Chef Compliance


#1

Does anybody find Chef Compliance to bit a tad bit buggy and bit incomplete?

  • You can add a scheduled scan, but you can’t edit it, forcing you to delete it.
  • It won’t login via ssh on new hosts, forcing you to manually login to get the Chef-compliance server to accept the key.
    – On that note, there is no feedback if the Chef Compliance server is unable to login into the machine.
  • No integration with the existing chef server, forcing you to add the nodes manually.
  • cis/cis-ubuntu-level1 and cis/cis-ubuntu-level2 profiles had some bugs with the check, giving out false positives (example: the permissions on crontab).
  • You can’t edit the profiles inline
  • Upgrades does not update the underlying database.
  • Uninstallation does not purge the data, even if you explicitly tell it too, forcing your to remove the files manually.
  • No apparent mechanism to upload new profiles other than the Web GUI
  • Report displays all the nodes on the same page, forcing you to scroll down.

Hopefully it improves quickly. I like Chef-compliance, but I don’t see how it is useable for any non-trival size environments.

  • Rilindo

#2

Hi RIlindo

Can you post your feedback to https://feedback.chef.io/ ?


#3

Done. I got most of them in (except for a couple that needs more thought).


#4

Thanks Rilindo, really appreciate your taking the time to share your feedback! I’ll make sure the product owner for Compliance (Dominik) has a look. Cheers!