Hacker News new | ask | show | jobs
by jtimberman 5359 days ago
(disclosure, I work for Opscode.)

To be clear, those dependencies are required for running your own open source chef server.

You can use chef without the server, as chef-solo, or let Opscode run it for you in the form of Opscode Hosted Chef. We do make it easy to install Chef Server through Chef Solo itself, or with our Ubuntu/Debian apt repository.
1 comments
moe 5359 days ago
I never understood what kind of person/company would trust a hosted chef.

The chef databags/cookbooks tend to contain rather sensitive information (ssh-keys, passwords). Handing all that stuff over to a third-party borders on criminal negligence to me.

link
jtimberman 5356 days ago
Cookbooks are accessible via your private key, which Opscode Hosted Chef does not have a copy.

You can choose to encrypt the contents of a data bag using a locally generated (on your hardware, nothing we control) key.

link
jethroalias97 5359 days ago
So... should nobody use ec2? Or any host for that matter? Sooner or later you're going to have to trust some third-party.
link
moe 5358 days ago
There's a difference between trusting someone with your physical hardware and handing them your credentials on a silver plate.

There's also a pretty harsh difference between the security practices at Amazon and the practices that Opscode displays in their OSS-code.

link