Skip to content

Chef-Guard protects your Chef server from untested and uncommitted cookbooks

License

Notifications You must be signed in to change notification settings

xanzy/chef-guard

Repository files navigation

Chef-Guard Build Status GoDoc

Chef-Guard is a feature rich Chef add-on that protects your Chef server from untested and uncommitted (i.e. potentially dangerous) cookbooks by running several validations and checks during the cookbook upload process. In addition Chef-Guard will also monitor, audit, save and email (including a diff with the actual change) all configuration changes and is even capable of validating certain changes before passing them through to Chef.

So installing Chef-Guard onto your Chef server(s) will give you a highly configurable component that enables you to configure and enforce a common workflow for all your colleagues working with Chef.

Technically you can think of Chef-Guard as an extremely smart reverse proxy server written in Go and located/installed right in between Nginx and the Chef Server (see the Installation section for more details). This means that Chef-Guard runs completely server-side and does not require any client-side changes! This gives you the freedom to use whatever tools you like (e.g. knife, berks, the webui) to work with your Chef server and Chef-Guard will make sure all these tools follow the same workflow.

Quickstart

Assuming enough Chef knowledge, it shouldn't take more than 30 minutes to get you started!

  • Read the Chef-Guard documentation explaining and describing what Chef-Guard is and how it works
  • Assuming you already have a running Chef environment, walk through the Chef-Guard prerequisites
  • Your now ready to follow the actual installation which (if you prefer) can be done using a cookbook in just a few minutes

Building

You don't need to build Chef-Guard yourself in order to use it. Pre-built binaries, instructions and a ready to use cookbook can all be found here. If however you would like to contribute to Chef-Guard and/or just feel adventurous and want to build Chef-Guard yourself, please see the contributing documentation to get you started.

Getting Help

Please read the docs first!

  • If you have an issue: report it on the issue tracker
  • If you have a question: visit the #chef-guard channel on irc.freenode.net

Author

Sander van Harmelen ([email protected])

License

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0