chef firewall demo - michaelmworthington/codesamples GitHub Wiki
This page walks through the steps to set up NXRM and a Chef Docker container to test Chef Firewall using https://supermarket.chef.io/
See the community docs at https://github.com/sonatype-nexus-community/nexus-repository-chef
- Prerequisites
- Step 1. Create a new Proxy Repository in NXRM
- Step 2. Enable Firewall for the New Proxy Repo
- Step 3. Run Docker Image for the Dependency Manager
- Step 4. Set the environment to download packages from NXRM
- Step 5. Install a package
- Step 6. Browse NXRM to view it
- Step 7. View the Firewall Report
- Step 8. Test Quarantine
- Step 9. Notes
- IQ Server installed and running
- NXRM 3 installed and running and configured with the IQ Server
- Docker for Mac installed and running
Use https://supermarket.chef.io/ as the Remote URL. Accept default values for the remainder of the settings.
docker run -it --rm chef/chefdk
Then create ~/.chef/knife.rb to
knife[:supermarket_site] = 'http://host.docker.internal:8081/repository/chef-supermarket-proxy/'
knife supermarket download mysql
Observe the inbound requests to NXRM in the request.log file:
172.17.0.1 - - [13/Nov/2020:03:29:40 +0000] "GET /repository/chef-supermarket-proxy//api/v1/cookbooks/mysql HTTP/1.1" 200 - 9165 2804 "Chef Infra Client Knife/15.12.22 (ruby-2.6.6-p146; ohai-15.12.0; x86_64-linux; +https://chef.io)"
172.17.0.1 - - [13/Nov/2020:03:29:41 +0000] "GET /repository/chef-supermarket-proxy/api/v1/cookbooks/mysql/versions/8.7.4 HTTP/1.1" 200 - 1272 1251 "Chef Infra Client Knife/15.12.22 (ruby-2.6.6-p146; ohai-15.12.0; x86_64-linux; +https://chef.io)"
172.17.0.1 - - [13/Nov/2020:03:29:43 +0000] "GET /repository/chef-supermarket-proxy/api/v1/cookbooks/mysql/versions/8.7.4/download HTTP/1.1" 200 - 25121 1560 "Chef Infra Client Knife/15.12.22 (ruby-2.6.6-p146; ohai-15.12.0; x86_64-linux; +https://chef.io)"
Repo List
IQ Server Report
| Not Supported |
|---|
| Not Supported |
|---|