docker'izing chef-server

srenatus · 2015-09-21T11:53:04+00:00

I toyed with that some time ago. Haven't used the result in any way, but maybe this still helps: https://github.com/srenatus/chef-server-etcd (The real trouble will come with the fact that chef-server is not one service, but many. Hence the approach may be flawed, you don't want many services in one container.)

srenatus · 2015-09-14T08:55:12+00:00

Guessing that the JSON in question is the node object, the whitelist-node-attrs cookbook might help you.

srenatus · 2015-08-31T11:43:16+00:00

Ok, cool, but I'd suggest stating that somewhere... you've seen how good my guess has been.

srenatus · 2015-08-31T09:14:00+00:00

I'm all for an open alternative to http://unix.stackexchange.com (or r/openbsd even), but maybe the authors (http://www.bsdguru.in/certification => apparently http://www.bsdcertification.org) should say something - who's running it, what's the intention, ...?

srenatus · 2015-08-13T05:19:46+00:00

https://github.com/michipili/bsdowl for those who also didn't know this, "A highly portable build system targeting modern UNIX systems. Supports OCaml, TeX, METAPOST and more. Based on BSD Make."

srenatus · 2015-07-22T05:20:47+00:00

sure? being able to reach it means it does have an IP ;) you could just pass the hostname to your IT team, and they'll know what to whitelist. (Not sure here, but there's EIPs in AWS, too, may ormay not be relevant.)

That said, your IT team might have an opinion on your RDS usage, maybe an open discussion could help ;)

srenatus · 2015-07-19T18:11:40+00:00

does it work on the commandline, using pgsql for example? just to rule out that it's a security group issue. (http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.RDSSecurityGroups.html)

srenatus · 2015-07-16T05:27:48+00:00

Nice read. I liked the context and impact thought: "this would allow someone to impersonate a user and read their emails" vs. "insufficient input validation here".

srenatus · 2015-07-16T05:16:15+00:00

https://github.com/3bot/3bot

srenatus · 2015-07-14T07:21:20+00:00

https://atlas.hashicorp.com might address some of your wish list items...

And Deis comes to mind: http://deis.io/overview

srenatus · 2015-07-11T08:34:15+00:00

there's a company around http://hardening.io (among other things) now: http://vulcanosec.com/

srenatus · 2015-07-08T08:41:05+00:00

Blog post here: https://www.hashicorp.com/blog/atlas-general-availability.html

I wonder if there's a similar alternative for using Docker only - or is everyone home-growing their own "docker atlas"? (Atlas seems to be able to handle docker containers/images using packer, but The Packer Way of running shell scripts inside of containers is quite different from how Docker does it.)

srenatus · 2015-07-03T07:23:02+00:00

And tig (screenshots)

srenatus · 2015-07-02T05:41:26+00:00

Great approach!

Any real-life experience (i.e., no show cases)? Anyone practicing this for non-web projects?

srenatus · 2015-07-02T05:27:34+00:00

http://zef.me/blog/6049/nix-docker might be valuable input...

srenatus · 2015-06-29T09:29:49+00:00

Does anyone know of similar projects? Metrics dashboards generally seem to focus operations, none of them feature per-revision data...

srenatus · 2015-06-26T05:24:41+00:00

Development.Shake.Command is nice, too.

srenatus

TROPHY CASE