chef clients behind firewall
Posted
by
tec
on Server Fault
See other posts from Server Fault
or by tec
Published on 2011-06-29T16:12:07Z
Indexed on
2011/06/29
16:24 UTC
Read the original article
Hit count: 531
ssh-tunnel
|chef
I am currently learning about chef. What I understood so far:
- I have to install chef-server on an own server or use the hosted chef.
- I have to install chef-client on the servers that I want to manage aka nodes (manually or using knife bootstrap).
- I installed several chef tools on my own PC that I can use to manage the nodes, e.g. knife.
Now in my case the specialty is that the nodes are behind a firewall/load balancer/proxy. The nodes can access servers on the outside via NAT (http works and I can configure chef-specific hosts to work as well). However they can only be contacted from the outside via a ssh tunnel.
There is really much documentation about chef available but I did not find an answer to these questions:
- When using knife, is it enough when I set up a ssh tunnel manually on my own PC or does the chef server need to contact the nodes?
- When using knife, can I configure it to setup a ssh tunnel automatically?
- When using the chef server web ui can I configure it to connect to the nodes via ssh tunnel or do I need a setup where I setup the tunnel myself e.g. using monit? Is this even possible with hosted chef?
- Instead of using knife or the web ui: Can I issue the same management commands directly on the nodes using chef-client?
- What solution would you recommend?
Thanks a lot for taking your time to help and answering one or more of these related questions
© Server Fault or respective owner