Best? Purchase an Enterprise Chef license. While you might be able to hack this together, its going to be both highly insecure (no audit records, etc) and very breakable.
On Jul 19, 2014, at 4:32 PM, Ameir Abdeldayem < "> > wrote:
> Hello,
>
> I work at a big company with several different ops teams. For the most part, each ops team maintains its own open-source Chef server.
>
> I'm looking into the feasibility of mimicking the Hosted Chef style of paths, e.g. /organizations/opsteam1. So, for a node list from knife, the request would look like 'GET /organizations/opsteam1/nodes'.
>
> If I put this behind a proxy and rewrite the path to just '/nodes', I get a 401. After looking at the auth page at http://docs.opscode.com/auth.html, that makes sense, since the hashed path is part of the signed request.
>
> In order for this to work, the client needs to sign the request with '/nodes' as the path, even if the target path differs.
>
> I know I'll likely need to override https://github.com/opscode/mixlib-authentication/blob/a32e96a6a8cd53e2ff2a775ef0f757550289f89b/lib/mixlib/authentication/signedheaderauth.rb#L119 in both knife and chef-client to achieve what I'm looking for. I don't mind requiring that folks install a knife plugin or a gem for this to work.
>
> Could you give me direction on how to best achieve this?
--Noah
Archive powered by MHonArc 2.6.16.