We have evaluated Puppet and Chef during one and a half month and have "almost"
decided to go with Chef !
“Almost” because we have got a “no-go” from the responsable of the
infrastructure due to the lack of security on node informations
We will have different VMs for different customers connected to the same Chef
When a node is connected to the Chef Server, with a properly knife configured
on it, it is possible to retrieve the list of all nodes from the Chef Server,
show the attributes of the different nodes, search the attributes among all the
nodes, and so on…
This is a big issue for us since we must prevent a customer to see any
information about other customer. And I guess we are not the only ones who met
We consider as a security threat that, from a node, it is possible to show
information on other nodes.
We have looked for solution, and the only one we have found so far is to modify
the source code of the Chef Server API in order to add restriction such “a node
is able to see only its own information”.
Before we start to look more deeply in this solution, could you please let us
know if you see any other solution to our problem please ?
Thanks in advance for your feedback.