Securing Chef Server


#1

I’ve followed the instructions at
http://wiki.opscode.com/display/chef/Securing+Chef+Server, but have been
unable to secure my Chef server.

I do believe that a rake install from my Chef repo is working, as the
modified server.rb.erb shows up in the Web interface, under Chef
cookbooks.

When I run chef-client on the server, /etc/chef/server.rb does not
reflect the changes made in the erb file. Did I miss a step?
chef-client does not error out, and the server shows up on the status
page.

On an unrelated note, what does grant admin rights on the registrations
page do for me?

Thanks,


Matt Horan matt@matthoran.com http://matthoran.com/


#2

Matt, did you ever get this answered?

Adam

On Wed, Jul 8, 2009 at 1:11 PM, Matt Horanmatt@matthoran.com wrote:

I’ve followed the instructions at
http://wiki.opscode.com/display/chef/Securing+Chef+Server, but have been
unable to secure my Chef server.

I do believe that a rake install from my Chef repo is working, as the
modified server.rb.erb shows up in the Web interface, under Chef
cookbooks.

When I run chef-client on the server, /etc/chef/server.rb does not
reflect the changes made in the erb file. Did I miss a step?
chef-client does not error out, and the server shows up on the status
page.

On an unrelated note, what does grant admin rights on the registrations
page do for me?

Thanks,


Matt Horan matt@matthoran.com http://matthoran.com/


Opscode, Inc.
Adam Jacob, CTO
T: (206) 508-7449 E: adam@opscode.com


#3

On Mon, Jul 13, 2009 at 02:01:38PM -0700, Adam Jacob wrote:

Matt, did you ever get this answered?

Still looking for an answer to this one.

Thanks,


Matt Horan matt@matthoran.com http://matthoran.com/


#4

On Wed, Jul 8, 2009 at 2:11 PM, Matt Horanmatt@matthoran.com wrote:

When I run chef-client on the server, /etc/chef/server.rb does not
reflect the changes made in the erb file. Did I miss a step?
chef-client does not error out, and the server shows up on the status
page.

Did you either:

  1. Add the ‘chef::server’ recipe to the run_list on the chef-server node
    or
    b) Create a role and add ‘chef::server’ to the list of recipes in the
    role, and add the role to the node

On an unrelated note, what does grant admin rights on the registrations
page do for me?

This grants a client user openid administrative access to the
chef-server so you can use the API, for example from a Ruby script.


Opscode, Inc
Joshua Timberman, Senior Solutions Engineer
C: 720.878.4322 E: joshua@opscode.com


#5

On Mon, Jul 13, 2009 at 11:06:51PM -0600, Joshua Timberman wrote:

Did you either:

  1. Add the ‘chef::server’ recipe to the run_list on the chef-server node
    or

I had no chef::server recipe in the list, so I copied over the recipes
from /tmp/chef-solo. I thought I had tried that before and it didn’t
work, but it certainly worked this time. Perhaps the documentation
should be a bit clearer about this? At first, I thought that simply
creating the template in site-cookbooks was all I needed.

On an unrelated note, what does grant admin rights on the registrations
page do for me?

This grants a client user openid administrative access to the
chef-server so you can use the API, for example from a Ruby script.

Cool!

Thanks,


Matt Horan matt@matthoran.com http://matthoran.com/


#6

On Jul 14, 2009, at 1:07 PM, Matt Horan wrote:

Perhaps the documentation
should be a bit clearer about this?

It should! I opened ticket CHEF-445 about it.

http://tickets.opscode.com/browse/CHEF-445


Opscode, Inc
Joshua Timberman, Senior Solutions Engineer
C: 720.878.4322 E: joshua@opscode.com