Does anybody find Chef Compliance to bit a tad bit buggy and bit incomplete?
- You can add a scheduled scan, but you can’t edit it, forcing you to delete it.
- It won’t login via ssh on new hosts, forcing you to manually login to get the Chef-compliance server to accept the key.
– On that note, there is no feedback if the Chef Compliance server is unable to login into the machine.
- No integration with the existing chef server, forcing you to add the nodes manually.
- cis/cis-ubuntu-level1 and cis/cis-ubuntu-level2 profiles had some bugs with the check, giving out false positives (example: the permissions on crontab).
- You can’t edit the profiles inline
- Upgrades does not update the underlying database.
- Uninstallation does not purge the data, even if you explicitly tell it too, forcing your to remove the files manually.
- No apparent mechanism to upload new profiles other than the Web GUI
- Report displays all the nodes on the same page, forcing you to scroll down.
Hopefully it improves quickly. I like Chef-compliance, but I don’t see how it is useable for any non-trival size environments.