[chef] Re: RE: Re: Chef Node Access to Server via Relay Machine

[JOHN HASTY < >]

I have a similar situation. But what we have done is set up firewall rules so that the nodes can access the Chef Server. No files are allowed to be installed directly from AWS or any other source. So they are copied to our server and installed from there. That way we have a more secure network and we can be assured we are installing the same version of the file each time.



JOHN HASTY
Software as a Service - DevOps
Software Group

Phone: 1-512-804-9968 E-mail:  " target="_blank">	2407 S Congress Ave Ste E-350 Austin, TX 78704 United States

Kapil Shardha ---07/11/2014 09:08:12 PM---Thanks for the suggestion. I am aware of the proxy settings but in this case, setting up a proxy may

From:	Kapil Shardha <
 >
To:	"
 " <
 >
Date:	07/11/2014 09:08 PM
Subject:	[chef] RE: Re: Chef Node Access to Server via Relay Machine

---

Thanks for the suggestion. I am aware of the proxy settings but in this case, setting up a proxy may or may not be allowed (due to some constraints).

That is why I wanted to discuss and learn about some alternate solution.

I forgot to mention one point in my suggested approach. I will have to consider allowing/adding routes for other  URLs if I would be using some community cookbook where the files etc are hosted on AWS.

Thanks

-Kapil


-----Original Message-----
From: Julian C. Dunn [
 
 ">mailto:
 ] 
Sent: Friday, July 11, 2014 5:16 PM
To: 
 
Subject: [chef] Re: Chef Node Access to Server via Relay Machine

Why not just set up a proxy server between the Chef server and the node under management? Chef Client can connect to the Chef Server via a HTTP proxy.

- Julian

On Fri, Jul 11, 2014 at 4:58 PM, Kapil Shardha <
 > wrote:
> Hi,
>
>
>
> In the Chef requirement doc
> (http://docs.opscode.com/chef_system_requirements.html) , it is 
> mentioned that each node and workstation must have access to the Chef 
> Server via HTTPS.
>
> I have a scenario where a chef node is in an isolated network and does 
> not have direct connection/ access to internet. In this scenario the 
> Chef Server is hosted outside this network and is accessible over the 
> internet. The same network has another machine that can connect to the 
> internet. Is there a way to configure chef-client on the node to 
> connect to chef-server via the machine that can access internet, as a relay machine?
>
>
>
> If not, I was thinking of following configuration and before I test it 
> out, just want to get some input from others:
>
>
>
> 1.       Configure static mapping of Chef-server IP-URL in Hosts file (node
> is running Windows OS)
>
> 2.       On the node, create a static route for Chef-server IP with internet
> accessing machine as the Gateway.
>
>
>
> Do you see any issues with this setup?
>
>
>
> Thanks
>
>
>
> -Kapil
>
>
>
>



-- 
[ Julian C. Dunn <
 >          * Sorry, I'm    ]
[ WWW: http://www.aquezada.com/staff/julian    * only Web 1.0  ]
[ gopher://sdf.org/1/users/keymaker/           * compliant!    ]
[ PGP: 91B3 7A9D 683C 7C16 715F 442C 6065 D533 FDC2 05B9       ]