RE: How can I improve this cookbook?

On your security assumption - first of all, all security depends on the value of what you have to protect. If all you have on your server farm is your own G-rated vacation photos, your security needs are going to be different from if you are managing, say, health care or banking information or top-secret military info.

That said, even if you are behind a firewall, security should still be a concern. The key is defense in depth. Firewalls protect against one particular type of threat - and even then, the firewall can be misconfigured.

A firewall will not protect you against things such as:

  • Rogue software (viruses) running behind your firewall.

  • Rogue employees (insider threats are usually a bigger problem than outside hackers!)

  • Information accidentally leaked - say, somebody accidentally posting sensitive information to Facebook or a mailing list.

  • A well-meaning employee who knows just enough to be dangerous trying to help by “fixing” a chef cookbook for you.

Firewalls are great - and important - security devices. Think of it as a tool, one of many you should have in your kit. If you were to build a house, you wouldn’t just use a hammer and think you’d end up with a quality building? Security is the same.

Kevin Keane

The NetTech

Our values: Privacy, Liberty, Justice


-----Original message-----
From: Jim Fluke
Sent: Monday 16th February 2015 17:22
Subject: [chef] How can I improve this cookbook?

Ohai Chefs!

I have been working with Chef off and on for a while now, but mostly just doing experiments and training. Recently I have gotten more serious, and have written two cookbooks that install a web API and a web application that uses the API. They both work, but I would like to get some feedback on how they could be improved. To that end I have made the application cookbook public at

Let me know if you have trouble getting to it.

Note that this is all running inside our firewall, including the open source Chef server, so I don’t think we need to worry to much about security, but if you disagree let me know about that too.