I have a similar situation. But what we have done is set up firewall rules
so that the nodes can access the Chef Server. No files are allowed to be
installed directly from AWS or any other source. So they are copied to our
server and installed from there. That way we have a more secure network and
we can be assured we are installing the same version of the file each time.
Software as a Service - DevOps
Phone: 1-512-804-9968 IBM
2407 S Congress Ave Ste E-350
Austin, TX 78704
From: Kapil Shardha Kapil.Shardha@SimulationIQ.com
To: "firstname.lastname@example.org" email@example.com
Date: 07/11/2014 09:08 PM
Subject: [chef] RE: Re: Chef Node Access to Server via Relay Machine
Thanks for the suggestion. I am aware of the proxy settings but in this
case, setting up a proxy may or may not be allowed (due to some
That is why I wanted to discuss and learn about some alternate solution.
I forgot to mention one point in my suggested approach. I will have to
consider allowing/adding routes for other URLs if I would be using some
community cookbook where the files etc are hosted on AWS.
From: Julian C. Dunn [mailto:firstname.lastname@example.org]
Sent: Friday, July 11, 2014 5:16 PM
Subject: [chef] Re: Chef Node Access to Server via Relay Machine
Why not just set up a proxy server between the Chef server and the node
under management? Chef Client can connect to the Chef Server via a HTTP
On Fri, Jul 11, 2014 at 4:58 PM, Kapil Shardha
In the Chef requirement doc
(http://docs.opscode.com/chef_system_requirements.html) , it is
mentioned that each node and workstation must have access to the Chef
Server via HTTPS.
I have a scenario where a chef node is in an isolated network and does
not have direct connection/ access to internet. In this scenario the
Chef Server is hosted outside this network and is accessible over the
internet. The same network has another machine that can connect to the
internet. Is there a way to configure chef-client on the node to
connect to chef-server via the machine that can access internet, as a
If not, I was thinking of following configuration and before I test it
out, just want to get some input from others:
Configure static mapping of Chef-server IP-URL in Hosts file
is running Windows OS)
On the node, create a static route for Chef-server IP with
accessing machine as the Gateway.
Do you see any issues with this setup?
[ Julian C. Dunn email@example.com * Sorry, I’m ]
[ WWW: http://www.aquezada.com/staff/julian * only Web 1.0 ]
[ gopher://sdf.org/1/users/keymaker/ * compliant! ]
[ PGP: 91B3 7A9D 683C 7C16 715F 442C 6065 D533 FDC2 05B9 ]