Missing information in the Chef Installation Docs


#1

Hi All -

I think there are important steps missing in the installation documentation.

Following the instructions at
http://docs.opscode.com/chef/install_server.html:

At no point do the instructions mention the existence or the requirement of
logging in to the web console. This means that:

  1. The continuation of the instructions in the workstation setup (
    http://docs.opscode.com/chef/install_workstation.html) make no sense
    when it says “Organizations page” and “Account Management”
  2. If the user continues without the web interface (using "knife client
    create, etc), the admin password is never set, meaning that anyone who
    stumbles over the web interface is able to set it, AFAIK.

In Chef 10, there was a documented option to not install the web interface
at all, and there were instructions (such as “knife configure -i” IIRC) on
how to SECURELY complete the installation.

-Mike

This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are
addressed. Please note that any disclosure, copying or distribution of the
content of this information is strictly forbidden. If you have received
this email message in error, please destroy it immediately and notify its
sender.
**


#2

I agree that the documentation is not in the proper sequence.
One needs to go back and forth between pages to put the pieces together,
but the Chef v11, docs are *so much better *than v10.

This link contains details to disable the WebUI.

Chef Server Configuration

The main configuration file for the Chef Server in Chef 11 is
/etc/chef-server/chef-server.rb. It uses a Ruby DSL similar to other Chef
configuration files, /etc/chef/client.rb, ~/.chef/knife.rb, etc. We’re
working on getting all the various settings documented. For now, they’re
all defined as attributes in the
cookbookhttps://github.com/opscode/omnibus-chef/blob/master/files/chef-server-cookbooks/chef-server/attributes/default.rbused
by chef-server-ctl
reconfigure. An example will illustrate this.

In the attributes file, we control whether the WebUI is enabled:

default[‘chef_server’][‘chef-server-webui’][‘enable’] = true

To modify this in /etc/chef-server/chef-server.rb, for example to disable
it:

chef_server_webui[‘enable’] = false

Note Attributes that have a dash should have it replaced with an
underscore in the chef-server.rb config file.

-lun

On Wed, May 8, 2013 at 6:08 AM, Mike Tewner mike@scene53.com wrote:

Hi All -

I think there are important steps missing in the installation
documentation.

Following the instructions at
http://docs.opscode.com/chef/install_server.html:

At no point do the instructions mention the existence or the requirement
of logging in to the web console. This means that:

  1. The continuation of the instructions in the workstation setup (
    http://docs.opscode.com/chef/install_workstation.html) make no sense
    when it says “Organizations page” and “Account Management”
  2. If the user continues without the web interface (using "knife
    client create, etc), the admin password is never set, meaning that anyone
    who stumbles over the web interface is able to set it, AFAIK.

In Chef 10, there was a documented option to not install the web interface
at all, and there were instructions (such as “knife configure -i” IIRC) on
how to SECURELY complete the installation.

-Mike

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed. Please note that any disclosure, copying or distribution of the
content of this information is strictly forbidden. If you have received
this email message in error, please destroy it immediately and notify its
sender.
**


#3

If you didn’t do this already please open an issue at
https://github.com/opscode/chef-docs and/or a pull request. No CLA required.

  • Julian

On Thu, May 9, 2013 at 3:31 PM, Lunixer lunixer@gmail.com wrote:

I agree that the documentation is not in the proper sequence.
One needs to go back and forth between pages to put the pieces together,
but the Chef v11, docs are *so much better *than v10.

This link contains details to disable the WebUI.
http://www.opscode.com/blog/2013/03/11/chef-11-server-up-and-running/

Chef Server Configuration

The main configuration file for the Chef Server in Chef 11 is
/etc/chef-server/chef-server.rb. It uses a Ruby DSL similar to other Chef
configuration files, /etc/chef/client.rb, ~/.chef/knife.rb, etc. We’re
working on getting all the various settings documented. For now, they’re
all defined as attributes in the cookbookhttps://github.com/opscode/omnibus-chef/blob/master/files/chef-server-cookbooks/chef-server/attributes/default.rbused by chef-server-ctl
reconfigure. An example will illustrate this.

In the attributes file, we control whether the WebUI is enabled:

default[‘chef_server’][‘chef-server-webui’][‘enable’] = true

To modify this in /etc/chef-server/chef-server.rb, for example to disable
it:

chef_server_webui[‘enable’] = false

Note Attributes that have a dash should have it replaced with an
underscore in the chef-server.rb config file.

-lun

On Wed, May 8, 2013 at 6:08 AM, Mike Tewner mike@scene53.com wrote:

Hi All -

I think there are important steps missing in the installation
documentation.

Following the instructions at
http://docs.opscode.com/chef/install_server.html:

At no point do the instructions mention the existence or the requirement
of logging in to the web console. This means that:

  1. The continuation of the instructions in the workstation setup (
    http://docs.opscode.com/chef/install_workstation.html) make no sense
    when it says “Organizations page” and “Account Management”
  2. If the user continues without the web interface (using "knife
    client create, etc), the admin password is never set, meaning that anyone
    who stumbles over the web interface is able to set it, AFAIK.

In Chef 10, there was a documented option to not install the web
interface at all, and there were instructions (such as "knife configure -i"
IIRC) on how to SECURELY complete the installation.

-Mike

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed. Please note that any disclosure, copying or distribution of the
content of this information is strictly forbidden. If you have received
this email message in error, please destroy it immediately and notify its
sender.
**


[ Julian C. Dunn jdunn@aquezada.com * Sorry, I’m ]
[ WWW: http://www.aquezada.com/staff/julian * only Web 1.0 ]
[ gopher://sdf.org/1/users/keymaker/ * compliant! ]
[ PGP: 91B3 7A9D 683C 7C16 715F 442C 6065 D533 FDC2 05B9 ]