Chef-Guard is a feature rich Chef add-on that protects your Chef server from untested and uncommitted (i.e. potentially dangerous) cookbooks by running several validations and checks during the cookbook upload process. In addition Chef-Guard will also monitor, audit, save and email (including a diff with the actual change) all configuration changes and is even capable of validating certain changes before passing them through to Chef.
So installing Chef-Guard onto your Chef server(s) will give you a highly configurable component that enables you to configure and enforce a common workflow for all your colleagues working with Chef.
Technically you can think of Chef-Guard as an extremely smart reverse proxy server written in Go and located/installed right in between Nginx and the Chef Server (see the Installation section for more details). This means that Chef-Guard runs completely server-side and does not require any client-side changes! This gives you the freedom to use whatever tools you like (e.g. knife, berks, the webui) to work with your Chef server and Chef-Guard will make sure all these tools follow the same workflow.
Assuming enough Chef knowledge, it shouldn't take more than 30 minutes to get you started!
- Read the Chef-Guard documentation explaining and describing what Chef-Guard is and how it works
- Assuming you already have a running Chef environment, walk through the Chef-Guard prerequisites
- Your now ready to follow the actual installation which (if you prefer) can be done using a cookbook in just a few minutes
You don't need to build Chef-Guard yourself in order to use it. Pre-built binaries, instructions and a ready to use cookbook can all be found here. If however you would like to contribute to Chef-Guard and/or just feel adventurous and want to build Chef-Guard yourself, please see the contributing documentation to get you started.
Please read the docs first!
- If you have an issue: report it on the issue tracker
- If you have a question: visit the #chef-guard channel on irc.freenode.net
Sander van Harmelen (sander@vanharmelen.nl)
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0