >> Server via HTTPS.
> >
> >
> > > >>
> >
> >
> > > >> I have a scenario where a chef node is in an isolated network and does
> >
> >
> > > >> not have direct connection/ access to internet. In this scenario the
> >
> >
> > > >> Chef Server is hosted outside this network and is accessible over the
> >
> >
> > > >> internet. The same network has another machine that can connect to the
> >
> >
> > > >> internet. Is there a way to configure chef-client on the node to
> >
> >
> > > >> connect to chef-server via the machine that can access internet, as a relay machine?
> >
> >
> > > >>
> >
> >
> > > >>
> >
> >
> > > >>
> >
> >
> > > >> If not, I was thinking of following configuration and before I test it
> >
> >
> > > >> out, just want to get some input from others:
> >
> >
> > > >>
> >
> >
> > > >>
> >
> >
> > > >>
> >
> >
> > > >> 1. Configure static mapping of Chef-server IP-URL in Hosts file (node
> >
> >
> > > >> is running Windows OS)
> >
> >
> > > >>
> >
> >
> > > >> 2. On the node, create a static route for Chef-server IP with internet
> >
> >
> > > >> accessing machine as the Gateway.
> >
> >
> > > >>
> >
> >
> > > >>
> >
> >
> > > >>
> >
> >
> > > >> Do you see any issues with this setup?
> >
> >
> > > >>
> >
> >
> > > >>
> >
> >
> > > >>
> >
> >
> > > >> Thanks
> >
> >
> > > >>
> >
> >
> > > >>
> >
> >
> > > >>
> >
> >
> > > >> -Kapil
> >
> >
> > > >>
> >
> >
> > > >>
> >
> >
> > > >>
> >
> >
> > > >>
> >
> >
> > > >
> >
> >
> > > >
> >
> >
> > > >
> >
> >
> > > > --
> >
> >
> > > > [ Julian C. Dunn < " target="_blank" title="This external link will open in a new window">
> > > * Sorry, I'm ]
> >
> >
> > > > [ WWW: http://www.aquezada.com/staff/julian ; ;
> > ; * only Web 1.0 ]
> >
> >
> > > > [ gopher://sdf.org/1/users/keymaker/ ; ;
> > ; * compliant! ]
> >
> >
> > > > [ PGP: 91B3 7A9D 683C 7C16 715F 442C 6065 D533 FDC2 05B9 ]
> >
>
Archive powered by MHonArc 2.6.16.