diff --git a/.expeditor/buildkite/hugo_lint.sh b/.expeditor/buildkite/hugo_lint.sh index 394a6eab75..0365368c1b 100755 --- a/.expeditor/buildkite/hugo_lint.sh +++ b/.expeditor/buildkite/hugo_lint.sh @@ -2,18 +2,17 @@ set -euo pipefail -LINT_STATUS="$(grep -r -I --color=auto -o --with-filename -n -P '[^\x00-\x7F]' ./content | grep -v '[✓]' &> /dev/null ; echo $?)" +LINT_STATUS="$(grep -r -I --color=auto -o --with-filename -n -P '[^\x00-\x7F]' ./content | grep -v '[✓|├|─|│|└]' &> /dev/null ; echo $?)" if [ "$LINT_STATUS" == 1 ]; then echo "Success!" exit 0 else echo "Failure!" - grep -r -I --color=auto -o --with-filename -n -P '[^\x00-\x7F]' ./content | grep -v '[✓]' + grep -r -I --color=auto -o --with-filename -n -P '[^\x00-\x7F]' ./content | grep -v '[✓|├|─|│|└]' if [ "$LINT_STATUS" == 0 ]; then exit 1 else exit "$LINT_STATUS" fi fi - diff --git a/_vendor/github.com/chef/automate/components/docs-chef-io/content/automate/ha_aws_deployment_prerequisites.md b/_vendor/github.com/chef/automate/components/docs-chef-io/content/automate/ha_aws_deployment_prerequisites.md index 8cee7735b9..24bac4b456 100644 --- a/_vendor/github.com/chef/automate/components/docs-chef-io/content/automate/ha_aws_deployment_prerequisites.md +++ b/_vendor/github.com/chef/automate/components/docs-chef-io/content/automate/ha_aws_deployment_prerequisites.md @@ -46,11 +46,12 @@ The operating system and the supported version for different nodes in AWS deploy | Operating Systems | Supported Version | |:-------------------------------------|:----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| Red Hat Enterprise Linux (64 Bit OS) | 7, 8. For 8 or above versions, the **SELinux** configuration must be permissive. The **SELinux** configuration is enforced in RHEL 8. Red Hat Enterprise Linux derivatives include Amazon Linux v1 (using RHEL 6 packages) and v2 (using RHEL 7packages). | +| Red Hat Enterprise Linux (64 Bit OS) | 7, 8, 9. For 8 or above versions, the **SELinux** configuration must be permissive. The **SELinux** configuration is enforced in RHEL 8 and 9. Red Hat Enterprise Linux derivatives include Amazon Linux v1 (using RHEL 6 packages) and v2 (using RHEL 7packages). | | Ubuntu (64 Bit OS) | 16.04.x, 18.04.x, 20.04.x | | Centos (64 Bit OS) | 7 | | Amazon Linux 2 (64 Bit OS) | 2 (kernel 5.10) | | SUSE Linux Enterprise Server | 12.5 | +| Oracle Linux | 9 | Please provide AMI Id as per above list of supported operating systems. diff --git a/_vendor/github.com/chef/automate/components/docs-chef-io/content/automate/ha_backup_restore_aws_efs.md b/_vendor/github.com/chef/automate/components/docs-chef-io/content/automate/ha_backup_restore_aws_efs.md index 3b21482d49..f60a8a1fb5 100644 --- a/_vendor/github.com/chef/automate/components/docs-chef-io/content/automate/ha_backup_restore_aws_efs.md +++ b/_vendor/github.com/chef/automate/components/docs-chef-io/content/automate/ha_backup_restore_aws_efs.md @@ -127,7 +127,7 @@ To restore backed-up data of the Chef Automate High Availability (HA) using Exte {{< note >}} - If you are restoring the backup from an older version, then you need to provide the `--airgap-bundle `. - +- Large Compliance Report is not supported in Automate HA {{< /note >}} ## Troubleshooting diff --git a/_vendor/github.com/chef/automate/components/docs-chef-io/content/automate/ha_backup_restore_aws_s3.md b/_vendor/github.com/chef/automate/components/docs-chef-io/content/automate/ha_backup_restore_aws_s3.md index c5a07e1f08..5f459aa39a 100644 --- a/_vendor/github.com/chef/automate/components/docs-chef-io/content/automate/ha_backup_restore_aws_s3.md +++ b/_vendor/github.com/chef/automate/components/docs-chef-io/content/automate/ha_backup_restore_aws_s3.md @@ -154,7 +154,7 @@ To restore backed-up data of the Chef Automate High Availability (HA) using Exte - If you are restoring the backup from an older version, then you need to provide the `--airgap-bundle `. - If you have not configured S3 access and secret keys during deployment or if you have taken backup on a different bucket, then you need to provide the `--s3-access-key ` and `--s3-secret-key ` flags. - +- Large Compliance Report is not supported in Automate HA {{< /note >}} #### Troubleshooting diff --git a/_vendor/github.com/chef/automate/components/docs-chef-io/content/automate/ha_backup_restore_file_system.md b/_vendor/github.com/chef/automate/components/docs-chef-io/content/automate/ha_backup_restore_file_system.md index e899948f38..9b7efe7750 100644 --- a/_vendor/github.com/chef/automate/components/docs-chef-io/content/automate/ha_backup_restore_file_system.md +++ b/_vendor/github.com/chef/automate/components/docs-chef-io/content/automate/ha_backup_restore_file_system.md @@ -36,7 +36,8 @@ A shared file system is always required to create **OpenSearch** snapshots. To r {{< note >}} - `/mnt/automate_backups` is the default value for the `backup_mount`, which is also used in this document page as reference backup path. - +- While using `file_system` as backup type, the `uid` of `hab` user should be same across all **the remote nodes**. The same will be verified during `verify` check before deployment +- Do not `modify`/`delete` any file manually inside the `backup_mount` directory {{< /note >}} Apply the following steps on **all of the OpenSearch server** node @@ -137,7 +138,7 @@ To restore backed-up data of the Chef Automate High Availability (HA) using Exte {{< note >}} - If you are restoring the backup from an older version, then you need to provide the `--airgap-bundle `. - +- Large Compliance Report is not supported in Automate HA {{< /note >}} #### Troubleshooting diff --git a/_vendor/github.com/chef/automate/components/docs-chef-io/content/automate/ha_backup_restore_object_storage.md b/_vendor/github.com/chef/automate/components/docs-chef-io/content/automate/ha_backup_restore_object_storage.md index 21f068f23a..71ee213ff1 100644 --- a/_vendor/github.com/chef/automate/components/docs-chef-io/content/automate/ha_backup_restore_object_storage.md +++ b/_vendor/github.com/chef/automate/components/docs-chef-io/content/automate/ha_backup_restore_object_storage.md @@ -330,6 +330,12 @@ Restore a backup from external object storage. chef-automate backup restore /BACKUPS/BACKUP_ID --skip-preflight --airgap-bundle ``` +{{< note >}} + +- If you are restoring the backup from an older version, then you need to provide the `--airgap-bundle `. +- Large Compliance Report is not supported in Automate HA +{{< /note >}} + #### Troubleshooting {{< readfile file = "content/automate/reusable/md/restore_troubleshooting.md" >}} diff --git a/_vendor/github.com/chef/automate/components/docs-chef-io/content/automate/ha_cert_rotation.md b/_vendor/github.com/chef/automate/components/docs-chef-io/content/automate/ha_cert_rotation.md index 42a56844fa..b345b7bdde 100644 --- a/_vendor/github.com/chef/automate/components/docs-chef-io/content/automate/ha_cert_rotation.md +++ b/_vendor/github.com/chef/automate/components/docs-chef-io/content/automate/ha_cert_rotation.md @@ -35,6 +35,84 @@ The certificate rotation is also required when the key for a node, client, or CA {{< /note >}} +### Rotate Cluster Certificates +If you want to rotate certificates of the entire cluster using single command, then you can follow the below commands: + +To rotate certificates of entire cluster using single command, we need a certificate template. +- To generate certificate template use below command +``` + chef-automate cert-rotate generate-certificate-config certificate-config.toml +``` + +now we can find our certificate template in `certificate-config.toml` file, please edit the file and put required certificate paths + +- To rotate the certificates use below command + +```bash + chef-automate cert-rotate --certificate-config certificate-config.toml +``` + +You can also use `--cc` instead of `--certificate-config` as a sort form. + + +#### Sample Certificate template + + ```toml + [automate] + root_ca = "full path of root-ca.pem" + + [[automate.ips]] + ip = "10.1.0.130" + public_key = "full path of automate1.pem" + private_key = "full path of automate1-key.pem" + + [chef_server] + root_ca = "full path of root-ca.pem" + + [[chef_server.ips]] + ip = "10.1.0.16" + public_key = "full path of cs1.pem" + private_key = "full path of cs1-key.pem" + + [postgresql] + root_ca = "full path of root-ca.pem" + + [[postgresql.ips]] + ip = "10.1.0.141" + public_key = "full path of pg1.pem" + private_key = "full path of pg1-key.pem" + + [[postgresql.ips]] + ip = "10.1.1.190" + public_key = "full path of pg2.pem" + private_key = "full path of pg2-key.pem" + + [[postgresql.ips]] + ip = "10.1.2.130" + public_key = "full path of pg3.pem" + private_key = "full path of pg3-key.pem" + + [opensearch] + root_ca = "full path of root-ca.pem" + admin_public_key = "full path of os-admin.pem" + admin_private_key = "full path of os-admin-key.pem" + [[opensearch.ips]] + ip = "10.1.0.176" + public_key = "full path of os1.pem" + private_key = "full path of os1-key.pem" + + [[opensearch.ips]] + ip = "10.1.1.125" + public_key = "full path of os2.pem" + private_key = "full path of os2-key.pem" + + [[opensearch.ips]] + ip = "10.1.2.247" + public_key = "full path of os3.pem" + private_key = "full path of os3-key.pem" + ``` + + ### Rotate Certificates of each service If you want to rotate certificates of the entire cluster, then you can follow the below commands: diff --git a/_vendor/github.com/chef/automate/components/docs-chef-io/content/automate/ha_chef_backend_to_automate_ha.md b/_vendor/github.com/chef/automate/components/docs-chef-io/content/automate/ha_chef_backend_to_automate_ha.md index 517624aa74..042e1e3233 100644 --- a/_vendor/github.com/chef/automate/components/docs-chef-io/content/automate/ha_chef_backend_to_automate_ha.md +++ b/_vendor/github.com/chef/automate/components/docs-chef-io/content/automate/ha_chef_backend_to_automate_ha.md @@ -309,7 +309,8 @@ Bootstrap the nodes to update the `chef_server_url` using the following steps: ## Use Automate HA for Chef-Backend User -Download and Install the [Chef Workstation](https://www.chef.io/downloads/tools/workstation) from the Bastion machine or local machine install chef-workstation. You can refer to the [Workstation page](https://docs.chef.io/workstation/getting_started/#set-up-your-chef-repo) to set up your Workstation. +Download and install [Chef Workstation](https://www.chef.io/downloads) from the bastion host or local machine. +To set up Chef Workstation, see the [Workstation Set Up documentation](https://docs.chef.io/workstation/getting_started/#set-up-your-chef-repo). ## Use Existing Private Supermarket with Automate HA diff --git a/_vendor/github.com/chef/automate/components/docs-chef-io/content/automate/ha_on_premises_deployment_prerequisites.md b/_vendor/github.com/chef/automate/components/docs-chef-io/content/automate/ha_on_premises_deployment_prerequisites.md index c54d3a3821..d6aa863228 100644 --- a/_vendor/github.com/chef/automate/components/docs-chef-io/content/automate/ha_on_premises_deployment_prerequisites.md +++ b/_vendor/github.com/chef/automate/components/docs-chef-io/content/automate/ha_on_premises_deployment_prerequisites.md @@ -54,11 +54,12 @@ The operating system and the supported version for different nodes in the on-pre | Operating Systems | Supported Version | | :-------------------------------------- | :----------------------- | -| Red Hat Enterprise Linux (64 Bit OS) | 7, 8. For 8 or above versions, the **SELinux** configuration must be permissive. The **SELinux** configuration is enforced in RHEL 8. Red Hat Enterprise Linux derivatives include Amazon Linux v1 (using RHEL 6 packages) and v2 (using RHEL 7packages). | +| Red Hat Enterprise Linux (64 Bit OS) | 7, 8, 9 . For 8 or above versions, the **SELinux** configuration must be permissive. The **SELinux** configuration is enforced in RHEL 8 and 9. Red Hat Enterprise Linux derivatives include Amazon Linux v1 (using RHEL 6 packages) and v2 (using RHEL 7packages). | | Ubuntu (64 Bit OS) | 16.04.x, 18.04.x, 20.04.x | | Centos (64 Bit OS) | 7 | | Amazon Linux 2 (64 Bit OS) | 2 (kernel 5.10) | | SUSE Linux Enterprise Server | 12.5 | +| Oracle Linux | 9 | ### Minimum Supported Chef Tool Versions diff --git a/_vendor/github.com/chef/automate/components/docs-chef-io/content/automate/reusable/md/restore_troubleshooting.md b/_vendor/github.com/chef/automate/components/docs-chef-io/content/automate/reusable/md/restore_troubleshooting.md index e531cca3a1..04be0e7450 100644 --- a/_vendor/github.com/chef/automate/components/docs-chef-io/content/automate/reusable/md/restore_troubleshooting.md +++ b/_vendor/github.com/chef/automate/components/docs-chef-io/content/automate/reusable/md/restore_troubleshooting.md @@ -19,3 +19,173 @@ Try these steps if Chef Automate returns an error while restoring data. ``` Now check the status of the Automate node and then try running the restore command from the bastion host. + +1. How to change the `base_path` or `path`. The steps for the File System backup are as shown below: + - While at the time of deployment `backup_mount` default value will be `/mnt/automate_backups` + - In case, if you modify the `backup_mount` in `config.toml` before deployment, then the deployment process will do the configuration with the updated value + - In case, you changed the `backup_mount` value post-deployment, then we need to patch the configuration manually to all the frontend and backend nodes, for example, if you change the `backup_mount` to `/bkp/backps` + - Update the FE nodes with the below template, use the command `chef-automate config patch fe.toml --fe` + + ```sh + [global.v1.backups] + [global.v1.backups.filesystem] + path = "/bkp/backps" + [global.v1.external.opensearch.backup] + [global.v1.external.opensearch.backup.fs] + path = "/bkp/backps" + ``` + + - Update the OpenSearch node with the below template, use the command `chef-automate config patch os.toml --os` + + ```sh + [path] + repo = "/bkp/backps" + ``` + + - Run the curl request to one of the automate frontend node + + ```sh + curl localhost:10144/_snapshot?pretty + ``` + + - If the response is empty `{}`, then we are good + + - If the response has json output, then it should have correct value for the `backup_mount`, refer the `location` value in the response. It should start with the `/bkp/backps` + + ```sh + { + "chef-automate-es6-event-feed-service" : { + "type" : "fs", + "settings" : { + "location" : "/mnt/automate_backups/opensearch/automate-elasticsearch-data/chef-automate-es6-event-feed-service" + } + }, + "chef-automate-es6-compliance-service" : { + "type" : "fs", + "settings" : { + "location" : "/mnt/automate_backups/opensearch/automate-elasticsearch-data/chef-automate-es6-compliance-service" + } + }, + "chef-automate-es6-ingest-service" : { + "type" : "fs", + "settings" : { + "location" : "/mnt/automate_backups/opensearch/automate-elasticsearch-data/chef-automate-es6-ingest-service" + } + }, + "chef-automate-es6-automate-cs-oc-erchef" : { + "type" : "fs", + "settings" : { + "location" : "/mnt/automate_backups/opensearch/automate-elasticsearch-data/chef-automate-es6-automate-cs-oc-erchef" + } + } + } + ``` + + - If the pre string in the `location` is not match with `backup_mount`, then we need to to delete the existing snapshots. use below script to delete the snapshot from the one of the automate frontend node. + + ```sh + snapshot=$(curl -XGET http://localhost:10144/_snapshot?pretty | jq 'keys[]') + for name in $snapshot;do + key=$(echo $name | tr -d '"') + curl -XDELETE localhost:10144/_snapshot/$key?pretty + done + ``` + + - The above scritp requires the `jq` needs to be installed, You can install from the airgap bundle, please use command on the one of the automate frontend node to locate the `jq` package. + + ```sh + ls -ltrh /hab/cache/artifacts/ | grep jq + + -rw-r--r--. 1 ec2-user ec2-user 730K Dec 8 08:53 core-jq-static-1.6-20220312062012-x86_64-linux.hart + -rw-r--r--. 1 ec2-user ec2-user 730K Dec 8 08:55 core-jq-static-1.6-20190703002933-x86_64-linux.hart + ``` + + - In case of multiple `jq` version, then install the latest one. use the below command to install the `jq` package to the automate frontend node + + ```sh + hab pkg install /hab/cache/artifacts/core-jq-static-1.6-20190703002933-x86_64-linux.hart -bf + ``` + +1. Below steps for object storage as a backup option + + - While at the time of deployment `backup_config` will be `object_storage` + - To use the `object_storage`, we are using below template at the time of deployment + + ```sh + [object_storage.config] + google_service_account_file = "" + location = "" + bucket_name = "" + access_key = "" + secret_key = "" + endpoint = "" + region = "" + ``` + + - If you configured pre deployment, then we are good + - If you want to change the `bucket` or `base_path`, then use the below template for Frontend nodes + + ```sh + [global.v1] + [global.v1.external.opensearch.backup.s3] + bucket = "" + base_path = "opensearch" + [global.v1.backups.s3.bucket] + name = "" + base_path = "automate" + ``` + + - You can choose any value for the variable `base_path`. `base_path` patch is only required for the frontend node. + - Use the command to apply the above template `chef-automate config patch frontend.toml --fe` + - Post the configuration patch, and use the curl request to validate + + ```sh + curl localhost:10144/_snapshot?pretty + ``` + + - If the response is empty `{}`, then we are good + + - If the response has JSON output, then it should have the correct value for the `base_path` + + ```sh + { + "chef-automate-es6-event-feed-service" : { + "type" : "s3", + "settings" : { + "bucket" : "MY-BUCKET", + "base_path" : "opensearch/automate-elasticsearch-data/chef-automate-es6-event-feed-service", + "readonly" : "false", + "compress" : "false" + } + }, + "chef-automate-es6-compliance-service" : { + "type" : "s3", + "settings" : { + "bucket" : "MY-BUCKET", + "base_path" : "opensearch/automate-elasticsearch-data/chef-automate-es6-compliance-service", + "readonly" : "false", + "compress" : "false" + } + }, + "chef-automate-es6-ingest-service" : { + "type" : "s3", + "settings" : { + "bucket" : "MY-BUCKET", + "base_path" : "opensearch/automate-elasticsearch-data/chef-automate-es6-ingest-service", + "readonly" : "false", + "compress" : "false" + } + }, + "chef-automate-es6-automate-cs-oc-erchef" : { + "type" : "s3", + "settings" : { + "bucket" : "MY-BUCKET", + "base_path" : "opensearch/automate-elasticsearch-data/chef-automate-es6-automate-cs-oc-erchef", + "readonly" : "false", + "compress" : "false" + } + } + } + ``` + + - In case of `base_path` value is not matching, then we have to delete the existing `snapshot`. please refer to the steps from the file system \ No newline at end of file diff --git a/_vendor/github.com/chef/automate/components/docs-chef-io/data/automate/cli_chef_automate/commands/chef-automate_cert-rotate.yaml b/_vendor/github.com/chef/automate/components/docs-chef-io/data/automate/cli_chef_automate/commands/chef-automate_cert-rotate.yaml index 8e3d9d33a6..d637e0f673 100644 --- a/_vendor/github.com/chef/automate/components/docs-chef-io/data/automate/cli_chef_automate/commands/chef-automate_cert-rotate.yaml +++ b/_vendor/github.com/chef/automate/components/docs-chef-io/data/automate/cli_chef_automate/commands/chef-automate_cert-rotate.yaml @@ -15,6 +15,10 @@ options: shorthand: a default_value: "false" usage: Automate Certificate Rotation +- name: cc + usage: Cluster certificate file +- name: certificate-config + usage: Cluster certificate file - name: chef_server shorthand: c default_value: "false" @@ -64,5 +68,6 @@ inherited_options: usage: Write command result as JSON to PATH see_also: - chef-automate - Chef Automate CLI +- 'generate-certificate-config - Chef Automate generate certificate config ' compatible_with: AutomateHA supported_on: Bastion diff --git a/_vendor/github.com/chef/automate/components/docs-chef-io/data/automate/cli_chef_automate/commands/chef-automate_cert-rotate_generate-certificate-config.yaml b/_vendor/github.com/chef/automate/components/docs-chef-io/data/automate/cli_chef_automate/commands/chef-automate_cert-rotate_generate-certificate-config.yaml new file mode 100644 index 0000000000..dc78266227 --- /dev/null +++ b/_vendor/github.com/chef/automate/components/docs-chef-io/data/automate/cli_chef_automate/commands/chef-automate_cert-rotate_generate-certificate-config.yaml @@ -0,0 +1,73 @@ +name: chef-automate cert-rotate generate-certificate-config +synopsis: 'Chef Automate generate certificate config ' +usage: | + chef-automate cert-rotate generate-certificate-config [flags] +description: | + Chef Automate CLI command to generate certificates config, this command should always be executed from AutomateHA Bastion Node +options: +- name: help + shorthand: h + default_value: "false" + usage: help for generate-certificate-config +inherited_options: +- name: a2 + default_value: "false" + usage: Automate Certificate Rotation +- name: admin-cert + usage: Admin certificate +- name: admin-key + usage: Admin Private certificate +- name: automate + shorthand: a + default_value: "false" + usage: Automate Certificate Rotation +- name: cc + usage: Cluster certificate file +- name: certificate-config + usage: Cluster certificate file +- name: chef_server + shorthand: c + default_value: "false" + usage: Chef Infra Server Certificate Rotation +- name: cs + default_value: "false" + usage: Chef Infra Server Certificate Rotation +- name: debug + shorthand: d + default_value: "false" + usage: Enable debug output +- name: no-check-version + default_value: "false" + usage: Disable version check +- name: node + usage: Node Ip address +- name: opensearch + shorthand: o + default_value: "false" + usage: OS Certificate Rotation +- name: os + default_value: "false" + usage: OS Certificate Rotation +- name: pg + default_value: "false" + usage: Postgres Certificate Rotation +- name: postgresql + shorthand: p + default_value: "false" + usage: Postgres Certificate Rotation +- name: private-cert + usage: Private certificate +- name: public-cert + usage: Public certificate +- name: result-json + usage: Write command result as JSON to PATH +- name: root-ca + usage: RootCA certificate +- name: wait-timeout + default_value: "600" + usage: | + This flag sets the operation timeout duration (in seconds) for each individual node during the certificate rotation process +see_also: +- chef-automate cert-rotate - Chef Automate rotate cert +compatible_with: AutomateHA +supported_on: Bastion diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/config.toml b/_vendor/github.com/chef/chef-server/docs-chef-io/config.toml index 8dc668da56..e1bfa7908b 100644 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/config.toml +++ b/_vendor/github.com/chef/chef-server/docs-chef-io/config.toml @@ -1,4 +1,2 @@ [params.chef-server] -versions = ["13_2", "14"] gh_path = "https://github.com/chef/chef-server/blob/main/docs-chef-io/content/" -vendor_content_path = "_vendor/github.com/chef/chef-server/docs-chef-io/content/" diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/config_rb_server.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/config_rb_server.md index 12626c5c25..474a679ac4 100644 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/config_rb_server.md +++ b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/config_rb_server.md @@ -1,11 +1,8 @@ +++ title = "chef-server.rb Settings" draft = false - gh_repo = "chef-server" -version_docs_product = "chef-server" - aliases = ["/config_rb_server.html", "/config_rb_server_14/", "/config_rb_server/"] [menu] @@ -15,3 +12,358 @@ aliases = ["/config_rb_server.html", "/config_rb_server_14/", "/config_rb_server parent = "server/configure" weight = 10 +++ + +{{< readfile file="content/server/reusable/md/config_rb_server_summary.md" >}} + +## Use Conditions + +Use a `case` statement to apply different values based on whether the setting exists on the front-end or back-end servers. +Add code to the server configuration file similar to the following: + +```ruby +role_name = ChefServer['servers'][node['fqdn']]['role'] +case role_name +when 'backend' + # backend-specific configuration here +when 'frontend' + # frontend-specific configuration here +end +``` + +## Recommended Settings + +The following settings are typically added to the server configuration +file (no equal sign is necessary to set the value): + +`api_fqdn` + +: The FQDN for the Chef Infra Server. This setting is not in the + server configuration file by default. When added, its value should + be equal to the FQDN for the service URI used by the Chef Infra + Server. FQDNs must always be in lowercase. + For example: `api_fqdn "chef.example.com"`. + +`bootstrap` + +: Default value: `true`. + +`ip_version` + +: Use to set the IP version: `"ipv4"` or `"ipv6"`. When set to + `"ipv6"`, the API listens on IPv6 and front end and back end + services communicate via IPv6 when a high availability configuration + is used. When configuring for IPv6 in a high availability + configuration, be sure to set the netmask on the IPv6 `backend_vip` + attribute. + + Default value: `"ipv4"`. + +`notification_email` + +: Default value: `info@example.com`. + +### NGINX SSL Protocols + +{{< readfile file="content/server/reusable/md/server_tuning_nginx.md" >}} + +## Optional Settings + +The following settings are often used for performance tuning of the Chef +Infra Server in larger installations. + +{{< note >}} + +{{< readfile file="content/server/reusable/md/notes_config_rb_server_must_reconfigure.md" >}} + +{{< /note >}} + +{{< note >}} + +Review the full list of [optional settings]({{< relref "/server/config_rb_server_optional_settings" >}}) that can be added to the `chef-server.rb` file. +Many of these optional settings should not be added without first consulting with Chef support. + +{{< /note >}} + +### bookshelf + +The following setting is often modified from the default as part of the +tuning effort for the **bookshelf** service: + +`bookshelf['vip']` + +: The virtual IP address. + + Default value: `node['fqdn']`. + + +{{< warning >}} + +{{< readfile file="content/server/reusable/md/notes_server_aws_cookbook_storage.md" >}} + +{{< /warning >}} + +### opscode-account + +The following setting is often modified from the default as part of the +tuning effort for the **opscode-account** service: + +`opscode_account['worker_processes']` + +: The number of allowed worker processes. This value should be + increased if requests made to the **opscode-account** service are + timing out, but only if the front-end machines have available CPU + and RAM. + + Default value: `4`. + +### opscode-erchef + +The following settings are often modified from the default as part of +the tuning effort for the **opscode-erchef** service: + +`opscode_erchef['db_pool_size']` + +: The number of open connections to PostgreSQL that are maintained by + the service. If failures indicate that the **opscode-erchef** + service ran out of connections, try increasing the + `postgresql['max_connections']` setting. If failures persist, then + increase this value (in small increments) and also increase the + value for `postgresql['max_connections']`. + + Default value: `20`. + +`opscode_erchef['s3_url_ttl']` + +: The amount of time (in seconds) before connections to the server + expire. If Chef Infra Client runs are timing out, increase this + setting to `3600`, and then adjust again if necessary. + + Default value: `900`. + +`opscode_erchef['strict_search_result_acls']` + +: {{< readfile file="content/server/reusable/md/settings_strict_search_result_acls.md" >}} + +#### Data Collector + +The following settings are often modified from the default as part of +the tuning effort for the **data_collector** **opscode-erchef** +application: + +`data_collector['http_max_count']` + +: The maximum worker count for the HTTP connection pool that is used + by the data collector. If failures indicate that **opscode-erchef** + application has run out of HTTP connections for the + **data_collector** then increase this value. + + Default value: `100`. + +### opscode-expander + +The following setting is often modified from the default as part of the +tuning effort for the **opscode-expander** service: + +`opscode_expander['nodes']` + +: **Setting EOL in Chef Infra Server 14.** + + The number of allowed worker processes. The **opscode-expander** + service runs on the back-end and feeds data to the **opscode-solr** + service, which creates and maintains search data used by the Chef + Infra Server. Additional memory may be required by these worker + processes depending on the frequency and volume of Chef Infra Client + runs across the organization, but only if the back-end machines have + available CPU and RAM. + + Default value: `2`. + +### opscode-solr4 + +The following sections describe ways of tuning the **opscode-solr4** +service to improve performance around large node sizes, available +memory, and update frequencies. + +#### Available Memory + +Use the following configuration setting to help ensure that Apache Solr +does not run out of memory: + +`opscode_solr4['heap_size']` + +: **Setting EOL in Chef Infra Server 14.** + + The amount of memory (in MBs) available to Apache Solr. If there is + not enough memory available, search queries made by nodes to Apache + Solr may fail. The amount of memory that must be available also + depends on the number of nodes in the organization, the frequency of + search queries, and other characteristics that are unique to each + organization. In general, as the number of nodes increases, so does + the amount of memory. + + If Apache Solr is running out of memory, the + `/var/log/opscode/opscode-solr4/current` log file will contain a message + similar to: + + ```bash + SEVERE: java.lang.OutOfMemoryError: Java heap space + ``` + + The default value for `opscode_solr4['heap_size']` should work for many + organizations, especially those with fewer than 25 nodes. For + organizations with more than 25 nodes, set this value to 25% of system + memory or `1024`, whichever is smaller. For very large configurations, + increase this value to 25% of system memory or `4096`, whichever is + smaller. This value should not exceed `8192`. + + +#### Large Node Sizes + +The maximum field length setting for Apache Solr should be greater than +any expected node object file sizes in order for them to be successfully +added to the search index. If a node object file is greater than the +maximum field length, the node object will be indexed up to the maximum, +but the part of the file past that limit will not be indexed. If this +occurs, it will seem as if nodes disappear from the search index. + +To ensure that large node file sizes are indexed properly, verify the +`nginx['client_max_body_size']` and `opscode_erchef['max_request_size']` settings. + +To ensure that `nginx['client_max_body_size']` and `opscode_erchef['max_request_size']` are not part of the reasons for incomplete indexing, +set `opscode_solr4['max_field_length']` setting so that its value is greater than the expected node file sizes. + +`nginx['client_max_body_size']` + +: **Setting EOL in Chef Infra Server 14.** + + The maximum accepted body size for a client request, as indicated by + the `Content-Length` request header. When the maximum accepted body + size is greater than this value, a `413 Request Entity Too Large` + error is returned. + + Default value: `250m`. + +`opscode_erchef['max_request_size']` + +: **Setting EOL in Chef Infra Server 14.** + + When the request body size is greater than this value, a `413 Request Entity Too Large` error is returned. + + Default value: `2000000`. + +`opscode_solr4['max_field_length']` + +: **Setting EOL in Chef Infra Server 14.** + + The maximum field length (in number of tokens/terms). If a field + length exceeds this value, Apache Solr may not be able to complete + building the index. Default value: `100000` (increased from the + Apache Solr default value of `10000`). + + Use the `wc` command to get the byte count of a large node object file. + For example: + + ```bash + wc -c NODE_NAME.json + ``` + + and then ensure there is a buffer beyond that value. For example, verify + the size of the largest node object file: + + ```bash + wc -c nodebsp2016.json + ``` + + which returns `154516`. Update the `opscode_solr4['max_field_length']` + setting to have a value greater than the returned value. For example: + `180000`. + + If you don't have a node object file available then you can get an + approximate size of the node data by running the following command on a + node. + + ```bash + ohai | wc -c + ``` + +#### Update Frequency + +At the end of every Chef Infra Client run, the node object is saved to +the Chef Infra Server. From the Chef Infra Server, each node object is +then added to the `SOLR` search index. This process is asynchronous. By +default, node objects are committed to the search index every 60 seconds +or per 1000 node objects, whichever occurs first. + +When data is committed to the Apache Solr index, all incoming updates +are blocked. If the duration between updates is too short, it is +possible for the rate at which updates are asked to occur to be faster +than the rate at which objects can be actually committed. + +Use the `opscode_solr4['commit_interval']` and `opscode_solr4['max_commit_docs']` settings to improve the indexing +performance of node objects: + +`opscode_solr4['commit_interval']` + +: **Setting EOL in Chef Infra Server 14.** + + The frequency (in seconds) at which node objects are added to the + Apache Solr search index. + + Default value: `60000` (every 60 seconds). + +`opscode_solr4['max_commit_docs']` + +: **Setting EOL in Chef Infra Server 14.** + + The frequency (in documents) at which node objects are added to the + Apache Solr search index. + + Default value: `1000` (every 1000 documents). + +### postgresql + +The following setting is often modified from the default as part of the tuning effort for the **postgresql** service: + +`postgresql['max_connections']` + +: The maximum number of allowed concurrent connections. This value should only be tuned when the `opscode_erchef['db_pool_size']` value used by the **opscode-erchef** service is modified. Default value: `350`. + If there are more than two front end machines in a cluster, the + `postgresql['max_connections']` setting should be increased. The + increased value depends on the number of machines in the front end, + but also the number of services that are running on each of these + machines. + + - Each front end machine always runs the **oc_bifrost** and + **opscode-erchef** services. + - The Reporting add-on adds the **reporting** service. + + Each of these services requires 25 connections, above the default + value. + + Use the following formula to help determine what the increased value + should be: + + ```ruby + new_value = current_value + [ + (# of front end machines - 2) * (25 * # of services) + ] + ``` + + For example, if the current value is 350, there are four front end + machines, and all add-ons are installed, then the formula looks + like: + + ```ruby + 550 = 350 + [(4 - 2) * (25 * 4)] + ``` + +`postgresql['sslmode']` + +: SSL encryption mode between the Chef Infra Server and PostgreSQL. + + Possible values: + + - `'disable'` + - `'require'` + + Default value: `'disable'`. diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/config_rb_server_optional_settings.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/config_rb_server_optional_settings.md index dcd4c74b2b..fa1370287e 100644 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/config_rb_server_optional_settings.md +++ b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/config_rb_server_optional_settings.md @@ -1,13 +1,8 @@ +++ title = "chef-server.rb Optional Settings" draft = false - gh_repo = "chef-server" -aliases = ["/config_rb_server_optional_settings.html", "/config_rb_server_optional_settings_14/", "/config_rb_optional_settings/", "/config_rb_server_optional_settings/"] - -version_docs_product = "chef-server" - [menu] [menu.server] title = "Chef Infra Server Optional Settings" @@ -15,3 +10,3262 @@ version_docs_product = "chef-server" parent = "server/configure" weight = 20 +++ + +{{< readfile file="content/server/reusable/md/config_rb_server_summary.md" >}} + +## Settings + +The following sections describe the various settings that are available +in the chef-server.rb file. + +{{< note >}} +{{< readfile file="content/server/reusable/md/notes_config_rb_server_must_reconfigure.md" >}} +{{< /note >}} + +### General + +This configuration file has the following general settings: + +`addons['install']` + +: Default value: `false`. + +`addons['path']` + +: Default value: `nil`. + +`addons['packages']` + +: Default value: `%w{chef-manage}` + +`api_version` + +: The version of the Chef Infra Server. + + Default value: `'12.0.0'`. + +`default_orgname` + +: The `ORG_NAME` part of the `/organizations` endpoint in Chef Infra + Server. + +`flavor` + +: Default value: `'cs'`. + + Setting new in Chef Infra Server 14. + +`fips` + +: Set to `true` to run the server in FIPS compliance mode. Set to + `false` to force the server to run without FIPS compliance mode. + + Default value: The value in the kernel configuration. + + {{< note >}} + + Chef Infra Server versions earlier than 14.5 configured with `nginx['enable_non_ssl'] = false` and `fips = true` require `export CSC_LB_URL=https://127.0.0.1` to run the command `chef-server-ctl reindex ` + + {{< /note >}} + +`insecure_addon_compat` + +: Set to `true` to keep Chef Infra Server compatible with older add-on + versions by rendering secrets and credentials to + `/etc/opscode/chef-server-running.json` and other files in + `/etc/opscode/`. When set to `false`, secrets are **only** written + to `/etc/opscode/private-chef-secrets.json` and **not** to any other + files. + + Default value: `true`. + + See [Add-on Compatibility]({{< relref "/server/server_security#add-on-compatibility" >}}) for the + minimum add-on versions supporting `insecure_addon_compat false`. + +`install_path` + +: The directory in which the Chef Infra Server is installed. + + Default value: `'/opt/opscode'`. + +`from_email` + +: The email address from which invitations to the Chef management + console are sent. + + Default value: `'"Opscode" '`. + +`license['nodes']` + +: The number of licensed nodes. + + Default value: `25`. + +`license['upgrade_url']` + +: The URL to visit for more information about how to update the number + of nodes licensed for an organization. + + Default value: `'https://www.chef.io/pricing'`. + +`notification_email` + +: The email addressed to which email notifications are sent. + + Default value: `'pc-default@chef.io'`. + +`role` + +: The configuration type of the Chef Infra Server. + + Possible values: `backend`, `frontend`, or `standalone`. + + Default value: `'standalone'`. + +`topology` + +: The topology of the Chef Infra Server. + + Possible values: `manual`, `standalone`, and `tier`. + + Default value: `'standalone'`. + +### bookshelf + +{{< readfile file="content/server/reusable/md/server_services_bookshelf.md" >}} + +{{< note >}} +{{< readfile file="content/server/reusable/md/notes_server_aws_cookbook_storage.md" >}} +{{< /note >}} + +This configuration file has the following settings for `bookshelf`: + +`bookshelf['access_key_id']` + +: Deprecated. Use `chef-server-ctl set-secret bookshelf access_key_id` from + the [Secrets Management]({{< relref "/server/ctl_chef_server#secrets-management" >}}) + commands. + + The access key identifier. This may point at an external storage + location, such as Amazon EC2. See [AWS external bookshelf + settings]({{< relref "/server#aws-settings" >}}) for more information on configuring external bookshelf. + + Default value: **generated**. + +`bookshelf['data_dir']` + +: The directory in which on-disk data is stored. The default value is + the recommended value. + + Default value: `/var/opt/opscode/bookshelf/data`. + +`bookshelf['dir']` + +: The working directory. The default value is the recommended value. + + Default value: `/var/opt/opscode/bookshelf`. + +`bookshelf['enable']` + +: Enable a service. + + Default value: `true`. + +`bookshelf['enable_request_logging']` + +: Use to configure request logging for the bookshelf service. + + Default value: `false`. + +`bookshelf['external_url']` + +: The base URL to which the service is to return links to API + resources. Use `:host_header` to ensure the URL is derived from the + host header of the incoming HTTP request. + + Default value: `:host_header`. + +`bookshelf['listen']` + +: The IP address on which the service is to listen. + + Default value: `127.0.0.1`. + +`bookshelf['log_directory']` + +: The directory in which log data is stored. The default value is the + recommended value. + + Default value: `/var/log/opscode/bookshelf`. + +`bookshelf['log_rotation']` + +: The log rotation policy for this service. Log files are rotated when + they exceed `file_maxbytes`. The maximum number of log files in the + rotation is defined by `num_to_keep`. + + Default value: `{ 'file_maxbytes' => 104857600, 'num_to_keep' => 10 }` + +`bookshelf['port']` + +: The port on which the service is to listen. + + Default value: `4321`. + +`bookshelf['secret_access_key']` + +: Deprecated. Use `chef-server-ctl set-secret bookshelf secret_access_key` + from the [Secrets Management]({{< relref "/server/ctl_chef_server#secrets-management" >}}) + commands. + + The secret key. This may point at an external storage location, such + as Amazon EC2. See [AWS external bookshelf + settings]({{< relref "/server#aws-settings" >}}) for + more information on configuring external bookshelf. + + Default value: **generated**. + +`bookshelf['storage_type']` + +: Determines where cookbooks are stored. + + Default value: `:filesystem`. + + In instances that require cookbooks to be stored within a SQL + backend, such as in a high availability setup, you must set + `storage_type` to `:sql`: + + ```ruby + bookshelf['storage_type'] = :sql + ``` + +`bookshelf['stream_download']` + +: Enable stream downloading of cookbooks. This setting (when `true`) + typically results in improved cookbook download performance, + especially with the memory usage of the **bookshelf** service and + the behavior of load balancers and proxies in-between Chef Infra + Client and the Chef Infra Server. + + Default value: `true`. + +`bookshelf['sql_connection_user']` + +: The PostgreSQL user name in `'username@hostname'` format (e.g. + `'bookshelf@my_postgresql.postgres.database.azure.com'`), where + `username` would normally equal the value of `bookshelf['sql_user']` + (default: `'bookshelf'`). This setting is **required** in an + external Azure PostgreSQL database-as-a-service configuration. If + set to `nil`, Chef Infra Server assumes that the database is not on + Azure and the PostgreSQL connection will be made using the value + specified in `bookshelf['sql_user']`. + + Default value: `nil`. + +`bookshelf['vip']` + +: The virtual IP address. This may point at an external storage + location, such as Amazon EC2. See [AWS external bookshelf + settings]({{< relref "/server#aws-settings" >}}) for + more information on configuring external bookshelf. + + Default value: `127.0.0.1`. + +### bootstrap + +This configuration file has the following settings for `bootstrap`: + +`bootstrap['enable']` + +: Indicates whether an attempt to bootstrap the Chef Infra Server is + made. Generally only enabled on systems that have bootstrap enabled + via a `server` entry. + + Default value: `true`. + +### compliance forwarding + +The configuration file has the following settings for forwarding +`compliance` requests using the Chef Infra Server authentication system. + +`profiles['root_url']` + +: If set, any properly signed requests arriving at + `/organizations/ORGNAME/owners/OWNER/compliance` will be forwarded + to this URL. This is expected to be a fully qualified resource, e.g. + `http://compliance.example.org/owners/OWNER/compliance`. + +### dark_launch + +This configuration file has the following settings for `dark_launch`: + +`dark_launch['actions']` + +: Enable Chef actions. + + Default value: `true`. + +`dark_launch['add_type_and_bag_to_items']` + +: Default value: `true`. + +`dark_launch['new_theme']` + +: Default value: `true`. + +`dark_launch['private-chef']` + +: Default value: `true`. + +`dark_launch['quick_start']` + +: Default value: `false`. + +`dark_launch['reporting']` + +: Enable Reporting, which performs data collection during a Chef Infra + Client run. + + Default value: `true`. + +`dark_launch['sql_users']` + +: Default value: `true`. + +### data_collector + +This configuration file has the following settings for `data_collector`: + +`data_collector['root_url']` + +: The fully qualified URL to the data collector server API. When + present, it will enable the data collector in **opscode-erchef**. + This also enables Chef Infra Server authenticated forwarding any properly + signed requests arriving at `/organizations/ORGNAME/data-collector` + to this URL with the data collector token appended. This is also + target for requests authenticated and forwarded by the + `/organizations/ORGNAME/data-collector` endpoint. For the forwarding + to work correctly the `data_collector['token']` field must also be + set. For example, if the data collector in Chef Automate is being + used, the URI would look like: + `http://my_automate_server.example.org/data-collector/v0/`. + +`data_collector['proxy']` + +: If set to `true`, Chef Infra Server will proxy all requests sent to + `/data-collector` to the configured Chef Automate + `data_collector['root_url']`. Note that *this route* does not check + the request signature and add the right data_collector token, but + just proxies the Chef Automate endpoint **as-is**. + + Default value: `nil`. + +`data_collector['token']` + +: Deprecated. Use `chef-server-ctl set-secret data_collector token` from + the [Secrets Management]({{< relref "/server/ctl_chef_server#secrets-management" >}}) + commands. + + Legacy configuration for shared data collector security token. When + configured, the token will be passed as an HTTP header named + `x-data-collector-token` which the server can choose to accept or + reject. + +`data_collector['timeout']` + +: The amount of time (in milliseconds) before a request to the data + collector API times out. + + Default value: `30000`. + +`data_collector['http_init_count']` + +: The initial worker count for the HTTP connection pool that is used + by the data collector. + + Default value: `25`. + +`data_collector['http_max_count']` + +: The maximum worker count for the HTTP connection pool that is used + by the data collector. + + Default value: `100`. + +`data_collector['http_max_age']` + +: The maximum connection worker age (in seconds) for the HTTP + connection pool that is used by the data collector. + + Default value: `{70, sec}`. + +`data_collector['http_cull_interval']` + +: The maximum cull interval (in minutes) for the HTTP connection pool + that is used by the data collector. + + Default value: `{1, min}`. + +`data_collector['http_max_connection_duration']` + +: The maximum connection duration (in seconds) for the HTTP connection + pool that is used by the data collector. + + Default value: `"{70, sec}"`. + +`data_collector['ibrowse_options']` + +: An array of comma-separated key-value pairs of ibrowse options for + the HTTP connection pool that is used by the data collector. + + Default value: `[{connect_timeout, 10000}]`. + +`data_collector['health_check']` + +: A boolean that controls whether the data collector health is + included in the overall health at the `_status` endpoint. When set + to `true`, Chef Infra Server will report that healthy front end Chef + HA cluster members have failed when the `data_collector['root_url']` + cannot be reached. As a result, the load balancer + will remove those members from the load balancer pool. + + Default value: `true`. + +### estatsd + +This configuration file has the following settings for `estatsd`: + +`estatsd['dir']` + +: The working directory. The default value is the recommended value. + + Default value: `'/var/opt/opscode/estatsd'`. + +`estatsd['enable']` + +: Enable a service. + + Default value: `true`. + +`estatsd['log_directory']` + +: The directory in which log data is stored. The default value is the + recommended value. + + Default value: `'/var/log/opscode/estatsd'`. + +`estatsd['port']` + +: The port on which the service is to listen. + + Default value: `9466`. + +`estatsd['protocol']` + +: Use to send application statistics with StatsD protocol formatting. + Set this value to `statsd` to apply StatsD protocol formatting. + +`estatsd['vip']` + +: The virtual IP address. + + Default value: `'127.0.0.1'`. + +### jetty + +This configuration file has the following settings for `jetty`: + +`jetty['enable']` + +: **Setting EOL in Chef Infra Server 14.** + + Enable a service. This value should not be modified. + + Default value: `'false'` + +`jetty['log_directory']` + +: **Setting EOL in Chef Infra Server 14.** + + The directory in which log data is stored. The default value is the + recommended value. + + Default value: `'/var/opt/opscode/opscode-solr4/jetty/logs'` + +### lb / lb_internal + +This configuration file has the following settings for `lb`: + +`lb['api_fqdn']` + +: The FQDN for the Chef Infra Server. FQDNs must always be in lowercase. + + Default value: `node['fqdn']`. + +`lb['ban_refresh_interval']` + +: Default value: `600`. + +`lb['bookshelf']` + +: Default value: `127.0.0.1`. + +`lb['cache_cookbook_files']` + +: Default value: `false`. + +`lb['chef_max_version']` + +: The maximum version of Chef Infra Client that is allowed to access + the Chef Infra Server via the Chef Infra Server API. + + Default value: `11`. + +`lb['chef_min_version']` + +: The minimum version of Chef Infra Client that is allowed to access + the Chef Infra Server via the Chef Infra Server API. + + Default value: `10`. + +`lb['chef_server_webui']` + +: Default value: `127.0.0.1`. + +`lb['debug']` + +: Default value: `false`. + +`lb['enable']` + +: Enable a service. + + Default value: `true`. + +`lb['erchef']` + +: Default value: `127.0.0.1`. + +`lb['maint_refresh_interval']` + +: Default value: `600`. + +`lb['redis_connection_pool_size']` + +: Default value: `250`. + +`lb['redis_connection_timeout']` + +: The amount of time (in milliseconds) to wait before timing out. + + Default value: `1000`. + +`lb['redis_keepalive_timeout']` + +: The amount of time (in milliseconds) to wait before timing out. + + Default value: `2000`. + +`lb['upstream']['bookshelf']` + +: The default value is the recommended value. + + Default value: `[ '127.0.0.1' ]`. + +`lb['upstream']['oc_bifrost']` + +: The default value is the recommended value. + + Default value: `[ '127.0.0.1' ]`. + +`lb['upstream']['opscode_erchef']` + +: The default value is the recommended value. + + Default value: `[ '127.0.0.1' ]`. + +`lb['upstream']['opscode_solr4']` + +: The default value is the recommended value. + + Default value: `[ '127.0.0.1' ]`. + +`lb['vip']` + +: The virtual IP address. + + Default value: `127.0.0.1`. + +`lb['web_ui_fqdn']` + +: FQDNs must always be in lowercase. + + Default value: `node['fqdn']`. + +`lb['xdl_defaults']['503_mode']` + +: The default value is the recommended value. + + Default value: `false`. + +`lb['xdl_defaults']['couchdb_acls']` + +: The default value is the recommended value. + + Default value: `true`. + +`lb['xdl_defaults']['couchdb_association_requests']` + +: The default value is the recommended value. + + Default value: `true`. + +`lb['xdl_defaults']['couchdb_associations']` + +: The default value is the recommended value. + + Default value: `true`. + +`lb['xdl_defaults']['couchdb_containers']` + +: The default value is the recommended value. + + Default value: `true`. + +`lb['xdl_defaults']['couchdb_groups']` + +: The default value is the recommended value. + + Default value: `true`. + +`lb['xdl_defaults']['couchdb_organizations']` + +: The default value is the recommended value. + + Default value: `true`. + +And for the internal load balancers: + +`lb_internal['account_port']` + +: Default value: `9685`. + +`lb_internal['chef_port']` + +: Default value: `9680`. + +`lb_internal['enable']` + +: Default value: `true`. + +`lb_internal['oc_bifrost_port']` + +: Default value: `9683`. + +`lb_internal['vip']` + +: The virtual IP address. + + Default value: `'127.0.0.1'`. + +### ldap + +{{< warning >}} + +The following settings **MUST** be in the config file for LDAP +authentication to Active Directory to work: + +- `base_dn` +- `bind_dn` +- `group_dn` +- `host` + +If those settings are missing, you will get authentication errors and be +unable to proceed. + +{{< /warning >}} + +This configuration file has the following settings for `ldap`: + +`ldap['base_dn']` + +: The root LDAP node under which all other nodes exist in the + directory structure. For Active Directory, this is typically + `cn=users` and then the domain. For example: + + ```ruby + 'OU=Employees,OU=Domain users,DC=example,DC=com' + ``` + + Default value: `nil`. + +`ldap['bind_dn']` + +: The distinguished name used to bind to the LDAP server. The user the + Chef Infra Server will use to perform LDAP searches. This is often + the administrator or manager user. This user needs to have read + access to all LDAP users that require authentication. The Chef Infra + Server must do an LDAP search before any user can log in. Many + Active Directory and LDAP systems do not allow an anonymous bind. If + anonymous bind is allowed, leave the `bind_dn` and `bind_password` + settings blank. If anonymous bind is not allowed, a user with `READ` + access to the directory is required. This user must be specified as + an LDAP distinguished name similar to: + + ```ruby + 'CN=user,OU=Employees,OU=Domainuser,DC=example,DC=com' + ``` + + {{< note >}} + + If you need to escape characters in a distinguished name, such as + when using Active Directory, they must be [escaped with a backslash + escape character](https://social.technet.microsoft.com/wiki/contents/articles/5312.active-directory-characters-to-escape.aspx). + + ```ruby + 'CN=example\\user,OU=Employees,OU=Domainuser,DC=example,DC=com' + ``` + + {{< /note >}} + + Default value: `nil`. + +`ldap['bind_password']` + +: Deprecated. Use `chef-server-ctl set-secret ldap bind_password` from the + [Secrets Management](/ctl_chef_server.html#ctl-chef-server-secrets-management) + commands. + + Legacy configuration for the password of the binding user. The + password for the user specified by `ldap['bind_dn']`. Leave this + value and `ldap['bind_dn']` unset if anonymous bind is sufficient. + + Default value: `nil`. + + ```bash + chef-server-ctl set-secret ldap bind_password + Enter ldap bind_password: (no terminal output) + Re-enter ldap bind_password: (no terminal output) + ``` + + Remove a set password via + + ```bash + chef-server-ctl remove-secret ldap bind_password + ``` + +`ldap['group_dn']` + +: The distinguished name for a group. When set to the distinguished + name of a group, only members of that group can log in. This feature + filters based on the `memberOf` attribute and only works with LDAP + servers that provide such an attribute. In OpenLDAP, the `memberOf` + overlay provides this attribute. For example, if the value of the + `memberOf` attribute is `CN=abcxyz,OU=users,DC=company,DC=com`, then + use: + + ```ruby + ldap['group_dn'] = 'CN=abcxyz,OU=users,DC=company,DC=com' + ``` + +`ldap['host']` + +: The name (or IP address) of the LDAP server. The hostname of the + LDAP or Active Directory server. Be sure the Chef Infra Server is + able to resolve any host names. + + Default value: `ldap-server-host`. + +`ldap['login_attribute']` + +: The LDAP attribute that holds the user's login name. Use to specify + the Chef Infra Server user name for an LDAP user. + + Default value: `sAMAccountName`. + +`ldap['port']` + +: An integer that specifies the port on which the LDAP server listens. + The default value is an appropriate value for most configurations. + + Default value: `389` or `636` when `ldap['encryption']` is set to + `:simple_tls`. + +`ldap['ssl_enabled']` + +: Cause the Chef Infra Server to connect to the LDAP server using SSL. + Must be `false` when `ldap['tls_enabled']` is `true`. + + Default value: `false`. + + {{< note >}} + + Enable SSL for Active Directory. + + {{< /note >}} + + {{< note >}} + + Previous versions of Chef Infra Server used the + `ldap['ssl_enabled']` setting to first enable SSL, and then the + `ldap['encryption']` setting to specify the encryption type. These + settings are deprecated. + + {{< /note >}} + +`ldap['system_adjective']` + +: A descriptive name for the login system that is displayed to users + in the Chef Infra Server management console. If a value like + "corporate" is used, then the Chef management console user interface + will display strings like "the corporate login server", "corporate + login", or "corporate password." + + Default value: `AD/LDAP`. + + {{< warning >}} + + This setting is **not** used by the Chef Infra Server. It is used + only by the Chef management console. + + {{< /warning >}} + +`ldap['timeout']` + +: The amount of time (in seconds) to wait before timing out. + + Default value: `60000`. + +`ldap['tls_enabled']` + +: Enable TLS. When enabled, communication with the LDAP server is done + via a secure SSL connection on a dedicated port. When `true`, + `ldap['port']` is also set to `636`. Must be `false` when `ldap['ssl_enabled']` is `true`. + + Default value: `false`. + + {{< note >}} + + Previous versions of Chef Infra Server used the + `ldap['ssl_enabled']` setting to first enable SSL, and then the + `ldap['encryption']` setting to specify the encryption type. These + settings are deprecated. + + {{< /note >}} + +### nginx + +This configuration file has the following settings for `nginx`: + +`nginx['cache_max_size']` + +: The `max_size` parameter used by the Nginx cache manager, which is + part of the `proxy_cache_path` directive. When the size of file + storage exceeds this value, the Nginx cache manager removes the + least recently used data. + + Default value: `5000m`. + +`nginx['client_max_body_size']` + +: The maximum accepted body size for a client request, as indicated by + the `Content-Length` request header. + + Default value: `250m`. + +`nginx['dir']` + +: The working directory. The default value is the recommended value. + + Default value: `/var/opt/opscode/nginx`. + +`nginx['enable']` + +: Enable a service. + + Default value: `true`. + +`nginx['enable_ipv6']` + +: Enable Internet Protocol version 6 (IPv6) addresses. + + Default value: `false`. + +`nginx['enable_non_ssl']` + +: Allow port 80 redirects to port 443. Set to + `true`, to enable SSL termination by the front-end hardware load balancers for WebUI and API endpoints. + + Default value: `false`. + +{{< note >}} +Chef Infra Server versions earlier than 14.5 configured with `nginx['enable_non_ssl'] = false` and `fips = true` require `export CSC_LB_URL=https://127.0.0.1` to run the command `chef-server-ctl reindex ` +{{< /note >}} + +`nginx['enable_stub_status']` + +: Enables the Nginx `stub_status` module. See + `nginx['stub_status']['allow_list']`, + `nginx['stub_status']['listen_host']`, + `nginx['stub_status']['listen_port']`, and + `nginx['stub_status']['location']`. + + Default value: `true`. + +`nginx['gzip']` + +: Enable gzip compression. + + Default value: `on`. + +`nginx['gzip_comp_level']` + +: The compression level used with gzip, from least amount of + compression (`1`, fastest) to the most (`2`, slowest). + + Default value: `2`. + +`nginx['gzip_http_version']` + +: Enable gzip depending on the version of the HTTP request. + + Default value: `1.0`. + +`nginx['gzip_proxied']` + +: The type of compression used based on the request and response. + + Default value: `any`. + +`nginx['gzip_types']` + +: Enable compression for the specified MIME-types. + + Default value: + + ```ruby + [ 'text/plain', + 'text/css', + 'application/x-javascript', + 'text/xml', 'application/xml', + 'application/xml+rss', + 'text/javascript', + 'application/json' + ] + ``` + +`nginx['hsts_max_age']` + +: Time duration in seconds till which the browser caches the `HSTS` information. + + Possible values: greater than or equal to `31536000` and less than or equal to `63072000`. + + Default value: `31536000` (1 year). + + **New in Chef Infra Server 14.3** + +`nginx['keepalive_timeout']` + +: The amount of time (in seconds) to wait for requests on a HTTP + keepalive connection. + + Default value: `65`. + +`nginx['log_directory']` + +: The directory in which log data is stored. The default value is the + recommended value. + + Default value: `/var/log/opscode/nginx`. + +`nginx['log_rotation']` + +: The log rotation policy for this service. Log files are rotated when + they exceed `file_maxbytes`. The maximum number of log files in the + rotation is defined by `num_to_keep`. + + Default value: `{ 'file_maxbytes' => 104857600, 'num_to_keep' => 10 }` + +`nginx['log_x_forwarded_for']` + +: Log \$http_x_forwarded_for ("X-Forwarded-For") instead of + \$remote_addr if `true`. + + Default value `false`. + +`nginx['nginx_no_root']` + +: Whether the `nginx` processes, including the `master` process, should not + run as the `root` user on a system and will instead run as `user['username']` (defaults to `opscode`). + **REQUIRES** that `nginx['ssl_port']` and `nginx['non_ssl_port']` options are configured to non-privileged + ports greater than `1024` or that the local system is otherwise allowed to bind to privileged ports + with the user `user['username']`. + + Possible values: `true`, `false`. + + Default value: `false`. + + **New in Chef Infra Server 14.10** + +`nginx['non_ssl_port']` + +: The port on which the WebUI and API are bound for non-SSL + connections. + + Default value: `80`. Use `nginx['enable_non_ssl']` to + enable or disable SSL redirects on this port number. Set to `false` + to disable non-SSL connections. + +`nginx['sendfile']` + +: Copy data between file descriptors when `sendfile()` is used. + + Default value: `on`. + +`nginx['server_name']` + +: The FQDN for the server. FQDNs must always be in lowercase. + + Default value: `node['fqdn']`. + +`nginx['ssl_certificate']` + +: The SSL certificate used to verify communication over HTTPS. + + Default value: `nil`. + +`nginx['ssl_certificate_key']` + +: The certificate key used for SSL communication. + + Default value: `nil`. + +`nginx['ssl_ciphers']` + +: The list of supported cipher suites that are used to establish a + secure connection. To favor AES256 with ECDHE forward security, drop + the `RC4-SHA:RC4-MD5:RC4:RSA` prefix. See [this + link](https://www.openssl.org/docs/man1.1.1/man1/ciphers.html) for more + information. For example: + + ```ruby + nginx['ssl_ciphers'] = HIGH: ... :!PSK + ``` + +`nginx['ssl_company_name']` + +: The name of your company. + + Default value: `YouCorp`. + +`nginx['ssl_country_name']` + +: The country in which your company is located. + + Default value: `US`. + +`nginx['ssl_email_address']` + +: The default email address for your company. + + Default value: `you@example.com`. + +`nginx['ssl_locality_name']` + +: The city in which your company is located. + + Default value: `Seattle`. + +`nginx['ssl_organizational_unit_name']` + +: The organization or group within your company that is running the + Chef Infra Server. + + Default value: `Operations`. + +`nginx['ssl_port']` + +: Default value: `443`. + +`nginx['ssl_protocols']` + +: The SSL protocol versions that are enabled for the Chef Infra Server API. + Starting with Chef Infra Server 14.3, this value defaults to `'TLSv1.2'` for + enhanced security. Previous releases defaulted to `'TLSv1 TLSv1.1 TLSv1.2'`, + which allowed for less secure SSL connections. TLS 1.2 is supported on + Chef Infra Client 10.16.4 and later on Linux, Unix, and macOS, and on Chef + Infra Client 12.8 and later on Windows. If it is necessary to support these older end-of-life + Chef Infra Client releases, set this value to `'TLSv1.1 TLSv1.2'`. + + ```ruby + nginx['ssl_protocols'] = 'TLSv1.2' + ``` + + Default value: `TLSv1.2`. + +`nginx['ssl_state_name']` + +: The state, province, or region in which your company is located. + + Default value: `WA`. + +`nginx['strict_host_header']` + +: Whether nginx should only respond to requests where the Host header + matches one of the configured FQDNs. + + Default value: `false`. + +`nginx['stub_status']['allow_list']` + +: The IP address on which accessing the `stub_status` endpoint is + allowed. + + Default value: `["127.0.0.1"]`. + +`nginx['stub_status']['listen_host']` + +: The host on which the Nginx `stub_status` module listens. + + Default value: `"127.0.0.1"`. + +`nginx['stub_status']['listen_port']` + +: The port on which the Nginx `stub_status` module listens. + + Default value: `"9999"`. + +`nginx['stub_status']['location']` + +: The name of the Nginx `stub_status` endpoint used to access data + generated by the Nginx `stub_status` module. + + Default value: `"/nginx_status"`. + +`nginx['tcp_nodelay']` + +: Enable the Nagle buffering algorithm. + + Default value: `on`. + +`nginx['tcp_nopush']` + +: Enable TCP/IP transactions. + + Default value: `on`. + +`nginx["time_format"]` + +: The time format of nginx `access.log`. + + **New in Chef Infra Server 14.1** + + Possible values: + + - `"time_iso8601"` (ex: [2020-10-21T07:22:00+00:00]) + - `"time_local"` (ex: [07/Jun/2018:01:05:11 +0900]). + + Default value: `"time_iso8601"`. + +`nginx['url']` + +: Default value: `https://#{node['fqdn']}`. + +`nginx['use_implicit_hosts']` + +: Automatically add `localhost` and any + local IP addresses to the configured FQDNs. Useful in combination + with `nginx['strict_host_header']`. + + Default value: `true`. + +`nginx['show_welcome_page']` + +: Determines whether or not the default nginx welcome page is shown. + + Default value: `true`. + +`nginx['worker_connections']` + +: The maximum number of simultaneous clients. Use with + `nginx['worker_processes']` to determine the maximum number of + allowed clients. + + Default value: `10240`. + +`nginx['worker_processes']` + +: The number of allowed worker processes. Use with + `nginx['worker_connections']` to determine the maximum number of + allowed clients. + + Default value: `node['cpu']['total'].to_i`. + +`nginx['x_forwarded_proto']` + +: The protocol used to connect to the server by a Chef Infra Client or a workstation. + + Possible values: `http`, `https`. + + Default value: `'https'`. + +### oc_bifrost + +{{< readfile file="content/server/reusable/md/server_services_bifrost.md" >}} + +This configuration file has the following settings for `oc_bifrost`: + +`oc_bifrost['db_pool_size']` + +: The number of open connections to PostgreSQL that are maintained by + the service. This value should be increased if failures indicate + that the **oc_bifrost** service ran out of connections. This value + should be tuned in conjunction with the + `postgresql['max_connections']` setting for PostgreSQL. + + Default value: `20`. + +`oc_bifrost['dir']` + +: The working directory. The default value is the recommended value. + + Default value: `/var/opt/opscode/oc_bifrost`. + +`oc_bifrost['enable']` + +: Enable a service. + + Default value: `true`. + +`oc_bifrost['enable_request_logging']` + +: Use to configure request logging for the `oc_bifrost` service. + + Default value: `true`. + +`oc_bifrost['extended_perf_log']` + +: Default value: `true`. + +`oc_bifrost['listen']` + +: The IP address on which the service is to listen. + + Default value: `'127.0.0.1'`. + +`oc_bifrost['log_directory']` + +: The directory in which log data is stored. The default value is the + recommended value. + + Default value: `/var/log/opscode/oc_bifrost`. + +`oc_bifrost['log_rotation']` + +: The log rotation policy for this service. Log files are rotated when + they exceed `file_maxbytes`. The maximum number of log files in the + rotation is defined by `num_to_keep`. + + Default value: `{ 'file_maxbytes' => 104857600, 'num_to_keep' => 10 }` + +`oc_bifrost['port']` + +: The port on which the service is to listen. + + Default value: `9463`. + +`oc_bifrost['sql_connection_user']` + +: The PostgreSQL user name in `'username@hostname'` format (e.g. + `'bifrost@my_postgresql.postgres.database.azure.com'`), where + `username` would normally equal the value of + `oc_bifrost['sql_user']` (default: `'bifrost'`). This setting is + **required** in an external Azure PostgreSQL database-as-a-service + configuration. If set to `nil`, Chef Infra Server assumes that the + database is not on Azure and the PostgreSQL connection will be made + using the value specified in `oc_bifrost['sql_user']`. + + Default value: `nil`. + +`oc_bifrost['sql_password']` + +: The password for the `sql_user`. + + Default value: **generated**. + + To override the default value, use the [Secrets + Management]({{< relref "/server/ctl_chef_server#secrets-management" >}}) + command: `chef-server-ctl set-secret oc_bifrost sql_password`. + +`oc_bifrost['sql_ro_password']` + +: The password for the `sql_ro_user`. + + Default value: **generated**. + + To override the default value, use the [Secrets + Management]({{< relref "/server/ctl_chef_server#secrets-management" >}}) + command: `chef-server-ctl set-secret oc_bifrost sql_ro_password`. + +`oc_bifrost['sql_ro_user']` + +: Default value: `'bifrost_ro'`. + +`oc_bifrost['sql_user']` + +: The user with permission to publish data. + + Default value: `'bifrost'`. + +`oc_bifrost['superuser_id']` + +: Default value: **generated**. + +`oc_bifrost['vip']` + +: The virtual IP address. + + Default value: `'127.0.0.1'`. + +### oc_chef_authz + +The **opscode-authz** service is used to handle authorization requests +from oc_erchef to oc_bifrost in the Chef Infra Server. + +This configuration file has the following settings for `oc_chef_authz`: + +`oc_chef_authz['http_cull_interval']` + +: Default value: `'{1, min}'`. + +`oc_chef_authz['http_init_count']` + +: Default value: `25`. + +`oc_chef_authz['http_max_age']` + +: Default value: `'{70, sec}'`. + +`oc_chef_authz['http_max_connection_duration']` + +: Default value: `'{70, sec}'`. + +`oc_chef_authz['http_max_count']` + +: Default value: `100`. + +`oc_chef_authz['ibrowse_options']` + +: The amount of time (in milliseconds) to wait for a connection to be + established. + + Default value: `'[{connect_timeout, 5000}]'`. + +`oc_chef_authz['max_connection_request_limit']` + +: The maximum number of requests allowed per connection. + + Default value: `100`. + + **New in Chef Infra Client 14.11** + +### oc-chef-pedant + +This configuration file has the following settings for `oc-chef-pedant`: + +`oc_chef_pedant['debug_org_creation']` + +: Run tests with full output. + + Default value: `false`. + +`oc_chef_pedant['dir']` + +: The working directory. The default value is the recommended value. + + Default value: `'/var/opt/opscode/oc-chef-pedant'`. + +`oc_chef_pedant['log_directory']` + +: The directory in which log data is stored. The default value is the + recommended value. + + Default value: `'/var/log/opscode/oc-chef-pedant'` + +`oc_chef_pedant['log_http_requests']` + +: Log HTTP requests in a file named `http-traffic.log` that is located + in the path specified by `log_directory`. + + Default value: `true`. + +`oc_chef_pedant['log_rotation']` + +: The log rotation policy for this service. Log files are rotated when + they exceed `file_maxbytes`. The maximum number of log files in the + rotation is defined by `num_to_keep`. + + Default value: `{ 'file_maxbytes' => 104857600, 'num_to_keep' => 10 }`. + +### oc-id + +{{< readfile file="content/server/reusable/md/server_services_oc_id.md" >}} + +This configuration file has the following settings for `oc-id`: + +`oc_id['administrators']` + +: An array of Chef Infra Server user names who may add applications to + the identity service. For example, `['user1', 'user2']`. + + Default value: `[ ]`. + +`oc_id['applications']` + +: A Hash that contains OAuth 2 application information. + + Default value: `{ }`. + + {{< readfile file="content/server/reusable/md/config_ocid_application_hash_supermarket.md" >}} + +`oc_id['db_pool_size']` + +: The number of open connections to PostgreSQL that are maintained by + the service. + + Default value: `'20'`. + +`oc_id['dir']` + +: The working directory. The default value is the recommended value. + + Default value: none. + +`oc_id['enable']` + +: Enable a service. + + Default value: `true`. + +`oc_id['email_from_address']` + +: Outbound email address. + + Defaults to the `'from_email'` value. + +`oc_id['enable_onetrust']` + +: Whether to enable OneTrust cookie consent verification. + + Default value: `false`. + + **New in Chef Infra Server 15.9.19** + +`oc_id['log_directory']` + +: The directory in which log data is stored. The default value is the + recommended value. + + Default value: `'/var/opt/opscode/oc_id'`. + +`oc_id['log_rotation']` + +: The log rotation policy for this service. Log files are rotated when + they exceed `file_maxbytes`. The maximum number of log files in the + rotation is defined by `num_to_keep`. + + Default value: `{ 'file_maxbytes' => 104857600, 'num_to_keep' => 10 }` + +`oc_id['origin']` + +: The FQDN for the server that is sending outbound email. FQDNs must + always be in lowercase. + + Defaults to the `'api_fqdn'` value, which is the FQDN for the Chef Infra Server. + +`oc_id['num_to_keep']` + +: The number of log files to keep. + + Default value: `10`. + +`oc_id['port']` + +: The port on which the service is to listen. + + Default value: `9090`. + +`oc_id['sql_connection_user']` + +: The PostgreSQL user name in `'username@hostname'` format (e.g. + `'oc_id@my_postgresql.postgres.database.azure.com'`), where + `username` would normally equal the value of `oc_id['sql_user']` + (default: `'od_id'`). This setting is **required** in an external + Azure PostgreSQL database-as-a-service configuration. If set to + `nil`, Chef Infra Server assumes that the database is not on Azure + and the PostgreSQL connection will be made using the value specified + in `oc_id['sql_user']`. + + Default value: `nil`. + +`oc_id['sql_database']` + +: The name of the database. + + Default value: `oc_id`. + +`oc_id['sql_password']` + +: The password for the `sql_user`. + + Default value: **generated**. + + To override the default value, use the [Secrets + Management]({{< relref "/server/ctl_chef_server#secrets-management" >}}) + command: `chef-server-ctl set-secret oc_id sql_password`. + +`oc_id['sql_user']` + +: The user with permission to write to `sql_database`. + + Default value: `oc_id`. + +`oc_id['vip']` + +: The virtual IP address. + + Default value: `'127.0.0.1'`. + +### opscode-chef-mover + +This configuration file has the following settings for +`opscode-chef-mover`: + +`opscode_chef_mover['bulk_fetch_batch_size']` + +: **Setting EOL in Chef Infra Server 14.** + + Default value: `'5'`. + +`opscode_chef_mover['cache_ttl']` + +: **Setting EOL in Chef Infra Server 14.** + + Default value: `'3600'`. + +`opscode_chef_mover['db_pool_size']` + +: **Setting EOL in Chef Infra Server 14.** + + The number of open connections to PostgreSQL that are maintained by + the service. + + Default value: `'5'`. + +`opscode_chef_mover['data_dir']` + +: **Setting EOL in Chef Infra Server 14.** + + The directory in which on-disk data is stored. The default value is + the recommended value. + + Default value: `'/var/opt/opscode/opscode-chef-mover/data'` + +`opscode_chef_mover['dir']` + +: **Setting EOL in Chef Infra Server 14.** + + The working directory. The default value is the recommended value. + + Default value: `'/var/opt/opscode/opscode-chef-mover'`. + +`opscode_chef_mover['enable']` + +: **Setting EOL in Chef Infra Server 14.** + + Enable a service. + + Default value: `true`. + +`opscode_chef_mover['ibrowse_max_pipeline_size']` + +: **Setting EOL in Chef Infra Server 14.** + + Default value: `1`. + +`opscode_chef_mover['ibrowse_max_sessions']` + +: **Setting EOL in Chef Infra Server 14.** + + Default value: `256`. + +`opscode_chef_mover['log_directory']` + +: The directory in which log data is stored. The default value is the + recommended value. Default value: + + ```ruby + '/var/log/opscode/opscode-chef-mover' + ``` + +`opscode_chef_mover['log_rotation']` + +: The log rotation policy for this service. Log files are rotated when + they exceed `file_maxbytes`. The maximum number of log files in the + rotation is defined by `num_to_keep`. Default value: + + ```ruby + { 'file_maxbytes' => 104857600, 'num_to_keep' => 10 } + ``` + +`opscode_chef_mover['max_cache_size']` + +: **Setting EOL in Chef Infra Server 14.** + + Default value: `'10000'`. + +`opscode_chef_mover['solr_http_cull_interval']` + +: **Setting EOL in Chef Infra Server 14.** + + Default value: `'{1, min}'`. + +`opscode_chef_mover['solr_http_init_count']` + +: **Setting EOL in Chef Infra Server 14.** + + Default value: `25`. + +`opscode_chef_mover['solr_http_max_age']` + +: **Setting EOL in Chef Infra Server 14.** + + Default value: `'{70, sec}'`. + +`opscode_chef_mover['solr_http_max_connection_duration']` + +: **Setting EOL in Chef Infra Server 14.** + + Default value: `'{70, sec}'`. + +`opscode_chef_mover['solr_http_max_count']` + +: **Setting EOL in Chef Infra Server 14.** + + Default value: `100`. + +`opscode_chef_mover['solr_ibrowse_options']` + +: **Setting EOL in Chef Infra Server 14.** + + Default value: `'[{connect_timeout, 10000}]'`. + +`opscode_chef_mover['solr_timeout']` + +: **Setting EOL in Chef Infra Server 14.** + + Default value: `30000`. + +### opscode-erchef + +{{< readfile file="content/server/reusable/md/server_services_erchef.md" >}} + +This configuration file has the following settings for `opscode-erchef`: + +`opscode_erchef["allow_email_update_only_from_manage"]` + +: Set to `true`, users can only update their email from the Chef management console. + Set to `false`, users can update their email using knife and the Chef management console. + + Default value : `false`. + + **New in Chef Infra Server 14.5** + +`opscode_erchef['auth_skew']` + +: Default value: `900`. + +`opscode_erchef['authz_fanout']` + +: Default value: `20`. + +`opscode_erchef['authz_timeout']` + +: The amount of time (in seconds) before a request to the + **oc_bifrost** service times out. + + Default value: `2000`. + +`opscode_erchef['base_resource_url']` + +: The base URL to which the service is to return links to API + resources. Use `:host_header` to ensure the URL is derived from the + host header of the incoming HTTP request. + + Default value: `:host_header`. + +`opscode_erchef['bulk_fetch_batch_size']` + +: The number of nodes that may be deserialized. Currently only applies + to the `/search` endpoint in the Chef Infra Server API. The default + value is the recommended value. + + Default value: `5`. + +`opscode_erchef['cache_ttl']` + +: Default value: `3600`. + +`opscode_erchef['cbv_cache_enabled']` + +: Whether to enable cookbook version response caching. If you frequently see + very long response times from `cookbook_versions` when under load, this is worth enabling. + Enabling this makes it possible for a client to receive stale results. When a cookbook is updated + in place (without incrementing the version), and the old response has not expired from the cache, + the Infra Server will give the old response to the client. Subsequent client runs will receive the + updated response. + + Possible values: `true`, `false`. + + Default value: `false`. + + **New in Chef Infra Server 14.11** + +`opscode_erchef['cbv_cache_item_ttl']` + +: The maximum time in milliseconds that Chef Infra Server will keep any given cookbook version response in the cache when when `cbv_cache_enabled` is enabled. + + Default value: `30000`. + + {{< note >}} + Be careful if increasing this number - requests for a given set of cookbook versions will be stale if the resolved cookbook versions are updated before the cache entry times out. This will + not occur if you increment the version of a cookbook with every cookbook update, which is the recommended approach to updating cookbooks. + {{< /note >}} + +`opscode_erchef['cleanup_batch_size']` + +: Default value: `0`. + +`opscode_erchef['couchdb_max_conn']` + +: Default value: `'100'`. + +`opscode_erchef['db_pool_size']` + +: The number of open connections to PostgreSQL that are maintained by + the service. + + Default value: `20`. + +`opscode_erchef['depsolver_timeout']` + +: The amount of time (in milliseconds) to wait for cookbook dependency + problems to be solved. + + Default value: `'5000'`. + +`opscode_erchef['depsolver_worker_count']` + +: The number of Ruby processes for which cookbook dependency problems + are unsolved. Use the `pgrep -fl depselector` command to verify the + number of depsolver workers that are running. If you are seeing 503 + service unavailable errors, increase this value. + + Default value: `'5'`. + +`opscode_erchef['dir']` + +: The working directory. The default value is the recommended value. + + Default value: `/var/opt/opscode/opscode-erchef`. + +`opscode_erchef['enable']` + +: Enable a service. + + Default value: `true`. + +`opscode_erchef['enable_actionlog']` + +: Use to enable Chef actions, a premium feature of the Chef Infra + Server. + + Default value: `false`. + +`opscode_erchef['enable_request_logging']` + +: Use to configure request logging for the `opscode_erchef` service. + + Default value: `true`. + +`opscode_erchef['ibrowse_max_pipeline_size']` + +: Default value: `1`. + +`opscode_erchef['ibrowse_max_sessions']` + +: Default value: `256`. + +`opscode_erchef['enable_ibrowse_traces']` + +: Use to configure ibrowse logging for the `opscode_erchef` service. + + Default value: `false`. + + **New in Chef Infra Server 14.11** + +`opscode_erchef["include_version_in_status"]` + +: Set to `true` to include `server_version` as part of the `/_status` endpoint. + + Default value : `false`. + + **New in Chef Infra Server 14.1** + +`opscode_erchef['listen']` + +: The IP address on which the service is to listen. + + Default value: `127.0.0.1`. + +`opscode_erchef['log_directory']` + +: The directory in which log data is stored. The default value is the + recommended value. + + Default value: `/var/log/opscode/opscode-erchef`. + +`opscode_erchef['log_rotation']` + +: The log rotation policy for this service. Log files are rotated when + they exceed `file_maxbytes`. The maximum number of log files in the + rotation is defined by `num_to_keep`. + + Default value: `{ 'file_maxbytes' => 104857600, 'num_to_keep' => 10 }` + +`opscode_erchef['max_cache_size']` + +: Default value: `10000`. + +`opscode_erchef['max_request_size']` + +: When the request body size is greater than this value, a + `413 Request Entity Too Large` error is returned. + + Default value: `2000000`. + +`opscode_erchef['nginx_bookshelf_caching']` + +: Whether Nginx is used to cache cookbooks. When `:on`, Nginx serves + up the cached content instead of forwarding the request. + + Default value: `:off`. + +`opscode_erchef['port']` + +: The port on which the service is to listen. + + Default value: `8000`. + +`opscode_erchef['reindex_batch_size']` + +: The number of items to fetch from the database and send to the + search index at a time. + + Default value: `10`. + +`opscode_erchef['reindex_sleep_min_ms']` + +: The minimum number of milliseconds to sleep before retrying a failed + attempt to index an item. Retries are delayed a random number of + miliseconds between `reindex_sleep_min_ms` and + `reindex_sleep_max_ms`. Set both this and `reindex_sleep_max_ms` to + 0 to retry without delay. + + Default value: `500` + +`opscode_erchef['reindex_sleep_max_ms']` + +: The maximum number of milliseconds to sleep before retrying a failed + attempt to index an item. Retries are delayed a random number of + miliseconds between `reindex_sleep_min_ms` and + `reindex_sleep_max_ms`. Set both this and `reindex_sleep_min_ms` to + 0 to retry without delay. + + Default value: `2000` + +`opscode_erchef['reindex_item_retries']` + +: The number of times to retry sending an object for indexing in the + case of failure. + + Default value: `3` + +`opscode_erchef['root_metric_key']` + +: Default value: `chefAPI`. + +`opscode_erchef['s3_bucket']` + +: The name of the Amazon Simple Storage Service (S3) bucket. This may + point at external storage locations, such as Amazon EC2. See [AWS + external bookshelf + settings]({{< relref "/server#aws-settings" >}}) for + more information on configuring external bookshelf. + +`opscode_erchef['s3_parallel_ops_fanout']` + +: Default value: `20`. + +`opscode_erchef['s3_parallel_ops_timeout']` + +: Default value: `5000`. + +`opscode_erchef['s3_url_expiry_window_size']` + +: The frequency at which unique URLs are generated. This value may be + a specific amount of time, i.e. `15m` (fifteen minutes) or a + percentage of the value of `s3_url_ttl`, i.e. `10%`. + + Default value: `:off`. + +`opscode_erchef['s3_url_ttl']` + +: The amount of time (in seconds) before connections to the server + expire. If node bootstraps are timing out, increase this setting. + + Default value: `28800`. + +`opscode_erchef['s3_url_type']` + +: The URL style to use (`path` or `vhost`) when connecting to S3. + Mainly used to manually override the default setting. Note that + Amazon may eliminate path-style URLs on some or all S3 buckets + in the future. + + Default value: `vhost`. + + **New in Chef Infra Server 15.3** + +`opscode_erchef['search_auth_password']` + +: The OpenSearch password. + + Default value: `nil`. + + **New in Chef Infra Server 14.14.** + +`opscode_erchef['search_auth_username']` + +: The OpenSearch username. + + Default value: `opensearch_user`. + + **New in Chef Infra Server 14.14.** + +`opscode_erchef['search_provider']` + +: The search index provider. + + Default value: `elasticsearch`. + + **New in Chef Infra Server 14.14.** + +`opscode_erchef['search_queue_mode']` + +: The search index queue mode. + + Default value: `batch`. + + **New in Chef Infra Server 14.14.** + +`opscode_erchef['sql_connection_user']` + +: The PostgreSQL user name in `'username@hostname'` format (e.g. + `'opscode_chef@my_postgresql.postgres.database.azure.com'`), where + `username` would normally equal the value of + `opscode-erchef['sql_user']` (default: `'opscode_chef'`). This + setting is **required** in an external Azure PostgreSQL + database-as-a-service configuration. If set to `nil`, Chef Infra + Server assumes that the database is not on Azure and the PostgreSQL + connection will be made using the value specified in + `opscode_erchef['sql_user']`. + + Default value: `nil`. + +`opscode_erchef['strict_search_result_acls']` + +: {{< readfile file="content/server/reusable/md/settings_strict_search_result_acls.md" >}} + +`opscode_erchef['udp_socket_pool_size']` + +: Default value: `20`. + +`opscode_erchef['umask']` + +: Default value: `0022`. + +`opscode_erchef['validation_client_name']` + +: Default value: `chef-validator`. + +`opscode_erchef['vip']` + +: The virtual IP address. + + Default value: `127.0.0.1`. + + +### opscode-expander + +{{< readfile file="content/server/reusable/md/server_services_expander.md" >}} + +{{< note >}} + +opscode-expander settings are EOL in Chef Infra Server 14. + +{{< /note >}} + +This configuration file has the following settings for +`opscode-expander`: + +`opscode_expander['consumer_id']` + +: **Setting EOL in Chef Infra Server 14.** + + The identity of the consumer to which messages are published. + Default value: `default`. + +`opscode_expander['dir']` + +: **Setting EOL in Chef Infra Server 14.** + + The working directory. The default value is the recommended value. + Default value: + + ```ruby + /var/opt/opscode/opscode-expander + ``` + +`opscode_expander['enable']` + +: **Setting EOL in Chef Infra Server 14.** + + Enable a service. Default value: `true`. + +`opscode_expander['log_directory']` + +: **Setting EOL in Chef Infra Server 14.** + + The directory in which log data is stored. The default value is the + recommended value. Default value: + + ```ruby + /var/log/opscode/opscode-expander + ``` + +`opscode_expander['log_rotation']` + +: **Setting EOL in Chef Infra Server 14.** + + The log rotation policy for this service. Log files are rotated when + they exceed `file_maxbytes`. The maximum number of log files in the + rotation is defined by `num_to_keep`. Default value: + + ```ruby + { 'file_maxbytes' => 104857600, 'num_to_keep' => 10 } + ``` + +`opscode_expander['nodes']` + +: **Setting EOL in Chef Infra Server 14.** + + The number of allowed worker processes. Default value: `2`. + +`opscode_expander['reindexer_log_directory']` + +: **Setting EOL in Chef Infra Server 14.** + + The directory in which `opscode-expander-reindexer` logs files are + located. Default value: + + ```ruby + /var/log/opscode/opscode-expander-reindexer + ``` + +### opscode-solr4 + +{{< readfile file="content/server/reusable/md/server_services_solr4.md" >}} + +{{< note >}} + +opscode-solr4 settings are EOL in Chef Infra Server 14. + +{{< /note >}} + +This configuration file has the following settings for `opscode-solr4`: + +`opscode_solr4['auto_soft_commit']` + +: **Setting EOL in Chef Infra Server 14.** + + The maximum number of documents before a soft commit is triggered. + Default value: `1000`. + +`opscode_solr4['commit_interval']` + +: **Setting EOL in Chef Infra Server 14.** + + The frequency (in seconds) at which node objects are added to the + Apache Solr search index. This value should be tuned carefully. When + data is committed to the Apache Solr index, all incoming updates are + blocked. If the duration between updates is too short, it is + possible for the rate at which updates are asked to occur to be + faster than the rate at which objects can be actually committed. + Default value: `60000` (every 60 seconds). + +`opscode_solr4['data_dir']` + +: **Setting EOL in Chef Infra Server 14.** + + The directory in which on-disk data is stored. The default value is + the recommended value. Default value: + + ```ruby + /var/opt/opscode/opscode-solr4/data + ``` + +`opscode_solr4['dir']` + +: **Setting EOL in Chef Infra Server 14.** + + The working directory. The default value is the recommended value. + Default value: + + ```ruby + /var/opt/opscode/opscode-solr4 + ``` + +`opscode_solr4['enable']` + +: **Setting EOL in Chef Infra Server 14.** + + Enable a service. Default value: `true`. + +`opscode_solr4['heap_size']` + +: **Setting EOL in Chef Infra Server 14.** + + The amount of memory (in MBs) available to Apache Solr. If there is + not enough memory available, search queries made by nodes to Apache + Solr may fail. The amount of memory that must be available also + depends on the number of nodes in the organization, the frequency of + search queries, and other characteristics that are unique to each + organization. In general, as the number of nodes increases, so does + the amount of memory. The default value should work for many + organizations with fewer than 25 nodes. For an organization with + several hundred nodes, the amount of memory that is required often + exceeds 3GB. Default value: `nil`, which is equivalent to 25% of the + system memory or 1024 (MB, but this setting is specified as an + integer number of MB in EC11), whichever is smaller. + +`opscode_solr4['ip_address']` + +: **Setting EOL in Chef Infra Server 14.** + + The IP address for the machine on which Apache Solr is running. + Default value: `127.0.0.1`. + +`opscode_solr4['java_opts']` + +: **Setting EOL in Chef Infra Server 14.** + + A Hash of `JAVA_OPTS` environment variables to be set. + (`-XX:NewSize` is configured using the `new_size` setting.) Default + value: `' '` (empty). + +`opscode_solr4['log_directory']` + +: **Setting EOL in Chef Infra Server 14.** + + The directory in which log data is stored. The default value is the + recommended value. Default value: + + ```ruby + /var/log/opscode/opscode-solr4 + ``` + +`opscode_solr4['log_gc']` + +: Enable or disable GC logging. Default is `true`. + +`opscode_solr4['log_rotation']` + +: **Setting EOL in Chef Infra Server 14.** + + The log rotation policy for this service. Log files are rotated when + they exceed `file_maxbytes`. The maximum number of log files in the + rotation is defined by `num_to_keep`. Default value: + + ```ruby + { 'file_maxbytes' => 104857600, 'num_to_keep' => 10 } + ``` + +`opscode_solr4['max_commit_docs']` + +: **Setting EOL in Chef Infra Server 14.** + + The frequency (in documents) at which node objects are added to the + Apache Solr search index. This value should be tuned carefully. When + data is committed to the Apache Solr index, all incoming updates are + blocked. If the duration between updates is too short, it is + possible for the rate at which updates are asked to occur to be + faster than the rate at which objects can be actually committed. + Default value: `1000` (every 1000 documents). + +`opscode_solr4['max_field_length']` + +: **Setting EOL in Chef Infra Server 14.** + + The maximum field length (in number of tokens/terms). If a field + length exceeds this value, Apache Solr may not be able to complete + building the index. Default value: `100000` (increased from the + Apache Solr default value of `10000`). + +`opscode_solr4['max_merge_docs']` + +: **Setting EOL in Chef Infra Server 14.** + + The maximum number of index segments allowed before they are merged + into a single index. Default value: `2147483647`. + +`opscode_solr4['merge_factor']` + +: **Setting EOL in Chef Infra Server 14.** + + The maximum number of document updates that can be stored in memory + before being flushed and added to the current index segment. Default + value: `15`. + +`opscode_solr4['new_size']` + +: **Setting EOL in Chef Infra Server 14.** + + Configure the `-XX:NewSize` `JAVA_OPTS` environment variable. + Default value: `nil`. + +`opscode_solr4['poll_seconds']` + +: **Setting EOL in Chef Infra Server 14.** + + The frequency (in seconds) at which the secondary machine polls the + primary. Default value: `20`. + +`opscode_solr4['port']` + +: **Setting EOL in Chef Infra Server 14.** + + The port on which the service is to listen. Default value: `8983`. + +`opscode_solr4['ram_buffer_size']` + +: **Setting EOL in Chef Infra Server 14.** + + The size (in megabytes) of the RAM buffer. When document updates + exceed this amout, pending updates are flushed. Default value: + `100`. + +`opscode_solr4['url']` + +: **Setting EOL in Chef Infra Server 14.** + + Default value: `'http://localhost:8983/solr'`. + +`opscode_solr4['vip']` + +: **Setting EOL in Chef Infra Server 14.** + + The virtual IP address. Default value: `127.0.0.1`. + +### OpenSearch + +You can configure external OpenSearch starting in Chef Infra Server 14.14. + +The `chef-server.rb` file has the following settings for OpenSearch: + +`opensearch['enable']` + +: Enable the service. + + Default value: `true`. + +`opensearch['dir']` + +: The working directory. The default value is the recommended value. + + Default value: `/var/opt/opscode/opensearch` + +`opensearch['data_dir']` + +: The paths used to store data. + + Default value: `/var/opt/opscode/elasticsearch/data` + +`opensearch['enable_gc_log']` + +: Enable or disable GC logging. + + Default value: `false` + +`opensearch['heap_size']` + +: The amount of memory (in MBs) available to OpenSearch. If there is not enough memory available, search queries made by nodes to OpenSearch may fail. The amount of memory that must be available also depends on the number of nodes in the organization, the frequency of search queries, and other characteristics that are unique to each organization. In general, as the number of nodes increases, so does the amount of memory. The default value should work for many organizations with fewer than 25 nodes. For an organization with several hundred nodes, the amount of memory that is required often exceeds 3GB. + + Default value is 25% of the system memory or 1024 MB, whichever is greater. + + {{< note >}} + + If `heap_size` is also specified directly in `java_opts`, it will be ignored in favor of the chef-server.rb values or the defaults as calculated here. Only use chef-server.rb to set `heap_size`. It will raise an error if the system memory is less than 4 GB. This value is bounded between 1 GB - 28 GB. + + {{< /note >}} + +`opensearch['initial_cluster_join_timeout']` + +: Default value: `90` + +`opensearch['jvm_opts']` + +: Default values are set based on [JVM configuration options](https://github.com/elastic/elasticsearch/blob/6.8/distribution/src/config/jvm.options). + + {{< note >}} + + Each item in this list will be placed as is into the `java_opts` config file. Entries are set in chef-server.rb as: + + ```ruby + opensearch.jvm_opts = [ + "-xoption1", + "-xoption2", + ... + "optionN" + ] + ``` + + {{< /note >}} + +`opensearch['listen']` + +: The IP address for the machine on which Apache Solr is running. + + Default value: `127.0.0.1` + +`opensearch['log_directory']` + +: The directory in which log data is stored. The default value is the recommended value. + + Default value: `/var/log/opscode/opensearch` + +`opensearch['log_rotation']['file_maxbytes']` + +: The log rotation policy for this service. Log files are rotated when they exceed `file_maxbytes`. + + Default value: `104857600`. + +`opensearch['log_rotation']['num_to_keep']` + +: The log rotation policy for this service. `num_to_keep` specifies the maximum number of log files in the rotation. + + Default value: `10`. + +`opensearch['new_size']` + +: Defaults to the larger of 1/16th of the `heap_size` or 32 MB. + + {{< note >}} + + If `new_size` is also specified directly in `java_opts`, it will be ignored in favor of the chef-server.rb values or the defaults calculated here. Only use chef-server.rb to set `new_size`. + + {{< /note >}} + +`opensearch['plugins_directory']` + +: The default location of the plugins directory depends on which package you install. + + Default value: `/var/opt/opscode/opensearch/plugins` + +`opensearch['port']` + +: The port on which the service is listening. + + Default value: `9200` + +`opensearch['scripts_directory']` + +: The default location of the scripts directory depends on which package you install. + + Default value: `/var/opt/opscode/opensearch/scripts` + +`opensearch['temp_directory']` + +: By default, OpenSearch uses a private temporary directory that the startup script creates immediately below the system temporary directory. + + Default value: `/var/opt/opscode/opensearch/tmp` + + +`opensearch['vip']` + +: The virtual IP address for the machine on which Apache Solr is running. + + Default value: `127.0.0.1` + +### External OpenSearch + +`opensearch['external']` + +: Enable external `opensearch` service by setting to `true`. + + Default value: `false`. + +`opensearch['external_url']` + +: The external OpenSearch URL. Example: `http://127.0.0.1:9200`. + + Default value: `nil` + +{{< note >}} +Chef Infra Server supports OpenSearch only as an external indexing provider. You must provide values for `external` and `external_url` under this configuration. +{{< /note >}} + +### Elasticsearch + +This configuration file has the following settings for `elasticsearch`: + +`elasticsearch['enable']` + +: Enable a service. + + Default value: `true`. + +`elasticsearch['dir']` + +: The working directory. The default value is the recommended value. + + Default value: `/var/opt/opscode/elasticsearch` + +`elasticsearch['data_dir']` + +: The paths used to store data. + + Default value: `/var/opt/opscode/elasticsearch/data` + +`elasticsearch['plugins_directory']` + +: The default location of the plugins directory depends on which package you install. + + Default value: `/var/opt/opscode/elasticsearch/plugins` + +`elasticsearch['scripts_directory']` + +: The default location of the scripts directory depends on which package you install. + + Default value: `/var/opt/opscode/elasticsearch/scripts` + +`elasticsearch['temp_directory']` + +: By default, Elasticsearch uses a private temporary directory that the startup script creates immediately below the system temporary directory. + + Default value: `/var/opt/opscode/elasticsearch/tmp` + +`elasticsearch['log_directory']` + +: The directory in which log data is stored. The default value is the recommended value. + + Default value: `/var/log/opscode/elasticsearch` + +`elasticsearch['log_rotation']['file_maxbytes']` + +: The log rotation policy for this service. Log files are rotated when they exceed file_maxbytes. + + Default value for 'file_maxbytes': `104857600` + +`elasticsearch['log_rotation']['num_to_keep']` + +: The log rotation policy for this service. The maximum number of log files in the rotation is defined by num_to_keep. Default value for 'num_to_keep': => `10` + +`elasticsearch['vip']` + +: The virtual IP address for the machine on which Apache Solr is running. + + Default value: `127.0.0.1` + +`elasticsearch['listen']` + +: The IP address for the machine on which Apache Solr is running. + + Default value: `127.0.0.1` + +`elasticsearch['port']` + +: The port on which the service is to listen. + + Default value: `9200` + +`elasticsearch['enable_gc_log']` + +: Enable or disable GC logging. + + Default value: `false` + +`elasticsearch['initial_cluster_join_timeout']` + +: Default value: `90` + +`elasticsearch['jvm_opts']` + +: Default values are set based on [JVM configuration options](https://github.com/elastic/elasticsearch/blob/6.8/distribution/src/config/jvm.options). + +{{< note >}} + +Each item in this list will be placed as is into the java_opts config file. Entries are set in chef-server.rb as: + +```ruby + elasticsearch.jvm_opts = [ + "-xoption1", + "-xoption2", + ... + "optionN" + ] +``` + +{{< /note >}} + +`elasticsearch['heap_size']` + +: The amount of memory (in MBs) available to Elasticsearch. If there is not enough memory available, search queries made by nodes to Elasticsearch may fail. The amount of memory that must be available also depends on the number of nodes in the organization, the frequency of search queries, and other characteristics that are unique to each organization. In general, as the number of nodes increases, so does the amount of memory. The default value should work for many organizations with fewer than 25 nodes. For an organization with several hundred nodes, the amount of memory that is required often exceeds 3GB. + + Default value is is equivalent to 25% of the system memory or 1024 MB, whichever is greater. + +{{< note >}} + +If new_size or heap_size is also specified directly in java_opts, it will be ignored in favor of the chef-server.rb values or the defaults as calculated here. Only use chef-server.rb to set heap and new sizes. Learn more about [Elasticsearch heap-size](https://www.elastic.co/guide/en/elasticsearch/reference/current/heap-size.html). It will error out if the system memory is less than 4 GB. This value is bounded between 1 GB - 28 GB. + +{{< /note >}} + +`elasticsearch['new_size']` + +: Defaults to the larger of 1/16th the heap_size and 32 MB. + +{{< note >}} + +If new_size or heap_size is also specified directly in java_opts, it will be ignored in favor of the chef-server.rb values or the defaults as calculated here. Only use chef-server.rb to set heap and new sizes. Learn more about [Elasticsearch heap-size documentation](https://www.elastic.co/guide/en/elasticsearch/reference/current/heap-size.html). + +{{< /note >}} + +### postgresql + +{{< readfile file="content/server/reusable/md/server_services_postgresql.md" >}} + +This configuration file has the following settings for `postgresql`: + +`postgresql['checkpoint_completion_target']` + +: A completion percentage that is used to determine how quickly a + checkpoint should finish in relation to the completion status of the + next checkpoint. For example, if the value is `0.5`, then a + checkpoint attempts to finish before 50% of the next checkpoint is + done. + + Default value: `0.5`. + +`postgresql['checkpoint_segments']` + +: The maximum amount (in megabytes) between checkpoints in log file + segments. + + Default value: `3`. + +`postgresql['checkpoint_timeout']` + +: The amount of time (in minutes) between checkpoints. + + Default value: `5min`. + +`postgresql['checkpoint_warning']` + +: The frequency (in seconds) at which messages are sent to the server + log files if checkpoint segments are being filled faster than their + currently configured values. + + Default value: `30s`. + +`postgresql['data_dir']` + +: The directory in which on-disk data is stored. The default value is + the recommended value. + + Default value: `/var/opt/opscode/postgresql/#{node['private_chef']['postgresql']['version']}/data`. + +`postgresql['db_connection_superuser']` + +: The PostgreSQL superuser name in `'username@hostname'` format (e.g. + `'opscode_pgsql@my_postgresql.postgres.database.azure.com'`), where + `username` would normally equal the value of + `postgresql['db_superuser']` with any dashes replaced by + underscores. This setting is **required** in an external Azure + PostgreSQL database-as-a-service configuration. If set to `nil`, + Chef Infra Server assumes that the database is not on Azure and the + PostgreSQL connection will be made using the value specified in + `postgresql['db_superuser']`. + + Default value: `nil`. + +`postgresql['db_superuser']` + +: Default value: `opscode-pgsql`. If `username` is set, set + `db_superuser` to the same value. + +`postgresql['db_superuser_password']` + +: Password for the DB superuser. + + Default value: **generated**. + + To override the default value, use the [Secrets + Management]({{< relref "/server/ctl_chef_server#secrets-management" >}}) + command: `chef-server-ctl set-db-superuser-password`. + +`postgresql['dir']` + +: The working directory. The default value is the recommended value. + + Default value: `/var/opt/opscode/postgresql/#{node['private_chef']['postgresql']['version']}`. + +`postgresql['effective_cache_size']` + +: The size of the disk cache that is used for data files. + + Default value: 50% of available RAM. + +`postgresql['enable']` + +: Enable a service. + + Default value: `true`. + +`postgresql['home']` + +: The home directory for PostgreSQL. + + Default value: `/var/opt/opscode/postgresql`. + +`postgresql['keepalives_count']` + +: The maximum number of keepalive proves that should be sent before + dropping a connection. + + Default value: `2`. + +`postgresql['keepalives_idle']` + +: The amount of time (in seconds) a connection must remain idle before + keepalive probes will resume. + + Default value: `60`. + +`postgresql['keepalives_interval']` + +: The amount of time (in seconds) between probes. + + Default value: `15`. + +`postgresql['listen_address']` + +: The connection source to which PostgreSQL is to respond. + + Default value: `localhost`. + +`postgresql['log_directory']` + +: The directory in which log data is stored. The default value is the + recommended value. + + Default value: `/var/log/opscode/postgresql/#{node['private_chef']['postgresql']['version']}`. + +`postgresql['log_min_duration_statement']` + +: When to log a slow PostgreSQL query statement. + + Possible values: + + - `-1` (disabled, do not log any statements) + - `0` (log every statement) + - an integer greater than zero + + If set to an integer greater than zero, + this value is the amount of time (in milliseconds) that a query + statement must have run before it is logged. + + Default value: `-1`. + +`postgresql['log_rotation']` + +: The log rotation policy for this service. Log files are rotated when + they exceed `file_maxbytes`. The maximum number of log files in the + rotation is defined by `num_to_keep`. + + Default value: `{ 'file_maxbytes' => 104857600, 'num_to_keep' => 10 }` + +`postgresql['max_connections']` + +: The maximum number of allowed concurrent connections. + + Default value: `350`. + +`postgresql['md5_auth_cidr_addresses']` + +: Use instead of `trust_auth_cidr_addresses` to encrypt passwords + using MD5 hashes. + + Default value: `[ '127.0.0.1/32', '::1/128' ]`. + +`postgresql['port']` + +: The port on which the service is to listen. + + Default value: `5432`. + +`postgresql['shared_buffers']` + +: The amount of memory that is dedicated to PostgreSQL for data + caching. + + Default value: `#{(node['memory']['total'].to_i / 4) / (1024)}MB`. + +`postgresql['shell']` + +: Default value: `/bin/sh`. + +`postgresql['shmall']` + +: The total amount of available shared memory. + + Default value: `4194304`. + +`postgresql['shmmax']` + +: The maximum amount of shared memory. + + Default value: `17179869184`. + +`postgresql['sslmode']` + +: SSL encryption mode between the Chef Infra Server and PostgreSQL. + + Possible values: + + - `'disable'` + - `'require'` + + Default value: `'disable'`. + +`postgresql['trust_auth_cidr_addresses']` + +: Use for clear-text passwords. See `md5_auth_cidr_addresses`. + + Default value: `'127.0.0.1/32', '::1/128'`. + +`postgresql['pg_upgrade_timeout']` + +: The timeout value (in seconds) for PostgreSQL upgrade. + + Default value: `7200`. + +`postgresql['user_path']` + +: Default value: `/opt/opscode/embedded/bin:/opt/opscode/bin:$PATH`. + +`postgresql['username']` + +: The PostgreSQL account user name. + If setting this value, you must set `db_superuser` to the same value. + + Default value: `opscode-pgsql`. + +`postgresql['version']` + +: The (currently) hardcoded version of PostgreSQL. + + Default value: `'9.2'`. + +`postgresql['vip']` + +: The virtual IP address. + + Default value: `127.0.0.1`. + +`postgresql['work_mem']` + +: The size (in megabytes) of allowed in-memory sorting. + + Default value: `8MB`. + +### rabbitmq + +The **rabbitmq** service is used to provide the message queue that is +used by the Chef Infra Server to get search data to Apache Solr so that +it can be indexed for search. + +{{< note >}} + +rabbitmq settings are EOL in Chef Infra Server 14. + +{{< /note >}} + +This configuration file has the following settings for `rabbitmq`: + +`rabbitmq['actions_exchange']` + +: The name of the exchange to which Chef actions publishes actions + data. Default value: `'actions'`. + +`rabbitmq['actions_password']` + +: Legacy configuration setting for the password of the `actions_user`. + Default value: **generated**. + + To override the default value, use the [Secrets + Management]({{< relref "/server/ctl_chef_server#secrets-management" >}}) + command: `chef-server-ctl set-actions-password`. + +`rabbitmq['actions_user']` + +: The user with permission to publish actions data. Default value: + `'actions'`. + +`rabbitmq['actions_vhost']` + +: The virtual host to which Chef actions publishes actions data. + Default value: `'/analytics'`. + +`rabbitmq['analytics_max_length']` + +: The maximum number of messages that can be queued before RabbitMQ + automatically drops messages from the front of the queue to make + room for new messages. Default value: `10000`. + +`rabbitmq['consumer_id']` + +: The identity of the consumer to which messages are published. + Default value: `'hotsauce'`. + +`rabbitmq['data_dir']` + +: The directory in which on-disk data is stored. The default value is + the recommended value. Default value: + `'/var/opt/opscode/rabbitmq/db'`. + +`rabbitmq['dir']` + +: The working directory. The default value is the recommended value. + Default value: `'/var/opt/opscode/rabbitmq'`. + +`rabbitmq['drop_on_full_capacity']` + +: Specify if messages will stop being sent to the RabbitMQ queue when + it is at capacity. Default value: `true`. + +`rabbitmq['enable']` + +: Enable a service. Default value: `true`. + +`rabbitmq['log_directory']` + +: The directory in which log data is stored. The default value is the + recommended value. Default value: `'/var/log/opscode/rabbitmq'`. + +`rabbitmq['log_rotation']` + +: The log rotation policy for this service. Log files are rotated when + they exceed `file_maxbytes`. The maximum number of log files in the + rotation is defined by `num_to_keep`. Default value: + + ```ruby + { 'file_maxbytes' => 104857600, 'num_to_keep' => 10 } + ``` + +`rabbitmq['management_enabled']` + +: Specify if the rabbitmq-management plugin is enabled. Default value: + `true`. + +`rabbitmq['management_password']` + +: Legacy configuration setting for rabbitmq-management plugin + password. Default value: **generated**. + + To override the default value, use the [Secrets + Management]({{< relref "/server/ctl_chef_server#secrets-management" >}}) + command: `chef-server-ctl set-secret rabbitmq management_password`. + +`rabbitmq['management_port']` + +: The rabbitmq-management plugin port. Default value: `15672`. + +`rabbitmq['management_user']` + +: The rabbitmq-management plugin user. Default value: `'rabbitmgmt'`. + +`rabbitmq['node_ip_address']` + +: The bind IP address for RabbitMQ. Default value: `'127.0.0.1'`. + +`rabbitmq['node_port']` + +: The port on which the service is to listen. Default value: `'5672'`. + +`rabbitmq['nodename']` + +: The unique identifier of the node. Default value: `'rabbit@localhost'`. + +`rabbitmq['password']` + +: Legacy configuration setting for the password for the RabbitMQ user. + Default value: **generated**. + + To override the default value, use the [Secrets + Management]({{< relref "/server/ctl_chef_server#secrets-management" >}}) + command: `chef-server-ctl set-secret rabbitmq password`. + +`rabbitmq['prevent_erchef_startup_on_full_capacity']` + +: Specify if the Chef Infra Server will start when the monitored + RabbitMQ queue is full. Default value: `false`. + +`rabbitmq['queue_at_capacity_affects_overall_status']` + +: Specify if the `_status` endpoint in the Chef Infra Server API will + fail if the monitored queue is at capacity. Default value: `false`. + +`rabbitmq['queue_length_monitor_enabled']` + +: Specify if the queue length monitor is enabled. Default value: + `true`. + +`rabbitmq['queue_length_monitor_millis']` + +: The frequency (in milliseconds) at which the length of the RabbitMQ + queue is checked. Default value: `30000`. + +`rabbitmq['queue_length_monitor_timeout_millis']` + +: The timeout (in milliseconds) at which calls to the queue length + monitor will stop if the Chef Infra Server is overloaded. Default + value: `5000`. + +`rabbitmq['queue_length_monitor_queue']` + +: The RabbitMQ queue that is observed by queue length monitor. Default + value: `'alaska'`. + +`rabbitmq['queue_length_monitor_vhost']` + +: The virtual host for the RabbitMQ queue that is observed by queue + length monitor. Default value: `'/analytics'`. + +`rabbitmq['rabbit_mgmt_http_cull_interval']` + +: The maximum cull interval (in seconds) for the HTTP connection pool + that is used by the rabbitmq-management plugin. Default value: `60`. + +`rabbitmq['rabbit_mgmt_http_init_count']` + +: The initial worker count for the HTTP connection pool that is used + by the rabbitmq-management plugin. Default value: `25`. + +`rabbitmq['rabbit_mgmt_http_max_age']` + +: The maximum connection worker age (in seconds) for the HTTP + connection pool that is used by the rabbitmq-management plugin. + Default value: `70`. + +`rabbitmq['rabbit_mgmt_http_max_connection_duration']` + +: The maximum connection duration (in seconds) for the HTTP connection + pool that is used by the rabbitmq-management plugin. Default value: + `70`. + +`rabbitmq['rabbit_mgmt_http_max_count']` + +: The maximum worker count for the HTTP connection pool that is used + by the rabbitmq-management plugin. Default value: `100`. + +`rabbitmq['rabbit_mgmt_ibrowse_options']` + +: An array of comma-separated key-value pairs of ibrowse options for + the HTTP connection pool that is used by the rabbitmq-management + plugin. Default value: `'{connect_timeout, 10000}'`. + +`rabbitmq['rabbit_mgmt_timeout']` + +: The timeout for the HTTP connection pool that is used by the + rabbitmq-management plugin. Default value: `30000`. + +`rabbitmq['reindexer_vhost']` + +: Default value: `'/reindexer'`. + +`rabbitmq['ssl_versions']` + +: The SSL versions used by the rabbitmq-management plugin. (See + [RabbitMQ TLS support](https://www.rabbitmq.com/ssl.html) for more + information.) Default value: `['tlsv1.2', 'tlsv1.1']`. + +`rabbitmq['user']` + +: Default value: `'chef'`. + +`rabbitmq['vhost']` + +: Default value: `'/chef'`. + +`rabbitmq['vip']` + +: The virtual IP address. Default value: `'127.0.0.1'`. + +### redis_lb + +{{< readfile file="content/server/reusable/md/server_services_redis.md" >}} + +This configuration file has the following settings for `redis_lb`: + +`redis_lb['activerehashing']` + +: Enable active rehashing. + + Default value: `'no'`. + +`redis_lb['aof_rewrite_min_size']` + +: The minimum size of the append-only file. Only files larger than + this value are rewritten. + + Default value: `'16mb'`. + +`redis_lb['aof_rewrite_percent']` + +: The size of the current append-only file, as compared to the base + size. The append-only file is rewritten when the current file + exceeds the base size by this value. + + Default value: `'50'`. + +`redis_lb['appendfsync']` + +: The frequency at which the operating system writes data on-disk, + instead of waiting for more data. + + Possible values: + + - `no` (don't fsync, let operating system flush data) + - `always` (fsync after every write to the append-only log file) + - `everysec` (fsync only once time per second) + + Default value: `'always'`. + +`redis_lb['appendonly']` + +: Dump data asynchronously on-disk or to an append-only log file. Set + to `yes` to dump data to an append-only log file. + + Default value: `'no'`. + +`redis_lb['bind']` + +: Bind Redis to the specified IP address. + + Default value: `'127.0.0.1'`. + +`redis_lb['data_dir']` + +: The directory in which on-disk data is stored. The default value is + the recommended value. + + Default value: `'/var/opt/opscode/redis_lb/data'`. + +`redis_lb['databases']` + +: The number of databases. + + Default value: `'16'`. + +`redis_lb['dir']` + +: The working directory. The default value is the recommended value. + + Default value: `'/var/opt/opscode/redis_lb'`. + +`redis_lb['enable']` + +: Enable a service. + + Default value: `true`. + +`redis_lb['ha']` + +: Run the Chef Infra Server in a high availability topology. When + `topology` is set to `ha`, this setting defaults to `true`. + + Default value: `false`. + +`redis_lb['keepalive']` + +: The amount of time (in seconds) to wait for requests on a + connection. + + Default value: `'60'`. + +`redis_lb['log_directory']` + +: The directory in which log data is stored. The default value is the + recommended value. + + Default value: `'/var/log/opscode/redis_lb'`. + +`redis_lb['log_rotation']` + +: The log rotation policy for this service. Log files are rotated when + they exceed `file_maxbytes`. The maximum number of log files in the + rotation is defined by `num_to_keep`. + + Default value: `{ 'file_maxbytes' => 104857600, 'num_to_keep' => 10 }` + +`redis_lb['loglevel']` + +: The level of logging to be stored in a log file. + + Possible values: + + - `debug` + - `notice` + - `verbose` + - `warning`. + + Default value: `'notice'`. + +`redis_lb['maxmemory']` + +: The maximum amount of memory (in bytes). + + Default value: `'8m'`. + +`redis_lb['maxmemory_policy']` + +: The policy applied when the maximum amount of memory is reached. + + Possible values: + + - `allkeys-lru` (remove keys, starting with those used least frequently) + - `allkeys-random` (remove keys randomly) + - `noeviction` (don't expire, return an error on write operation) + - `volatile-lru` (remove expired keys, starting with those used least frequently) + - `volatile-random` (remove expired keys randomly) + - `volatile-ttl` (remove keys, starting with nearest expired time) + + Default value: `'noeviction'`. + +`redis_lb['port']` + +: The port on which the service is to listen. + + Default value: `'16379'`. + +`redis_lb['save_frequency']` + +: Set the save frequency in the following pattern: + `{ "seconds" => "keys", "seconds" => "keys", "seconds" => "keys" }`. + + Default value: `{ '900' => '1', '300' => '10', '60' => '1000' }` + + The default value saves the database every 15 minutes if at least one key + changes, every 5 minutes if at least 10 keys change, and every 60 + seconds if 10000 keys change. + +`redis_lb['timeout']` + +: The amount of time (in seconds) a client may be idle before timeout. + + Default value: `'300'`. + +`redis_lb['vip']` + +: The virtual IP address. + + Default value: `'127.0.0.1'`. + +`redis_lb['password']` + +: Legacy configuration setting for the Redis password. + + Default value: **generated**. + + To override the default value, use the [Secrets + Management]({{< relref "/server/ctl_chef_server#secrets-management" >}}) + command: `chef-server-ctl set-secret redis_lb password`. + +### upgrades + +This configuration file has the following settings for `upgrades`: + +`upgrades['dir']` + +: The working directory. The default value is the recommended value. + + Default value: `'/var/opt/opscode/upgrades'`. + +### user + +This configuration file has the following settings for `user`: + +`user['home']` + +: The home directory for the user under which Chef Infra Server + services run. + + Default value: `/opt/opscode/embedded`. + +`user['shell']` + +: The shell for the user under which Chef Infra Server services run. + + Default value: `/bin/sh`. + +`user['username']` + +: The user name under which Chef Infra Server services run. + + Default value: `opscode`. + +### required_recipe + +`required_recipe` is a feature that allows an administrator to specify a +recipe that will be run by all Chef Infra Clients that connect to it, +regardless of the node's run list. This feature is targeted at expert +level practitioners who are delivering isolated configuration changes to +the target systems, such as self-contained agent software. Further +explanation of the feature can be found in +[Chef Infra Client Development Docs](https://github.com/chef/chef/blob/main/docs/dev/design_documents/server_enforced_recipes.md). + +This configuration file has the following settings for +`required_recipe`: + +`required_recipe["enable"]` + +: Whether the feature is enabled. + + Default value: `false`. + +`required_recipe["path"]` + +: The location of the recipe to serve. The file must be owned by the + root user and group, and may not be group or world-writeable. + + Default value: `nil`. diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/config_ocid_application_hash_supermarket.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/config_ocid_application_hash_supermarket.md index a2a84b3429..6c90a4547a 100644 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/config_ocid_application_hash_supermarket.md +++ b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/config_ocid_application_hash_supermarket.md @@ -1,5 +1,4 @@ -To define OAuth 2 information for Chef Supermarket, create a Hash -similar to: +To define OAuth 2 information for Chef Supermarket, create a Hash similar to: ```ruby oc_id['applications'] ||= {} diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/config_rb_server_summary.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/config_rb_server_summary.md index 32715754fe..019229038a 100644 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/config_rb_server_summary.md +++ b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/config_rb_server_summary.md @@ -5,4 +5,4 @@ only be added to the `chef-server.rb` file to apply non-default values. These configuration settings are processed when the `chef-server-ctl reconfigure` command is run. The `chef-server.rb` file is a Ruby file, which means that conditional statements can be used -within it. \ No newline at end of file +within it. diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/notes_config_rb_server_must_reconfigure.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/notes_config_rb_server_must_reconfigure.md index b3cae5ddf9..64fd4057d3 100644 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/notes_config_rb_server_must_reconfigure.md +++ b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/notes_config_rb_server_must_reconfigure.md @@ -1,5 +1,4 @@ -When changes are made to the chef-server.rb file the Chef Infra Server -must be reconfigured by running the following command: +When changes are made to the chef-server.rb file the Chef Infra Server must be reconfigured by running the following command: ```bash chef-server-ctl reconfigure diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/notes_server_aws_cookbook_storage.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/notes_server_aws_cookbook_storage.md similarity index 100% rename from _vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/notes_server_aws_cookbook_storage.md rename to _vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/notes_server_aws_cookbook_storage.md diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_rbac_permissions_object.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_rbac_permissions_object.md index 2146929d5a..df3cadc7b8 100644 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_rbac_permissions_object.md +++ b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_rbac_permissions_object.md @@ -1,34 +1,8 @@ The Chef Infra Server includes the following object permissions: - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
PermissionDescription
DeleteUse the Delete permission to define which users and groups may delete an object. This permission is required for any user who uses the knife [object] delete [object_name] argument to interact with objects on the Chef Infra Server.
GrantUse the Grant permission to define which users and groups may configure permissions on an object. This permission is required for any user who configures permissions using the Administration tab in the Chef management console.
ReadUse the Read permission to define which users and groups may view the details of an object. This permission is required for any user who uses the knife [object] show [object_name] argument to interact with objects on the Chef Infra Server.
UpdateUse the Update permission to define which users and groups may edit the details of an object. This permission is required for any user who uses the knife [object] edit [object_name] argument to interact with objects on the Chef Infra Server and for any Chef Infra Client to save node data to the Chef Infra Server at the conclusion of a Chef Infra Client run.
- -{{/* moved to chef-server repo */}} +| Permission | Description | +| --- | --- | +| **Delete** | Use the **Delete** permission to define which users and groups may delete an object. This permission is required for any user who uses the `knife [object] delete [object_name]` argument to interact with objects on the Chef Infra Server. | +| **Grant** | Use the **Grant** permission to define which users and groups may configure permissions on an object. This permission is required for any user who configures permissions using the **Administration** tab in the Chef management console. | +| **Read** | Use the **Read** permission to define which users and groups may view the details of an object. This permission is required for any user who uses the `knife [object] show [object_name]` argument to interact with objects on the Chef Infra Server. | +| **Update** | Use the **Update** permission to define which users and groups may edit the details of an object. This permission is required for any user who uses the `knife [object] edit [object_name]` argument to interact with objects on the Chef Infra Server and for any Chef Infra Client to save node data to the Chef Infra Server at the conclusion of a Chef Infra Client run. | diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_services_bifrost.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_services_bifrost.md index 8e3f7a533f..4ba0e07281 100644 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_services_bifrost.md +++ b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_services_bifrost.md @@ -1,2 +1,2 @@ The **oc_bifrost** service ensures that every request to view or manage -objects stored on the Chef Infra Server is authorized. \ No newline at end of file +objects stored on the Chef Infra Server is authorized. diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_services_bookshelf.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_services_bookshelf.md index 8e2c037f67..e1cd6c0881 100644 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_services_bookshelf.md +++ b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_services_bookshelf.md @@ -1,4 +1,4 @@ The **bookshelf** service is an Amazon Simple Storage Service (S3)-compatible service that is used to store cookbooks, including all of the files---recipes, templates, and so on---that are associated with -each cookbook. \ No newline at end of file +each cookbook. diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_services_erchef.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_services_erchef.md index 2ca525cec3..d277fe53e8 100644 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_services_erchef.md +++ b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_services_erchef.md @@ -8,4 +8,4 @@ the Chef Infra Server: - Nodes - Roles - Sandboxes -- Search \ No newline at end of file +- Search diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_services_expander.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_services_expander.md similarity index 100% rename from _vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_services_expander.md rename to _vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_services_expander.md diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_services_oc_id.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_services_oc_id.md index eb2f69fa7f..4082e755ef 100644 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_services_oc_id.md +++ b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_services_oc_id.md @@ -3,4 +3,4 @@ Server by external applications, including Chef Supermarket. OAuth 2.0 uses token-based authentication, where external applications use tokens that are issued by the **oc-id** provider. No special credentials---`webui_priv.pem` or privileged keys---are stored on the -external application. \ No newline at end of file +external application. diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_services_postgresql.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_services_postgresql.md index 027de67cca..e8611bd0e8 100644 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_services_postgresql.md +++ b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_services_postgresql.md @@ -1 +1 @@ -The **postgresql** service is used to store node, object, and user data. \ No newline at end of file +The **postgresql** service is used to store node, object, and user data. diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_services_redis.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_services_redis.md index 4fdcb48d9c..c9634cfd88 100644 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_services_redis.md +++ b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_services_redis.md @@ -1,2 +1,2 @@ Key-value store used in conjunction with Nginx to route requests and -populate request data used by the Chef Infra Server. \ No newline at end of file +populate request data used by the Chef Infra Server. diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_services_solr4.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_services_solr4.md similarity index 100% rename from _vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_services_solr4.md rename to _vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_services_solr4.md diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_tuning_expander.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_tuning_expander.md similarity index 91% rename from _vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_tuning_expander.md rename to _vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_tuning_expander.md index 76ed8e88e1..09693df59c 100644 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_tuning_expander.md +++ b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_tuning_expander.md @@ -9,4 +9,6 @@ tuning effort for the **opscode-expander** service: Infra Server. Additional memory may be required by these worker processes depending on the frequency and volume of Chef Infra Client runs across the organization, but only if the back-end machines have - available CPU and RAM. Default value: `2`. \ No newline at end of file + available CPU and RAM. + + Default value: `2`. diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_tuning_nginx.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_tuning_nginx.md index a59d98574c..0f8a64a6ea 100644 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_tuning_nginx.md +++ b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_tuning_nginx.md @@ -1,16 +1,39 @@ The following settings are often modified from the default as part of the tuning effort for the **nginx** service and to configure the Chef -Infra Server to use SSL certificates: +Infra Server to use SSL certificates. + +{{< note >}} + +See for more +information about the values used with the `nginx['ssl_ciphers']` and +`nginx['ssl_protocols']` settings. + +{{< /note >}} + +After copying SSL certificate files to the Chef Infra Server, +update the `nginx['ssl_certificate']` and `nginx['ssl_certificate_key']` +settings to specify the paths to those files, and then (optionally) update the `nginx['ssl_ciphers']` and +`nginx['ssl_protocols']` settings to reflect the desired level of +hardness for the Chef Infra Server. For example: + +```ruby +nginx['ssl_certificate'] = '/etc/pki/tls/private/name.of.pem' +nginx['ssl_certificate_key'] = '/etc/pki/tls/private/name.of.key' +nginx['ssl_ciphers'] = 'HIGH:MEDIUM:!LOW:!kEDH:!aNULL:!ADH:!eNULL:!EXP:!SSLv2:!SEED:!CAMELLIA:!PSK' +nginx['ssl_protocols'] = 'TLSv1.2' +``` `nginx['ssl_certificate']` -: The SSL certificate used to verify communication over HTTPS. Default - value: `nil`. +: The SSL certificate used to verify communication over HTTPS. + + Default value: `nil`. `nginx['ssl_certificate_key']` -: The certificate key used for SSL communication. Default value: - `nil`. +: The certificate key used for SSL communication. + + Default value: `nil`. `nginx['ssl_ciphers']` @@ -27,32 +50,11 @@ Infra Server to use SSL certificates: `nginx['ssl_protocols']` -: The SSL protocol versions that are enabled for the Chef Infra Server API. For enhanced security set this value to `'TLSv1.2'`. TLS 1.2 is supported on - Chef Infra Client 10.16.4 and later on Linux, Unix, and macOS, and on Chef Infra Client 12.8 and later on Windows. If it is necessary to support these - older end-of-life Chef Infra Client releases, set this value to `'TLSv1.1 TLSv1.2'`. For example: +: The SSL protocol versions that are enabled for the Chef Infra Server API. - ```ruby - nginx['ssl_protocols'] = 'TLSv1.2' - ``` - -{{< note >}} - -See for more -information about the values used with the `nginx['ssl_ciphers']` and -`nginx['ssl_protocols']` settings. - -{{< /note >}} - -For example, after copying the SSL certificate files to the Chef Infra -Server, update the `nginx['ssl_certificate']` and -`nginx['ssl_certificate_key']` settings to specify the paths to those -files, and then (optionally) update the `nginx['ssl_ciphers']` and -`nginx['ssl_protocols']` settings to reflect the desired level of -hardness for the Chef Infra Server: - -```ruby -nginx['ssl_certificate'] = '/etc/pki/tls/private/name.of.pem' -nginx['ssl_certificate_key'] = '/etc/pki/tls/private/name.of.key' -nginx['ssl_ciphers'] = 'HIGH:MEDIUM:!LOW:!kEDH:!aNULL:!ADH:!eNULL:!EXP:!SSLv2:!SEED:!CAMELLIA:!PSK' -nginx['ssl_protocols'] = 'TLSv1 TLSv1.1 TLSv1.2' -``` + Starting with **Chef Infra Server 14.3**, this value defaults to `'TLSv1.2'` for + enhanced security. Previous releases defaulted to `'TLSv1 TLSv1.1 TLSv1.2'`, + which allowed for less secure SSL connections. TLS 1.2 is supported on + Chef Infra Client 10.16.4 and later on Linux, Unix, and macOS, and on Chef + Infra Client 12.8 and later on Windows. If it is necessary to support these + older end-of-life Chef Infra Client releases, set this value to `'TLSv1.1 TLSv1.2'`. diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/settings_strict_search_result_acls.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/settings_strict_search_result_acls.md similarity index 79% rename from _vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/settings_strict_search_result_acls.md rename to _vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/settings_strict_search_result_acls.md index 194441f335..eb6de4e9c6 100644 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/settings_strict_search_result_acls.md +++ b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/settings_strict_search_result_acls.md @@ -5,14 +5,11 @@ management console may increase because it enables the Chef management console to skip redundant ACL checks. To ensure the Chef management console is configured properly, after this setting has been applied with a `chef-server-ctl reconfigure` run `chef-manage-ctl reconfigure` to -ensure the Chef management console also picks up the setting. Default -value: `false`. +ensure the Chef management console also picks up the setting. -
+Default value: `false`. -

Warning

- -
+{{< warning >}} When `true`, `opscode_erchef['strict_search_result_acls']` affects all search results and any actor (user, client, etc.) that does not have @@ -21,6 +18,4 @@ this could affect search results returned during a Chef Infra Client runs if a Chef Infra Client does not have permission to read the information. -
- -
+{{< /warning >}} diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/config_rb_server.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/config_rb_server.md deleted file mode 100644 index 3cec8be3df..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/config_rb_server.md +++ /dev/null @@ -1,106 +0,0 @@ -+++ -title = "chef-server.rb Settings" -gh_repo = "chef-server" -+++ - -{{< reusable_text_versioned file="config_rb_server_summary">}} - -## Use Conditions - -{{< reusable_text_versioned file="config_add_condition">}} - -## Recommended Settings - -{{< reusable_text_versioned file="server_tuning_general">}} - -### NGINX SSL Protocols - -{{< reusable_text_versioned file="server_tuning_nginx">}} - -## Optional Settings - -The following settings are often used for performance tuning of the Chef -Infra Server in larger installations. - -{{< note >}} -{{< reusable_text_versioned file="notes_config_rb_server_must_reconfigure">}} -{{< /note >}} - -{{< note >}} - -Review the full list of [optional -settings]({{< relref "/server/config_rb_server_optional_settings" >}}) that can be added to -the chef-server.rb file. Many of these optional settings should not be -added without first consulting with Chef support. - -{{< /note >}} - -### bookshelf - -{{< reusable_text_versioned file="server_tuning_bookshelf">}} - -{{< warning >}} - -{{< reusable_text_versioned file="notes_server_aws_cookbook_storage">}} - -{{< /warning >}} - -### opscode-account - -The following setting is often modified from the default as part of the -tuning effort for the **opscode-account** service: - -`opscode_account['worker_processes']` - -: The number of allowed worker processes. This value should be - increased if requests made to the **opscode-account** service are - timing out, but only if the front-end machines have available CPU - and RAM. Default value: `4`. - -### opscode-erchef - -{{< reusable_text_versioned file="server_tuning_erchef">}} - -#### Data Collector - -The following settings are often modified from the default as part of -the tuning effort for the **data_collector** **opscode-erchef** -application: - -`data_collector['http_max_count']` - -: The maximum worker count for the HTTP connection pool that is used - by the data collector. If failures indicate that **opscode-erchef** - application has run out of HTTP connections for the - **data_collector** then increase this value. Default value: 100. - -### opscode-expander - -{{< reusable_text_versioned file="server_tuning_expander">}} - -### opscode-solr4 - -{{< reusable_text_versioned file="server_tuning_solr">}} - -#### Available Memory - -{{< reusable_text_versioned file="server_tuning_solr_available_memory">}} - -#### Large Node Sizes - -{{< reusable_text_versioned file="server_tuning_solr_large_node_sizes">}} - -#### Update Frequency - -{{< reusable_text_versioned file="server_tuning_solr_update_frequency">}} - -### postgresql - -{{< reusable_text_versioned file="server_tuning_postgresql">}} - -`postgresql['sslmode']` - -: SSL encryption mode between the Chef Infra Server and PostgreSQL. - Valid settings are `'disable'` and `'require'`. Default value: - `'disable'`. diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/config_rb_server_optional_settings.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/config_rb_server_optional_settings.md deleted file mode 100644 index 575ba1f515..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/config_rb_server_optional_settings.md +++ /dev/null @@ -1,2230 +0,0 @@ -+++ -title = "chef-server.rb 13 Optional Settings" -gh_repo = "chef-server" -+++ - -{{< reusable_text_versioned file="config_rb_server_summary" >}} - -## Settings - -The following sections describe the various settings that are available -in the chef-server.rb file. - -{{< note >}} - -{{< reusable_text_versioned file="notes_config_rb_server_must_reconfigure" >}} - -{{< /note >}} - -### General - -This configuration file has the following general settings: - -`addons['install']` - -: Default value: `false`. - -`addons['path']` - -: Default value: `nil`. - -`addons['packages']` - -: Default value: - - ```ruby - %w{chef-manage} - ``` - -`api_version` - -: The version of the Chef Infra Server. Default value: `'12.0.0'`. - -`default_orgname` - -: The `ORG_NAME` part of the `/organizations` endpoint in Chef Infra - Server. - -`fips` - -: Set to `true` to run the server in FIPS compliance mode. Set to - `false` to force the server to run without FIPS compliance mode. - Default: The kernel configuration FIPS value. - -{{< note spaces=4 >}} - -Chef Infra Server versions earlier than 14.5 that are configured with `nginx['enable_non_ssl'] = false` and `fips = true` require `export CSC_LB_URL=https://127.0.0.1` to run the command `chef-server-ctl reindex ` - -{{< /note >}} - -
- -`insecure_addon_compat` - -: Set to `true` to keep Chef Infra Server compatible with older add-on - versions by rendering secrets and credentials to - `/etc/opscode/chef-server-running.json` and other files in - `/etc/opscode/`. When set to `false`, secrets are **only** written - to `/etc/opscode/private-chef-secrets.json` and **not** to any other - files. Default value: `true`. - - See [Add-on - Compatibility]({{< relref "/server/server_security#add-on-compatibility" >}}) for the - minimum add-on versions supporting `insecure_addon_compat false`. - -`install_path` - -: The directory in which the Chef Infra Server is installed. Default - value: `'/opt/opscode'`. - -`from_email` - -: The email address from which invitations to the Chef management - console are sent. Default value: `'"Opscode" '`. - -`license['nodes']` - -: The number of licensed nodes. Default value: `25`. - -`license['upgrade_url']` - -: The URL to visit for more information about how to update the number - of nodes licensed for an organization. Default value: - `'https://www.chef.io/pricing'`. - -`notification_email` - -: The email addressed to which email notifications are sent. Default - value: `'pc-default@chef.io'`. - -`role` - -: The configuration type of the Chef Infra Server. Possible values: - `backend`, `frontend`, or `standalone`. Default value: - `'standalone'`. - -`topology` - -: The topology of the Chef Infra Server. Possible values: `manual`, - `standalone`, and `tier`. Default value: `'standalone'`. - -
- -### bookshelf - -{{< reusable_text_versioned file="server_services_bookshelf" >}} - -{{< note >}} - -{{< reusable_text_versioned file="notes_server_aws_cookbook_storage" >}} - -{{< /note >}} - -This configuration file has the following settings for `bookshelf`: - -`bookshelf['access_key_id']` - -: Deprecated. - Use `chef-server-ctl set-secret bookshelf access_key_id` from the [Secrets Management]({{< relref "/server/ctl_chef_server#secrets-management" >}}) commands. - - The access key identifier. - This may point at an external storage location, such as Amazon EC2. - See [AWS external bookshelf settings]({{< relref "/server#aws-settings" >}}) for - more information on configuring external bookshelf. Default value: - **generated**. - -`bookshelf['data_dir']` - -: The directory in which on-disk data is stored. The default value is - the recommended value. Default value: - `/var/opt/opscode/bookshelf/data`. - -`bookshelf['dir']` - -: The working directory. The default value is the recommended value. - Default value: `/var/opt/opscode/bookshelf`. - -`bookshelf['enable']` - -: Enable a service. Default value: `true`. - -`bookshelf['enable_request_logging']` - -: Use to configure request logging for the bookshelf service. Default - value: `false`. - -`bookshelf['external_url']` - -: The base URL to which the service is to return links to API - resources. Use `:host_header` to ensure the URL is derived from the - host header of the incoming HTTP request. Default value: - `:host_header`. - -`bookshelf['listen']` - -: The IP address on which the service is to listen. Default value: - `127.0.0.1`. - -`bookshelf['log_directory']` - -: The directory in which log data is stored. The default value is the - recommended value. Default value: `/var/log/opscode/bookshelf`. - -`bookshelf['log_rotation']` - -: The log rotation policy for this service. Log files are rotated when - they exceed `file_maxbytes`. The maximum number of log files in the - rotation is defined by `num_to_keep`. Default value: - - ```ruby - { 'file_maxbytes' => 104857600, 'num_to_keep' => 10 } - ``` - -`bookshelf['port']` - -: The port on which the service is to listen. Default value: `4321`. - -`bookshelf['secret_access_key']` - -: Deprecated. - Use `chef-server-ctl set-secret bookshelf secret_access_key` from the [Secrets Management]({{< relref "/server/ctl_chef_server#secrets-management" >}}) commands. - - The secret key. This may point at an external storage location, such - as Amazon EC2. See [AWS external bookshelf - settings]({{< relref "/server#aws-settings" >}}) for - more information on configuring external bookshelf. Default value: - **generated**. - -`bookshelf['storage_type']` - -: Determines where cookbooks are stored. Default value: `:filesystem`. - - In instances that require cookbooks to be stored within a SQL - backend, such as in a high availability setup, you must set - `storage_type` to `:sql`: - - ```ruby - bookshelf['storage_type'] = :sql - ``` - -`bookshelf['stream_download']` - -: Enable stream downloading of cookbooks. This setting (when `true`) - typically results in improved cookbook download performance, - especially with the memory usage of the **bookshelf** service and - the behavior of load balancers and proxies in-between Chef Infra - Client and the Chef Infra Server. Default value: `true`. - -`bookshelf['sql_connection_user']` - -: The PostgreSQL user name in `'username@hostname'` format (e.g. - `'bookshelf@my_postgresql.postgres.database.azure.com'`), where - `username` would normally equal the value of `bookshelf['sql_user']` - (default: `'bookshelf'`). This setting is **required** in an - external Azure PostgreSQL database-as-a-service configuration. If - set to `nil`, Chef Infra Server assumes that the database is not on - Azure and the PostgreSQL connection will be made using the value - specified in `bookshelf['sql_user']`. Default value: `nil`. - -`bookshelf['vip']` - -: The virtual IP address. This may point at an external storage - location, such as Amazon EC2. See [AWS external bookshelf - settings]({{< relref "/server#aws-settings" >}}) for - more information on configuring external bookshelf. Default value: - `127.0.0.1`. - -### bootstrap - -This configuration file has the following settings for `bootstrap`: - -`bootstrap['enable']` - -: Indicates whether an attempt to bootstrap the Chef Infra Server is - made. Generally only enabled on systems that have bootstrap enabled - via a `server` entry. Default value: `true`. - -### compliance forwarding - -The configuration file has the following settings for forwarding -`compliance` requests using the chef server authentication system. - -`profiles['root_url']` - -: If set, any properly signed requests arriving at - `/organizations/ORGNAME/owners/OWNER/compliance` will be forwarded - to this URL. This is expected to be a fully qualified resource, e.g. - `http://compliance.example.org/owners/OWNER/compliance`. - -### dark_launch - -This configuration file has the following settings for `dark_launch`: - -`dark_launch['actions']` - -: Enable Chef actions. Default value: `true`. - -`dark_launch['add_type_and_bag_to_items']` - -: Default value: `true`. - -`dark_launch['new_theme']` - -: Default value: `true`. - -`dark_launch['private-chef']` - -: Default value: `true`. - -`dark_launch['quick_start']` - -: Default value: `false`. - -`dark_launch['reporting']` - -: Enable Reporting, which performs data collection during a Chef Infra - Client run. Default value: `true`. - -`dark_launch['sql_users']` - -: Default value: `true`. - -### data_collector - -This configuration file has the following settings for `data_collector`: - -`data_collector['root_url']` - -: The fully qualified URL to the data collector server API. When - present, it will enable the data collector in **opscode-erchef**. - This also enables Chef Infra Server authenticated forwarding any properly - signed requests arriving at `/organizations/ORGNAME/data-collector` - to this URL with the data collector token appended. This is also - target for requests authenticated and forwarded by the - `/organizations/ORGNAME/data-collector` endpoint. For the forwarding - to work correctly the `data_collector['token']` field must also be - set. For example, if the data collector in Chef Automate is being - used, the URI would look like: - `http://my_automate_server.example.org/data-collector/v0/`. - -`data_collector['proxy']` - -: If set to `true`, Chef Infra Server will proxy all requests sent to - `/data-collector` to the configured Chef Automate - `data_collector['root_url']`. Note that *this route* does not check - the request signature and add the right data_collector token, but - just proxies the Automate endpoint **as-is**. Default value: `nil`. - -`data_collector['token']` - -: Deprecated. Use `chef-server-ctl set-secret data_collector token` from - the [Secrets Management]({{< relref "/server/ctl_chef_server#secrets-management" >}}) - commands. - - Legacy configuration for shared data collector security token. When - configured, the token will be passed as an HTTP header named - `x-data-collector-token` which the server can choose to accept or - reject. - -`data_collector['timeout']` - -: The amount of time (in milliseconds) before a request to the data - collector API times out. Default value: 30000. - -`data_collector['http_init_count']` - -: The initial worker count for the HTTP connection pool that is used - by the data collector. Default value: 25. - -`data_collector['http_max_count']` - -: The maximum worker count for the HTTP connection pool that is used - by the data collector. Default value: 100. - -`data_collector['http_max_age']` - -: The maximum connection worker age (in seconds) for the HTTP - connection pool that is used by the data collector. Default value: - "{70, sec}". - -`data_collector['http_cull_interval']` - -: The maximum cull interval (in minutes) for the HTTP connection pool - that is used by the data collector. Default value: "{1, min}". - -`data_collector['http_max_connection_duration']` - -: The maximum connection duration (in seconds) for the HTTP connection - pool that is used by the data collector. Default value: "{70, sec}". - -`data_collector['ibrowse_options']` - -: An array of comma-separated key-value pairs of ibrowse options for - the HTTP connection pool that is used by the data collector. Default - value: "\[{connect_timeout, - 10000}\]". - -`data_collector['health_check']` - -: A boolean that controls whether the data collector health is - included in the overall health at the `_status` endpoint. When set - to `true`, Chef Infra Server will report that healthy front end Chef - HA cluster members have failed when the data_collector\['root_url'\] cannot be reached. As a result, the load balancer - will remove those members from the load balancer pool. Default - value: true\`. - -### estatsd - -This configuration file has the following settings for `estatsd`: - -`estatsd['dir']` - -: The working directory. The default value is the recommended value. - Default value: `'/var/opt/opscode/estatsd'`. - -`estatsd['enable']` - -: Enable a service. Default value: `true`. - -`estatsd['log_directory']` - -: The directory in which log data is stored. The default value is the - recommended value. Default value: `'/var/log/opscode/estatsd'`. - -`estatsd['port']` - -: The port on which the service is to listen. Default value: `9466`. - -`estatsd['protocol']` - -: Use to send application statistics with StatsD protocol formatting. - Set this value to `statsd` to apply StatsD protocol formatting. - -`estatsd['vip']` - -: The virtual IP address. Default value: `'127.0.0.1'`. - -### jetty - -This configuration file has the following settings for `jetty`: - -`jetty['enable']` - -: Enable a service. Default value: `'false'`. This value should not be - modified. - -`jetty['log_directory']` - -: The directory in which log data is stored. The default value is the - recommended value. Default value: - - ```ruby - '/var/opt/opscode/opscode-solr4/jetty/logs' - ``` - -### lb / lb_internal - -This configuration file has the following settings for `lb`: - -`lb['api_fqdn']` - -: FQDNs must always be in lowercase. Default value: `node['fqdn']`. - -`lb['ban_refresh_interval']` - -: Default value: `600`. - -`lb['bookshelf']` - -: Default value: `127.0.0.1`. - -`lb['cache_cookbook_files']` - -: Default value: `false`. - -`lb['chef_max_version']` - -: The maximum version of Chef Infra Client that is allowed to access - the Chef Infra Server via the Chef Infra Server API. Default value: - `11`. - -`lb['chef_min_version']` - -: The minimum version of Chef Infra Client that is allowed to access - the Chef Infra Server via the Chef Infra Server API. Default value: - `10`. - -`lb['chef_server_webui']` - -: Default value: `127.0.0.1`. - -`lb['debug']` - -: Default value: `false`. - -`lb['enable']` - -: Enable a service. Default value: `true`. - -`lb['erchef']` - -: Default value: `127.0.0.1`. - -`lb['maint_refresh_interval']` - -: Default value: `600`. - -`lb['redis_connection_pool_size']` - -: Default value: `250`. - -`lb['redis_connection_timeout']` - -: The amount of time (in milliseconds) to wait before timing out. - Default value: `1000`. - -`lb['redis_keepalive_timeout']` - -: The amount of time (in milliseconds) to wait before timing out. - Default value: `2000`. - -`lb['upstream']['bookshelf']` - -: The default value is the recommended value. Default value: - `[ '127.0.0.1' ]`. - -`lb['upstream']['oc_bifrost']` - -: The default value is the recommended value. Default value: - `[ '127.0.0.1' ]`. - -`lb['upstream']['opscode_erchef']` - -: The default value is the recommended value. Default value: - `[ '127.0.0.1' ]`. - -`lb['upstream']['opscode_solr4']` - -: The default value is the recommended value. Default value: - `[ '127.0.0.1' ]`. - -`lb['vip']` - -: The virtual IP address. Default value: `127.0.0.1`. - -`lb['web_ui_fqdn']` - -: FQDNs must always be in lowercase. Default value: `node['fqdn']`. - -`lb['xdl_defaults']['503_mode']` - -: The default value is the recommended value. Default value: `false`. - -`lb['xdl_defaults']['couchdb_acls']` - -: The default value is the recommended value. Default value: `true`. - -`lb['xdl_defaults']['couchdb_association_requests']` - -: The default value is the recommended value. Default value: `true`. - -`lb['xdl_defaults']['couchdb_associations']` - -: The default value is the recommended value. Default value: `true`. - -`lb['xdl_defaults']['couchdb_containers']` - -: The default value is the recommended value. Default value: `true`. - -`lb['xdl_defaults']['couchdb_groups']` - -: The default value is the recommended value. Default value: `true`. - -`lb['xdl_defaults']['couchdb_organizations']` - -: The default value is the recommended value. Default value: `true`. - -And for the internal load balancers: - -`lb_internal['account_port']` - -: Default value: `9685`. - -`lb_internal['chef_port']` - -: Default value: `9680`. - -`lb_internal['enable']` - -: Default value: `true`. - -`lb_internal['oc_bifrost_port']` - -: Default value: `9683`. - -`lb_internal['vip']` - -: The virtual IP address. Default value: `'127.0.0.1'`. - -### ldap - -{{< reusable_text_versioned file="config_rb_server_settings_ldap" >}} - -### nginx - -This configuration file has the following settings for `nginx`: - -`nginx['cache_max_size']` - -: The `max_size` parameter used by the Nginx cache manager, which is - part of the `proxy_cache_path` directive. When the size of file - storage exceeds this value, the Nginx cache manager removes the - least recently used data. Default value: `5000m`. - -`nginx['client_max_body_size']` - -: The maximum accepted body size for a client request, as indicated by - the `Content-Length` request header. Default value: `250m`. - -`nginx['dir']` - -: The working directory. The default value is the recommended value. - Default value: `/var/opt/opscode/nginx`. - -`nginx['enable']` - -: Enable a service. Default value: `true`. - -`nginx['enable_ipv6']` - -: Enable Internet Protocol version 6 (IPv6) addresses. Default value: - `false`. - -`nginx['enable_non_ssl']` - -: Allow port 80 redirects to port 443. When this value is set to - `true`, load balancers on the front-end hardware are allowed to do - SSL termination of the WebUI and API. Default value: `false`. - -{{< note spaces=4 >}} -Chef Infra Server versions earlier than 14.5 configured with `nginx['enable_non_ssl'] = false` and `fips = true` require `export CSC_LB_URL=https://127.0.0.1` to run the command `chef-server-ctl reindex ` -{{< /note >}} - -`nginx['enable_stub_status']` - -: Enables the Nginx `stub_status` module. See - `nginx['stub_status']['allow_list']`, - `nginx['stub_status']['listen_host']`, - `nginx['stub_status']['listen_port']`, and - `nginx['stub_status']['location']`. Default value: `true`. - -`nginx['gzip']` - -: Enable gzip compression. Default value: `on`. - -`nginx['gzip_comp_level']` - -: The compression level used with gzip, from least amount of - compression (`1`, fastest) to the most (`2`, slowest). Default - value: `2`. - -`nginx['gzip_http_version']` - -: Enable gzip depending on the version of the HTTP request. Default - value: `1.0`. - -`nginx['gzip_proxied']` - -: The type of compression used based on the request and response. - Default value: `any`. - -`nginx['gzip_types']` - -: Enable compression for the specified MIME-types. Default value: - - ```ruby - [ 'text/plain', - 'text/css', - 'application/x-javascript', - 'text/xml', 'application/xml', - 'application/xml+rss', - 'text/javascript', - 'application/json' - ] - ``` - -`nginx['keepalive_timeout']` - -: The amount of time (in seconds) to wait for requests on a HTTP - keepalive connection. Default value: `65`. - -`nginx['log_directory']` - -: The directory in which log data is stored. The default value is the - recommended value. Default value: `/var/log/opscode/nginx`. - -`nginx['log_rotation']` - -: The log rotation policy for this service. Log files are rotated when - they exceed `file_maxbytes`. The maximum number of log files in the - rotation is defined by `num_to_keep`. Default value: - `{ 'file_maxbytes' => 104857600, 'num_to_keep' => 10 }` - -`nginx['log_x_forwarded_for']` - -: Log \$http_x_forwarded_for ("X-Forwarded-For") instead of - \$remote_addr if `true`. Default value `false`. - -`nginx['non_ssl_port']` - -: The port on which the WebUI and API are bound for non-SSL - connections. Default value: `80`. Use `nginx['enable_non_ssl']` to - enable or disable SSL redirects on this port number. Set to `false` - to disable non-SSL connections. - -`nginx['sendfile']` - -: Copy data between file descriptors when `sendfile()` is used. - Default value: `on`. - -`nginx['server_name']` - -: The FQDN for the server. FQDNs must always be in lowercase. - Default value: `node['fqdn']`. - -`nginx['ssl_certificate']` - -: The SSL certificate used to verify communication over HTTPS. Default - value: `nil`. - -`nginx['ssl_certificate_key']` - -: The certificate key used for SSL communication. Default value: - `nil`. - -`nginx['ssl_ciphers']` - -: The list of supported cipher suites that are used to establish a - secure connection. To favor AES256 with ECDHE forward security, drop - the `RC4-SHA:RC4-MD5:RC4:RSA` prefix. See [this - link](https://www.openssl.org/docs/man1.1.1/man1/ciphers.html) for more - information. For example: - - ```ruby - nginx['ssl_ciphers'] = HIGH: ... :!PSK - ``` - -`nginx['ssl_company_name']` - -: The name of your company. Default value: `YouCorp`. - -`nginx['ssl_country_name']` - -: The country in which your company is located. Default value: `US`. - -`nginx['ssl_email_address']` - -: The default email address for your company. Default value: - `you@example.com`. - -`nginx['ssl_locality_name']` - -: The city in which your company is located. Default value: `Seattle`. - -`nginx['ssl_organizational_unit_name']` - -: The organization or group within your company that is running the - Chef Infra Server. Default value: `Operations`. - -`nginx['ssl_port']` - -: Default value: `443`. - -`nginx['ssl_protocols']` - -: The SSL protocol versions that are enabled. For enhanced security set - this value to `'TLSv1.2'`. TLS 1.2 is supported on Chef Infra Client 10.16.4 - and later on Linux, Unix, and macOS, and on Chef Infra Client 12.8 and later on - Windows. If it is necessary to support these older end-of-life - Chef Infra Client releases, set this value to `'TLSv1.1 TLSv1.2'`. - - ```ruby - nginx['ssl_protocols'] = 'TLSv1.2' - ``` - - Default value: `TLSv1 TLSv1.1 TLSv1.2`. - -`nginx['ssl_state_name']` - -: The state, province, or region in which your company is located. - Default value: `WA`. - -`nginx['strict_host_header']` - -: Whether nginx should only respond to requests where the Host header - matches one of the configured FQDNs. Default value: `false`. - -`nginx['stub_status']['allow_list']` - -: The IP address on which accessing the `stub_status` endpoint is - allowed. Default value: `["127.0.0.1"]`. - -`nginx['stub_status']['listen_host']` - -: The host on which the Nginx `stub_status` module listens. Default - value: `"127.0.0.1"`. - -`nginx['stub_status']['listen_port']` - -: The port on which the Nginx `stub_status` module listens. Default - value: `"9999"`. - -`nginx['stub_status']['location']` - -: The name of the Nginx `stub_status` endpoint used to access data - generated by the Nginx `stub_status` module. Default value: - `"/nginx_status"`. - -`nginx['tcp_nodelay']` - -: Enable the Nagle buffering algorithm. Default value: `on`. - -`nginx['tcp_nopush']` - -: Enable TCP/IP transactions. Default value: `on`. - -`nginx['url']` - -: Default value: `https://#{node['fqdn']}`. - -`nginx['use_implicit_hosts']` - -: Automatically add localhost and any - local IP addresses to the configured FQDNs. Useful in combination - with `nginx['strict_host_header']`. Default value: `true`. - -`nginx['show_welcome_page']` - -: Determines whether or not the default nginx welcome page is shown. - Default value: `true`. - - -`nginx['worker_connections']` - -: The maximum number of simultaneous clients. Use with - `nginx['worker_processes']` to determine the maximum number of - allowed clients. Default value: `10240`. - -`nginx['worker_processes']` - -: The number of allowed worker processes. Use with - `nginx['worker_connections']` to determine the maximum number of - allowed clients. Default value: `node['cpu']['total'].to_i`. - -`nginx['x_forwarded_proto']` - -: The protocol used to connect to the server. Possible values: `http` - and `https`. This is the protocol used to connect to the Chef Infra - Server by a Chef Infra Client or a workstation. Default value: - `'https'`. - -### oc_bifrost - -{{< reusable_text_versioned file="server_services_bifrost" >}} - -This configuration file has the following settings for `oc_bifrost`: - -`oc_bifrost['db_pool_size']` - -: The number of open connections to PostgreSQL that are maintained by - the service. This value should be increased if failures indicate - that the **oc_bifrost** service ran out of connections. This value - should be tuned in conjunction with the - `postgresql['max_connections']` setting for PostgreSQL. Default - value: `20`. - -`oc_bifrost['dir']` - -: The working directory. The default value is the recommended value. - Default value: `/var/opt/opscode/oc_bifrost`. - -`oc_bifrost['enable']` - -: Enable a service. Default value: `true`. - -`oc_bifrost['enable_request_logging']` - -: Use to configure request logging for the `oc_bifrost` service. - Default value: `true`. - -`oc_bifrost['extended_perf_log']` - -: Default value: `true`. - -`oc_bifrost['listen']` - -: The IP address on which the service is to listen. Default value: - `'127.0.0.1'`. - -`oc_bifrost['log_directory']` - -: The directory in which log data is stored. The default value is the - recommended value. Default value: `/var/log/opscode/oc_bifrost`. - -`oc_bifrost['log_rotation']` - -: The log rotation policy for this service. Log files are rotated when - they exceed `file_maxbytes`. The maximum number of log files in the - rotation is defined by `num_to_keep`. Default value: - - ```ruby - { 'file_maxbytes' => 104857600, 'num_to_keep' => 10 } - ``` - -`oc_bifrost['port']` - -: The port on which the service is to listen. Default value: `9463`. - -`oc_bifrost['sql_connection_user']` - -: The PostgreSQL user name in `'username@hostname'` format (e.g. - `'bifrost@my_postgresql.postgres.database.azure.com'`), where - `username` would normally equal the value of - `oc_bifrost['sql_user']` (default: `'bifrost'`). This setting is - **required** in an external Azure PostgreSQL database-as-a-service - configuration. If set to `nil`, Chef Infra Server assumes that the - database is not on Azure and the PostgreSQL connection will be made - using the value specified in `oc_bifrost['sql_user']`. Default - value: `nil`. - -`oc_bifrost['sql_password']` - -: The password for the `sql_user`. Default value: **generated**. - - To override the default value, use the [Secrets - Management]({{< relref "/server/ctl_chef_server#secrets-management" >}}) - command: `chef-server-ctl set-secret oc_bifrost sql_password`. - -`oc_bifrost['sql_ro_password']` - -: The password for the `sql_ro_user`. Default value: **generated**. - - To override the default value, use the [Secrets - Management]({{< relref "/server/ctl_chef_server#secrets-management" >}}) - command: `chef-server-ctl set-secret oc_bifrost sql_ro_password`. - -`oc_bifrost['sql_ro_user']` - -: Default value: `'bifrost_ro'`. - -`oc_bifrost['sql_user']` - -: The user with permission to publish data. Default value: - `'bifrost'`. - -`oc_bifrost['superuser_id']` - -: Default value: **generated**. - -`oc_bifrost['vip']` - -: The virtual IP address. Default value: `'127.0.0.1'`. - -### oc_chef_authz - -The **opscode-authz** service is used to handle authorization requests -from oc_erchef to oc_bifrost in the Chef Infra Server. - -This configuration file has the following settings for `oc_chef_authz`: - -`oc_chef_authz['http_cull_interval']` - -: Default value: `'{1, min}'`. - -`oc_chef_authz['http_init_count']` - -: Default value: `25`. - -`oc_chef_authz['http_max_age']` - -: Default value: `'{70, sec}'`. - -`oc_chef_authz['http_max_connection_duration']` - -: Default value: `'{70, sec}'`. - -`oc_chef_authz['http_max_count']` - -: Default value: `100`. - -`oc_chef_authz['ibrowse_options']` - -: The amount of time (in milliseconds) to wait for a connection to be - established. Default value: `'[{connect_timeout, 5000}]'`. - -### oc-chef-pedant - -This configuration file has the following settings for `oc-chef-pedant`: - -`oc_chef_pedant['debug_org_creation']` - -: Run tests with full output. Default value: `false`. - -`oc_chef_pedant['dir']` - -: The working directory. The default value is the recommended value. - Default value: - - ```ruby - '/var/opt/opscode/oc-chef-pedant' - ``` - -`oc_chef_pedant['log_directory']` - -: The directory in which log data is stored. The default value is the - recommended value. Default value: - - ```ruby - '/var/log/opscode/oc-chef-pedant' - ``` - -`oc_chef_pedant['log_http_requests']` - -: Log HTTP requests in a file named `http-traffic.log` that is located - in the path specified by `log_directory`. Default value: `true`. - -`oc_chef_pedant['log_rotation']` - -: The log rotation policy for this service. Log files are rotated when - they exceed `file_maxbytes`. The maximum number of log files in the - rotation is defined by `num_to_keep`. Default value: - - ```ruby - { 'file_maxbytes' => 104857600, 'num_to_keep' => 10 } - ``` - -### oc-id - -{{< reusable_text_versioned file="server_services_oc_id" >}} - -This configuration file has the following settings for `oc-id`: - -`oc_id['administrators']` - -: An array of Chef Infra Server user names who may add applications to - the identity service. For example, `['user1', 'user2']`. Default - value: `[ ]`. - -`oc_id['applications']` - -: A Hash that contains OAuth 2 application information. Default value: - `{ }`. - - {{< readfile file="content/server/reusable/md/config_ocid_application_hash_supermarket.md" >}} - -`oc_id['db_pool_size']` - -: The number of open connections to PostgreSQL that are maintained by - the service. Default value: `'20'`. - -`oc_id['dir']` - -: The working directory. The default value is the recommended value. - Default value: none. - -`oc_id['enable']` - -: Enable a service. Default value: `true`. - -`oc_id['email_from_address']` - -: Outbound email address. Defaults to the `'from_email'` value. - -`oc_id['log_directory']` - -: The directory in which log data is stored. The default value is the - recommended value. Default value: `'/var/opt/opscode/oc_id'`. - -`oc_id['log_rotation']` - -: The log rotation policy for this service. Log files are rotated when - they exceed `file_maxbytes`. The maximum number of log files in the - rotation is defined by `num_to_keep`. Default value: - - ```ruby - { 'file_maxbytes' => 104857600, 'num_to_keep' => 10 } - ``` - -`oc_id['origin']` - -: The FQDN for the server that is sending outbound email. FQDNs must - always be in lowercase. Defaults to the `'api_fqdn'` value, which is - the FQDN for the Chef Infra Server. - -`oc_id['num_to_keep']` - -: The number of log files to keep. Default value: `10`. - -`oc_id['port']` - -: The port on which the service is to listen. Default value: `9090`. - -`oc_id['sql_connection_user']` - -: The PostgreSQL user name in `'username@hostname'` format (e.g. - `'oc_id@my_postgresql.postgres.database.azure.com'`), where - `username` would normally equal the value of `oc_id['sql_user']` - (default: `'od_id'`). This setting is **required** in an external - Azure PostgreSQL database-as-a-service configuration. If set to - `nil`, Chef Infra Server assumes that the database is not on Azure - and the PostgreSQL connection will be made using the value specified - in `oc_id['sql_user']`. Default value: `nil`. - -`oc_id['sql_database']` - -: The name of the database. Default value: `oc_id`. - -`oc_id['sql_password']` - -: The password for the `sql_user`. Default value: **generated**. - - To override the default value, use the [Secrets - Management]({{< relref "/server/ctl_chef_server#secrets-management" >}}) - command: `chef-server-ctl set-secret oc_id sql_password`. - -`oc_id['sql_user']` - -: The user with permission to write to `sql_database`. Default value: - `oc_id`. - -`oc_id['vip']` - -: The virtual IP address. Default value: `'127.0.0.1'`. - -### opscode-chef-mover - -This configuration file has the following settings for -`opscode-chef-mover`: - -`opscode_chef_mover['bulk_fetch_batch_size']` - -: Default value: `'5'`. - -`opscode_chef_mover['cache_ttl']` - -: Default value: `'3600'`. - -`opscode_chef_mover['db_pool_size']` - -: The number of open connections to PostgreSQL that are maintained by - the service. Default value: `'5'`. - -`opscode_chef_mover['data_dir']` - -: The directory in which on-disk data is stored. The default value is - the recommended value. Default value: - - ```ruby - '/var/opt/opscode/opscode-chef-mover/data' - ``` - -`opscode_chef_mover['dir']` - -: The working directory. The default value is the recommended value. - Default value: - - ```ruby - '/var/opt/opscode/opscode-chef-mover' - ``` - -`opscode_chef_mover['enable']` - -: Enable a service. Default value: `true`. - -`opscode_chef_mover['ibrowse_max_pipeline_size']` - -: Default value: `1`. - -`opscode_chef_mover['ibrowse_max_sessions']` - -: Default value: `256`. - -`opscode_chef_mover['log_directory']` - -: The directory in which log data is stored. The default value is the - recommended value. Default value: - - ```ruby - '/var/log/opscode/opscode-chef-mover' - ``` - -`opscode_chef_mover['log_rotation']` - -: The log rotation policy for this service. Log files are rotated when - they exceed `file_maxbytes`. The maximum number of log files in the - rotation is defined by `num_to_keep`. Default value: - - ```ruby - { 'file_maxbytes' => 104857600, 'num_to_keep' => 10 } - ``` - -`opscode_chef_mover['max_cache_size']` - -: Default value: `'10000'`. - -`opscode_chef_mover['solr_http_cull_interval']` - -: Default value: `'{1, min}'`. - -`opscode_chef_mover['solr_http_init_count']` - -: Default value: `25`. - -`opscode_chef_mover['solr_http_max_age']` - -: Default value: `'{70, sec}'`. - -`opscode_chef_mover['solr_http_max_connection_duration']` - -: Default value: `'{70, sec}'`. - -`opscode_chef_mover['solr_http_max_count']` - -: Default value: `100`. - -`opscode_chef_mover['solr_ibrowse_options']` - -: Default value: `'[{connect_timeout, 10000}]'`. - -`opscode_chef_mover['solr_timeout']` - -: Default value: `30000`. - -### opscode-erchef - -{{< reusable_text_versioned file="server_services_erchef" >}} - -This configuration file has the following settings for `opscode-erchef`: - -`opscode_erchef['auth_skew']` - -: Default value: `900`. - -`opscode_erchef['authz_fanout']` - -: Default value: `20`. - -`opscode_erchef['authz_timeout']` - -: The amount of time (in seconds) before a request to the - **oc_bifrost** service times out. Default value: `2000`. - -`opscode_erchef['base_resource_url']` - -: The base URL to which the service is to return links to API - resources. Use `:host_header` to ensure the URL is derived from the - host header of the incoming HTTP request. Default value: - `:host_header`. - -`opscode_erchef['bulk_fetch_batch_size']` - -: The number of nodes that may be deserialized. Currently only applies - to the `/search` endpoint in the Chef Infra Server API. The default - value is the recommended value. Default value: `5`. - -`opscode_erchef['cache_ttl']` - -: Default value: `3600`. - -`opscode_erchef['cleanup_batch_size']` - -: Default value: `0`. - -`opscode_erchef['couchdb_max_conn']` - -: Default value: `'100'`. - -`opscode_erchef['db_pool_size']` - -: The number of open connections to PostgreSQL that are maintained by - the service. Default value: `20`. - -`opscode_erchef['depsolver_timeout']` - -: The amount of time (in milliseconds) to wait for cookbook dependency - problems to be solved. Default value: `'5000'`. - -`opscode_erchef['depsolver_worker_count']` - -: The number of Ruby processes for which cookbook dependency problems - are unsolved. Use the `pgrep -fl depselector` command to verify the - number of depsolver workers that are running. If you are seeing 503 - service unavailable errors, increase this value. Default value: - `'5'`. - -`opscode_erchef['dir']` - -: The working directory. The default value is the recommended value. - Default value: `/var/opt/opscode/opscode-erchef`. - -`opscode_erchef['enable']` - -: Enable a service. Default value: `true`. - -`opscode_erchef['enable_actionlog']` - -: Use to enable Chef actions, a premium feature of the Chef Infra - Server. Default value: `false`. - -`opscode_erchef['enable_request_logging']` - -: Use to configure request logging for the `opscode_erchef` service. - Default value: `true`. - -`opscode_erchef['ibrowse_max_pipeline_size']` - -: Default value: `1`. - -`opscode_erchef['ibrowse_max_sessions']` - -: Default value: `256`. - -`opscode_erchef['listen']` - -: The IP address on which the service is to listen. Default value: - `127.0.0.1`. - -`opscode_erchef['log_directory']` - -: The directory in which log data is stored. The default value is the - recommended value. Default value: `/var/log/opscode/opscode-erchef`. - -`opscode_erchef['log_rotation']` - -: The log rotation policy for this service. Log files are rotated when - they exceed `file_maxbytes`. The maximum number of log files in the - rotation is defined by `num_to_keep`. Default value: - - ```ruby - { 'file_maxbytes' => 104857600, 'num_to_keep' => 10 } - ``` - -`opscode_erchef['max_cache_size']` - -: Default value: `10000`. - -`opscode_erchef['max_request_size']` - -: When the request body size is greater than this value, a - `413 Request Entity Too Large` error is returned. Default value: - `2000000`. - -`opscode_erchef['nginx_bookshelf_caching']` - -: Whether Nginx is used to cache cookbooks. When `:on`, Nginx serves - up the cached content instead of forwarding the request. Default - value: `:off`. - -`opscode_erchef['port']` - -: The port on which the service is to listen. Default value: `8000`. - -`opscode_erchef['reindex_batch_size']` - -: The number of items to fetch from the database and send to the - search index at a time. Default value: `10`. - -`opscode_erchef['reindex_sleep_min_ms']` - -: The minimum number of milliseconds to sleep before retrying a failed - attempt to index an item. Retries are delayed a random number of - miliseconds between `reindex_sleep_min_ms` and - `reindex_sleep_max_ms`. Set both this and `reindex_sleep_max_ms` to - 0 to retry without delay. Default value: `500` - -`opscode_erchef['reindex_sleep_max_ms']` - -: The maximum number of milliseconds to sleep before retrying a failed - attempt to index an item. Retries are delayed a random number of - miliseconds between `reindex_sleep_min_ms` and - `reindex_sleep_max_ms`. Set both this and `reindex_sleep_min_ms` to - 0 to retry without delay. Default value: `2000` - -`opscode_erchef['reindex_item_retries']` - -: The number of times to retry sending an object for indexing in the - case of failure. Default value: `3` - -`opscode_erchef['root_metric_key']` - -: Default value: `chefAPI`. - -`opscode_erchef['s3_bucket']` - -: The name of the Amazon Simple Storage Service (S3) bucket. This may - point at external storage locations, such as Amazon EC2. See [AWS - external bookshelf - settings]({{< relref "/server#aws-settings" >}}) for - more information on configuring external bookshelf. - -`opscode_erchef['s3_parallel_ops_fanout']` - -: Default value: `20`. - -`opscode_erchef['s3_parallel_ops_timeout']` - -: Default value: `5000`. - -`opscode_erchef['s3_url_expiry_window_size']` - -: The frequency at which unique URLs are generated. This value may be - a specific amount of time, i.e. `15m` (fifteen minutes) or a - percentage of the value of `s3_url_ttl`, i.e. `10%`. Default value: - `:off`. - -`opscode_erchef['s3_url_ttl']` - -: The amount of time (in seconds) before connections to the server - expire. If node bootstraps are timing out, increase this setting. - Default value: `28800`. - -`opscode_erchef['sql_connection_user']` - -: The PostgreSQL user name in `'username@hostname'` format (e.g. - `'opscode_chef@my_postgresql.postgres.database.azure.com'`), where - `username` would normally equal the value of - `opscode-erchef['sql_user']` (default: `'opscode_chef'`). This - setting is **required** in an external Azure PostgreSQL - database-as-a-service configuration. If set to `nil`, Chef Infra - Server assumes that the database is not on Azure and the PostgreSQL - connection will be made using the value specified in - `opscode_erchef['sql_user']`.Default value: `nil`. - -`opscode_erchef['strict_search_result_acls']` - -: {{< reusable_text_versioned file="settings_strict_search_result_acls" >}} - -`opscode_erchef['udp_socket_pool_size']` - -: Default value: `20`. - -`opscode_erchef['umask']` - -: Default value: `0022`. - -`opscode_erchef['validation_client_name']` - -: Default value: `chef-validator`. - -`opscode_erchef['vip']` - -: The virtual IP address. Default value: `127.0.0.1`. - -### opscode-expander - -{{< reusable_text_versioned file="server_services_expander" >}} - -This configuration file has the following settings for -`opscode-expander`: - -`opscode_expander['consumer_id']` - -: The identity of the consumer to which messages are published. - Default value: `default`. - -`opscode_expander['dir']` - -: The working directory. The default value is the recommended value. - Default value: - - ```ruby - /var/opt/opscode/opscode-expander - ``` - -`opscode_expander['enable']` - -: Enable a service. Default value: `true`. - -`opscode_expander['log_directory']` - -: The directory in which log data is stored. The default value is the - recommended value. Default value: - - ```ruby - /var/log/opscode/opscode-expander - ``` - -`opscode_expander['log_rotation']` - -: The log rotation policy for this service. Log files are rotated when - they exceed `file_maxbytes`. The maximum number of log files in the - rotation is defined by `num_to_keep`. Default value: - - ```ruby - { 'file_maxbytes' => 104857600, 'num_to_keep' => 10 } - ``` - -`opscode_expander['nodes']` - -: The number of allowed worker processes. Default value: `2`. - -`opscode_expander['reindexer_log_directory']` - -: The directory in which `opscode-expander-reindexer` logs files are - located. Default value: - - ```ruby - /var/log/opscode/opscode-expander-reindexer - ``` - -### opscode-solr4 - -{{< reusable_text_versioned file="server_services_solr4" >}} - -This configuration file has the following settings for `opscode-solr4`: - -`opscode_solr4['auto_soft_commit']` - -: The maximum number of documents before a soft commit is triggered. - Default value: `1000`. - -`opscode_solr4['commit_interval']` - -: The frequency (in seconds) at which node objects are added to the - Apache Solr search index. This value should be tuned carefully. When - data is committed to the Apache Solr index, all incoming updates are - blocked. If the duration between updates is too short, it is - possible for the rate at which updates are asked to occur to be - faster than the rate at which objects can be actually committed. - Default value: `60000` (every 60 seconds). - -`opscode_solr4['data_dir']` - -: The directory in which on-disk data is stored. The default value is - the recommended value. Default value: - - ```ruby - /var/opt/opscode/opscode-solr4/data - ``` - -`opscode_solr4['dir']` - -: The working directory. The default value is the recommended value. - Default value: - - ```ruby - /var/opt/opscode/opscode-solr4 - ``` - -`opscode_solr4['enable']` - -: Enable a service. Default value: `true`. - -`opscode_solr4['heap_size']` - -: The amount of memory (in MBs) available to Apache Solr. If there is - not enough memory available, search queries made by nodes to Apache - Solr may fail. The amount of memory that must be available also - depends on the number of nodes in the organization, the frequency of - search queries, and other characteristics that are unique to each - organization. In general, as the number of nodes increases, so does - the amount of memory. The default value should work for many - organizations with fewer than 25 nodes. For an organization with - several hundred nodes, the amount of memory that is required often - exceeds 3GB. Default value: `nil`, which is equivalent to 25% of the - system memory or 1024 (MB, but this setting is specified as an - integer number of MB in EC11), whichever is smaller. - -`opscode_solr4['ip_address']` - -: The IP address for the machine on which Apache Solr is running. - Default value: `127.0.0.1`. - -`opscode_solr4['java_opts']` - -: A Hash of `JAVA_OPTS` environment variables to be set. - (`-XX:NewSize` is configured using the `new_size` setting.) Default - value: `' '` (empty). - -`opscode_solr4['log_directory']` - -: The directory in which log data is stored. The default value is the - recommended value. Default value: - - ```ruby - /var/log/opscode/opscode-solr4 - ``` - -`opscode_solr4['log_gc']` - -: Enable or disable GC logging. Default is `true`. - -`opscode_solr4['log_rotation']` - -: The log rotation policy for this service. Log files are rotated when - they exceed `file_maxbytes`. The maximum number of log files in the - rotation is defined by `num_to_keep`. Default value: - - ```ruby - { 'file_maxbytes' => 104857600, 'num_to_keep' => 10 } - ``` - -`opscode_solr4['max_commit_docs']` - -: The frequency (in documents) at which node objects are added to the - Apache Solr search index. This value should be tuned carefully. When - data is committed to the Apache Solr index, all incoming updates are - blocked. If the duration between updates is too short, it is - possible for the rate at which updates are asked to occur to be - faster than the rate at which objects can be actually committed. - Default value: `1000` (every 1000 documents). - -`opscode_solr4['max_field_length']` - -: The maximum field length (in number of tokens/terms). If a field - length exceeds this value, Apache Solr may not be able to complete - building the index. Default value: `100000` (increased from the - Apache Solr default value of `10000`). - -`opscode_solr4['max_merge_docs']` - -: The maximum number of index segments allowed before they are merged - into a single index. Default value: `2147483647`. - -`opscode_solr4['merge_factor']` - -: The maximum number of document updates that can be stored in memory - before being flushed and added to the current index segment. Default - value: `15`. - -`opscode_solr4['new_size']` - -: Configure the `-XX:NewSize` `JAVA_OPTS` environment variable. - Default value: `nil`. - -`opscode_solr4['poll_seconds']` - -: The frequency (in seconds) at which the secondary machine polls the - primary. Default value: `20`. - -`opscode_solr4['port']` - -: The port on which the service is to listen. Default value: `8983`. - -`opscode_solr4['ram_buffer_size']` - -: The size (in megabytes) of the RAM buffer. When document updates - exceed this amout, pending updates are flushed. Default value: - `100`. - -`opscode_solr4['url']` - -: Default value: `'http://localhost:8983/solr'`. - -`opscode_solr4['vip']` - -: The virtual IP address. Default value: `127.0.0.1`. - -### postgresql - -{{< reusable_text_versioned file="server_services_postgresql" >}} - -This configuration file has the following settings for `postgresql`: - -`postgresql['checkpoint_completion_target']` - -: A completion percentage that is used to determine how quickly a - checkpoint should finish in relation to the completion status of the - next checkpoint. For example, if the value is `0.5`, then a - checkpoint attempts to finish before 50% of the next checkpoint is - done. Default value: `0.5`. - -`postgresql['checkpoint_segments']` - -: The maximum amount (in megabytes) between checkpoints in log file - segments. Default value: `3`. - -`postgresql['checkpoint_timeout']` - -: The amount of time (in minutes) between checkpoints. Default value: - `5min`. - -`postgresql['checkpoint_warning']` - -: The frequency (in seconds) at which messages are sent to the server - log files if checkpoint segments are being filled faster than their - currently configured values. Default value: `30s`. - -`postgresql['data_dir']` - -: The directory in which on-disk data is stored. The default value is - the recommended value. Default value: - `/var/opt/opscode/postgresql/#{node['private_chef']['postgresql']['version']}/data`. - -`postgresql['db_connection_superuser']` - -: The PostgreSQL superuser name in `'username@hostname'` format (e.g. - `'opscode_pgsql@my_postgresql.postgres.database.azure.com'`), where - `username` would normally equal the value of - `postgresql['db_superuser']` with any dashes replaced by - underscores. This setting is **required** in an external Azure - PostgreSQL database-as-a-service configuration. If set to `nil`, - Chef Infra Server assumes that the database is not on Azure and the - PostgreSQL connection will be made using the value specified in - `postgresql['db_superuser']`. Default value: `nil`. - -`postgresql['db_superuser']` - -: Default value: `opscode-pgsql`. If `username` is set, set - `db_superuser` to the same value. - -`postgresql['db_superuser_password']` - -: Password for the DB superuser. Default value: **generated**. - - To override the default value, use the [Secrets - Management]({{< relref "/server/ctl_chef_server#secrets-management" >}}) - command: `chef-server-ctl set-db-superuser-password`. - -`postgresql['dir']` - -: The working directory. The default value is the recommended value. - Default value: - `/var/opt/opscode/postgresql/#{node['private_chef']['postgresql']['version']}`. - -`postgresql['effective_cache_size']` - -: The size of the disk cache that is used for data files. Default - value: 50% of available RAM. - -`postgresql['enable']` - -: Enable a service. Default value: `true`. - -`postgresql['home']` - -: The home directory for PostgreSQL. Default value: - `/var/opt/opscode/postgresql`. - -`postgresql['keepalives_count']` - -: The maximum number of keepalive proves that should be sent before - dropping a connection. Default value: `2`. - -`postgresql['keepalives_idle']` - -: The amount of time (in seconds) a connection must remain idle before - keepalive probes will resume. Default value: `60`. - -`postgresql['keepalives_interval']` - -: The amount of time (in seconds) between probes. Default value: `15`. - -`postgresql['listen_address']` - -: The connection source to which PostgreSQL is to respond. Default - value: `localhost`. - -`postgresql['log_directory']` - -: The directory in which log data is stored. The default value is the - recommended value. Default value: - `/var/log/opscode/postgresql/#{node['private_chef']['postgresql']['version']}`. - -`postgresql['log_min_duration_statement']` - -: When to log a slow PostgreSQL query statement. Possible values: `-1` - (disabled, do not log any statements), `0` (log every statement), or - an integer greater than zero. When the integer is greater than zero, - this value is the amount of time (in milliseconds) that a query - statement must have run before it is logged. Default value: `-1`. - -`postgresql['log_rotation']` - -: The log rotation policy for this service. Log files are rotated when - they exceed `file_maxbytes`. The maximum number of log files in the - rotation is defined by `num_to_keep`. Default value: - `{ 'file_maxbytes' => 104857600, 'num_to_keep' => 10 }` - -`postgresql['max_connections']` - -: The maximum number of allowed concurrent connections. Default value: - `350`. - -`postgresql['md5_auth_cidr_addresses']` - -: Use instead of `trust_auth_cidr_addresses` to encrypt passwords - using MD5 hashes. Default value: `[ '127.0.0.1/32', '::1/128' ]`. - -`postgresql['port']` - -: The port on which the service is to listen. Default value: `5432`. - -`postgresql['shared_buffers']` - -: The amount of memory that is dedicated to PostgreSQL for data - caching. Default value: - `#{(node['memory']['total'].to_i / 4) / (1024)}MB`. - -`postgresql['shell']` - -: Default value: `/bin/sh`. - -`postgresql['shmall']` - -: The total amount of available shared memory. Default value: - `4194304`. - -`postgresql['shmmax']` - -: The maximum amount of shared memory. Default value: `17179869184`. - -`postgresql['sslmode']` - -: SSL encryption mode between the Chef Infra Server and PostgreSQL. - Valid settings are `'disable'` and `'require'`. Default value: - `'disable'`. - -`postgresql['trust_auth_cidr_addresses']` - -: Use for clear-text passwords. See `md5_auth_cidr_addresses`. Default - value: `'127.0.0.1/32', '::1/128'`. - -`postgresql['user_path']` - -: Default value: `/opt/opscode/embedded/bin:/opt/opscode/bin:$PATH`. - -`postgresql['username']` - -: The PostgreSQL account user name. Default value: `opscode-pgsql`. If - setting this value, must set `db_superuser` to the same value. - -`postgresql['version']` - -: The (currently) hardcoded version of PostgreSQL. Default value: - `'9.2'`. - -`postgresql['vip']` - -: The virtual IP address. Default value: `127.0.0.1`. - -`postgresql['work_mem']` - -: The size (in megabytes) of allowed in-memory sorting. Default value: - `8MB`. - -### rabbitmq - -{{< reusable_text_versioned file="server_services_rabbitmq" >}} - -This configuration file has the following settings for `rabbitmq`: - -`rabbitmq['actions_exchange']` - -: The name of the exchange to which Chef actions publishes actions - data. Default value: `'actions'`. - -`rabbitmq['actions_password']` - -: Legacy configuration setting for the password of the `actions_user`. - Default value: **generated**. - - To override the default value, use the [Secrets - Management]({{< relref "/server/ctl_chef_server#secrets-management" >}}) - command: `chef-server-ctl set-actions-password`. - -`rabbitmq['actions_user']` - -: The user with permission to publish actions data. Default value: - `'actions'`. - -`rabbitmq['actions_vhost']` - -: The virtual host to which Chef actions publishes actions data. - Default value: `'/analytics'`. - -`rabbitmq['analytics_max_length']` - -: The maximum number of messages that can be queued before RabbitMQ - automatically drops messages from the front of the queue to make - room for new messages. Default value: `10000`. - -`rabbitmq['consumer_id']` - -: The identity of the consumer to which messages are published. - Default value: `'hotsauce'`. - -`rabbitmq['data_dir']` - -: The directory in which on-disk data is stored. The default value is - the recommended value. Default value: - `'/var/opt/opscode/rabbitmq/db'`. - -`rabbitmq['dir']` - -: The working directory. The default value is the recommended value. - Default value: `'/var/opt/opscode/rabbitmq'`. - -`rabbitmq['drop_on_full_capacity']` - -: Specify if messages will stop being sent to the RabbitMQ queue when - it is at capacity. Default value: `true`. - -`rabbitmq['enable']` - -: Enable a service. Default value: `true`. - -`rabbitmq['log_directory']` - -: The directory in which log data is stored. The default value is the - recommended value. Default value: `'/var/log/opscode/rabbitmq'`. - -`rabbitmq['log_rotation']` - -: The log rotation policy for this service. Log files are rotated when - they exceed `file_maxbytes`. The maximum number of log files in the - rotation is defined by `num_to_keep`. Default value: - - ```ruby - { 'file_maxbytes' => 104857600, 'num_to_keep' => 10 } - ``` - -`rabbitmq['management_enabled']` - -: Specify if the rabbitmq-management plugin is enabled. Default value: - `true`. - -`rabbitmq['management_password']` - -: Legacy configuration setting for rabbitmq-management plugin - password. Default value: **generated**. - - To override the default value, use the [Secrets - Management]({{< relref "/server/ctl_chef_server#secrets-management" >}}) - command: `chef-server-ctl set-secret rabbitmq management_password`. - -`rabbitmq['management_port']` - -: The rabbitmq-management plugin port. Default value: `15672`. - -`rabbitmq['management_user']` - -: The rabbitmq-management plugin user. Default value: `'rabbitmgmt'`. - -`rabbitmq['node_ip_address']` - -: The bind IP address for RabbitMQ. Default value: `'127.0.0.1'`. - -`rabbitmq['node_port']` - -: The port on which the service is to listen. Default value: `'5672'`. - -`rabbitmq['nodename']` - -: The unique identifier of the node. Default value: `'rabbit@localhost'`. - -`rabbitmq['password']` - -: Legacy configuration setting for the password for the RabbitMQ user. - Default value: **generated**. - - To override the default value, use the [Secrets - Management]({{< relref "/server/ctl_chef_server#secrets-management" >}}) - command: `chef-server-ctl set-secret rabbitmq password`. - -`rabbitmq['prevent_erchef_startup_on_full_capacity']` - -: Specify if the Chef Infra Server will start when the monitored - RabbitMQ queue is full. Default value: `false`. - -`rabbitmq['queue_at_capacity_affects_overall_status']` - -: Specify if the `_status` endpoint in the Chef Infra Server API will - fail if the monitored queue is at capacity. Default value: `false`. - -`rabbitmq['queue_length_monitor_enabled']` - -: Specify if the queue length monitor is enabled. Default value: - `true`. - -`rabbitmq['queue_length_monitor_millis']` - -: The frequency (in milliseconds) at which the length of the RabbitMQ - queue is checked. Default value: `30000`. - -`rabbitmq['queue_length_monitor_timeout_millis']` - -: The timeout (in milliseconds) at which calls to the queue length - monitor will stop if the Chef Infra Server is overloaded. Default - value: `5000`. - -`rabbitmq['queue_length_monitor_queue']` - -: The RabbitMQ queue that is observed by queue length monitor. Default - value: `'alaska'`. - -`rabbitmq['queue_length_monitor_vhost']` - -: The virtual host for the RabbitMQ queue that is observed by queue - length monitor. Default value: `'/analytics'`. - -`rabbitmq['rabbit_mgmt_http_cull_interval']` - -: The maximum cull interval (in seconds) for the HTTP connection pool - that is used by the rabbitmq-management plugin. Default value: `60`. - -`rabbitmq['rabbit_mgmt_http_init_count']` - -: The initial worker count for the HTTP connection pool that is used - by the rabbitmq-management plugin. Default value: `25`. - -`rabbitmq['rabbit_mgmt_http_max_age']` - -: The maximum connection worker age (in seconds) for the HTTP - connection pool that is used by the rabbitmq-management plugin. - Default value: `70`. - -`rabbitmq['rabbit_mgmt_http_max_connection_duration']` - -: The maximum connection duration (in seconds) for the HTTP connection - pool that is used by the rabbitmq-management plugin. Default value: - `70`. - -`rabbitmq['rabbit_mgmt_http_max_count']` - -: The maximum worker count for the HTTP connection pool that is used - by the rabbitmq-management plugin. Default value: `100`. - -`rabbitmq['rabbit_mgmt_ibrowse_options']` - -: An array of comma-separated key-value pairs of ibrowse options for - the HTTP connection pool that is used by the rabbitmq-management - plugin. Default value: `'{connect_timeout, 10000}'`. - -`rabbitmq['rabbit_mgmt_timeout']` - -: The timeout for the HTTP connection pool that is used by the - rabbitmq-management plugin. Default value: `30000`. - -`rabbitmq['reindexer_vhost']` - -: Default value: `'/reindexer'`. - -`rabbitmq['ssl_versions']` - -: The SSL versions used by the rabbitmq-management plugin. (See - [RabbitMQ TLS support](https://www.rabbitmq.com/ssl.html) for more - information.) Default value: `['tlsv1.2', 'tlsv1.1']`. - -`rabbitmq['user']` - -: Default value: `'chef'`. - -`rabbitmq['vhost']` - -: Default value: `'/chef'`. - -`rabbitmq['vip']` - -: The virtual IP address. Default value: `'127.0.0.1'`. - -### redis_lb - -{{< reusable_text_versioned file="server_services_redis" >}} - -This configuration file has the following settings for `redis_lb`: - -`redis_lb['activerehashing']` - -: Enable active rehashing. Default value: `'no'`. - -`redis_lb['aof_rewrite_min_size']` - -: The minimum size of the append-only file. Only files larger than - this value are rewritten. Default value: `'16mb'`. - -`redis_lb['aof_rewrite_percent']` - -: The size of the current append-only file, as compared to the base - size. The append-only file is rewritten when the current file - exceeds the base size by this value. Default value: `'50'`. - -`redis_lb['appendfsync']` - -: The frequency at which the operating system writes data on-disk, - instead of waiting for more data. Possible values: `no` (don't - fsync, let operating system flush data), `always` (fsync after every - write to the append-only log file), and `everysec` (fsync only once - time per second). Default value: `'always'`. - -`redis_lb['appendonly']` - -: Dump data asynchronously on-disk or to an append-only log file. Set - to `yes` to dump data to an append-only log file. Default value: - `'no'`. - -`redis_lb['bind']` - -: Bind Redis to the specified IP address. Default value: - `'127.0.0.1'`. - -`redis_lb['data_dir']` - -: The directory in which on-disk data is stored. The default value is - the recommended value. Default value: - `'/var/opt/opscode/redis_lb/data'`. - -`redis_lb['databases']` - -: The number of databases. Default value: `'16'`. - -`redis_lb['dir']` - -: The working directory. The default value is the recommended value. - Default value: `'/var/opt/opscode/redis_lb'`. - -`redis_lb['enable']` - -: Enable a service. Default value: `true`. - -`redis_lb['ha']` - -: Run the Chef Infra Server in a high availability topology. When - `topology` is set to `ha`, this setting defaults to `true`. Default - value: `false`. - -`redis_lb['keepalive']` - -: The amount of time (in seconds) to wait for requests on a - connection. Default value: `'60'`. - -`redis_lb['log_directory']` - -: The directory in which log data is stored. The default value is the - recommended value. Default value: `'/var/log/opscode/redis_lb'`. - -`redis_lb['log_rotation']` - -: The log rotation policy for this service. Log files are rotated when - they exceed `file_maxbytes`. The maximum number of log files in the - rotation is defined by `num_to_keep`. Default value: - - ```ruby - { 'file_maxbytes' => 104857600, 'num_to_keep' => 10 } - ``` - -`redis_lb['loglevel']` - -: The level of logging to be stored in a log file.. Possible values: - `debug`, `notice`, `verbose`, and `warning`. Default value: - `'notice'`. - -`redis_lb['maxmemory']` - -: The maximum amount of memory (in bytes). Default value: `'8m'`. - -`redis_lb['maxmemory_policy']` - -: The policy applied when the maximum amount of memory is reached. - Possible values: `allkeys-lru` (remove keys, starting with those - used least frequently), `allkeys-random` (remove keys randomly), - `noeviction` (don't expire, return an error on write operation), - `volatile-lru` (remove expired keys, starting with those used least - frequently), `volatile-random` (remove expired keys randomly), and - `volatile-ttl` (remove keys, starting with nearest expired time). - Default value: `'noeviction'`. - -`redis_lb['port']` - -: The port on which the service is to listen. Default value: - `'16379'`. - -`redis_lb['save_frequency']` - -: Set the save frequency. Pattern: - `{ "seconds" => "keys", "seconds" => "keys", "seconds" => "keys" }`. - Default value: - - ```ruby - { '900' => '1', '300' => '10', '60' => '1000' } - ``` - - Which saves the database every 15 minutes if at least one key - changes, every 5 minutes if at least 10 keys change, and every 60 - seconds if 10000 keys change. - -`redis_lb['timeout']` - -: The amount of time (in seconds) a client may be idle before timeout. - Default value: `'300'`. - -`redis_lb['vip']` - -: The virtual IP address. Default value: `'127.0.0.1'`. - -`redis_lb['password']` - -: Legacy configuration setting for the Redis password. Default value: - **generated**. - - To override the default value, use the [Secrets - Management]({{< relref "/server/ctl_chef_server#secrets-management" >}}) - command: `chef-server-ctl set-secret redis_lb password`. - -### upgrades - -This configuration file has the following settings for `upgrades`: - -`upgrades['dir']` - -: The working directory. The default value is the recommended value. - Default value: `'/var/opt/opscode/upgrades'`. - -### user - -This configuration file has the following settings for `user`: - -`user['home']` - -: The home directory for the user under which Chef Infra Server - services run. Default value: `/opt/opscode/embedded`. - -`user['shell']` - -: The shell for the user under which Chef Infra Server services run. - Default value: `/bin/sh`. - -`user['username']` - -: The user name under which Chef Infra Server services run. Default - value: `opscode`. - -### required_recipe - -`required_recipe` is a feature that allows an administrator to specify a -recipe that will be run by all Chef Infra Clients that connect to it, -regardless of the node's run list. This feature is targeted at expert -level practitioners who are delivering isolated configuration changes to -the target systems, such as self-contained agent software. Further -explanation of the feature can be found in -[Chef Infra Client Development Docs](https://github.com/chef/chef/blob/main/docs/dev/design_documents/server_enforced_recipes.md). - -This configuration file has the following settings for -`required_recipe`: - -`required_recipe["enable"]` - -: Whether the feature is enabled. Default value: `false`. - -`required_recipe["path"]` - -: The location of the recipe to serve. The file must be owned by the - root user and group, and may not be group or world-writeable. - Default value: `nil`. diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/index.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/index.md deleted file mode 100644 index 2ae2541c48..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/index.md +++ /dev/null @@ -1,3 +0,0 @@ -+++ -headless = true -+++ \ No newline at end of file diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/config_add_condition.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/config_add_condition.md deleted file mode 100644 index 5351c32bdc..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/config_add_condition.md +++ /dev/null @@ -1,13 +0,0 @@ -Use a `case` statement to apply different values based on whether the -setting exists on the front-end or back-end servers. Add code to the -server configuration file similar to the following: - -```ruby -role_name = ChefServer['servers'][node['fqdn']]['role'] -case role_name -when 'backend' - # backend-specific configuration here -when 'frontend' - # frontend-specific configuration here -end -``` diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/config_rb_server_settings_ldap.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/config_rb_server_settings_ldap.md deleted file mode 100644 index f4f699d9e9..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/config_rb_server_settings_ldap.md +++ /dev/null @@ -1,166 +0,0 @@ - -  - -
- -

Warning

- -
- -The following settings **MUST** be in the config file for LDAP -authentication to Active Directory to work: - -- `base_dn` -- `bind_dn` -- `group_dn` -- `host` - -If those settings are missing, you will get authentication errors and be -unable to proceed. - -
- -
- -This configuration file has the following settings for `ldap`: - -`ldap['base_dn']` - -: The root LDAP node under which all other nodes exist in the - directory structure. For Active Directory, this is typically - `cn=users` and then the domain. For example: - - ```ruby - 'OU=Employees,OU=Domain users,DC=example,DC=com' - ``` - - Default value: `nil`. - -`ldap['bind_dn']` - -: The distinguished name used to bind to the LDAP server. The user the - Chef Infra Server will use to perform LDAP searches. This is often - the administrator or manager user. This user needs to have read - access to all LDAP users that require authentication. The Chef Infra - Server must do an LDAP search before any user can log in. Many - Active Directory and LDAP systems do not allow an anonymous bind. If - anonymous bind is allowed, leave the `bind_dn` and `bind_password` - settings blank. If anonymous bind is not allowed, a user with `READ` - access to the directory is required. This user must be specified as - an LDAP distinguished name similar to: - - ```ruby - 'CN=user,OU=Employees,OU=Domainuser,DC=example,DC=com' - ``` - - {{< note >}} - If you need to escape characters in a distinguished name, such as when using Active Directory, they must be [escaped with a backslash escape character](https://social.technet.microsoft.com/wiki/contents/articles/5312.active-directory-characters-to-escape.aspx). - - ```ruby - 'CN=example\\user,OU=Employees,OU=Domainuser,DC=example,DC=com' - ``` - {{< /note >}} - - - Default value: `nil`. - -`ldap['bind_password']` - -: Deprecated. Use `chef-server-ctl set-secret ldap bind_password` from the - [Secrets Management](/ctl_chef_server.html#ctl-chef-server-secrets-management) - commands. - - Legacy configuration for the password of the binding user. The - password for the user specified by `ldap['bind_dn']`. Leave this - value and `ldap['bind_dn']` unset if anonymous bind is sufficient. - Default value: `nil`. - - ```bash - chef-server-ctl set-secret ldap bind_password - Enter ldap bind_password: (no terminal output) - Re-enter ldap bind_password: (no terminal output) - ``` - - Remove a set password via - - ```bash - chef-server-ctl remove-secret ldap bind_password - ``` - -`ldap['group_dn']` - -: The distinguished name for a group. When set to the distinguished - name of a group, only members of that group can log in. This feature - filters based on the `memberOf` attribute and only works with LDAP - servers that provide such an attribute. In OpenLDAP, the `memberOf` - overlay provides this attribute. For example, if the value of the - `memberOf` attribute is `CN=abcxyz,OU=users,DC=company,DC=com`, then - use: - - ```ruby - ldap['group_dn'] = 'CN=abcxyz,OU=users,DC=company,DC=com' - ``` - -`ldap['host']` - -: The name (or IP address) of the LDAP server. The hostname of the - LDAP or Active Directory server. Be sure the Chef Infra Server is - able to resolve any host names. Default value: `ldap-server-host`. - -`ldap['login_attribute']` - -: The LDAP attribute that holds the user's login name. Use to specify - the Chef Infra Server user name for an LDAP user. Default value: - `sAMAccountName`. - -`ldap['port']` - -: An integer that specifies the port on which the LDAP server listens. - The default value is an appropriate value for most configurations. - Default value: `389` or `636` when `ldap['encryption']` is set to - `:simple_tls`. - -`ldap['ssl_enabled']` - -: Cause the Chef Infra Server to connect to the LDAP server using SSL. - Default value: `false`. Must be `false` when `ldap['tls_enabled']` - is `true`. - - {{< note >}} - - It's recommended that you enable SSL for Active Directory. - - Previous versions of Chef Infra Server used the `ldap['ssl_enabled']` setting to first enable SSL, and then the `ldap['encryption']` setting to specific the encryption type. These settings are deprecated. - - {{< /note >}} - - -`ldap['system_adjective']` - -: A descriptive name for the login system that is displayed to users - in the Chef Infra Server management console. If a value like - "corporate" is used, then the Chef management console user interface - will display strings like "the corporate login server", "corporate - login", or "corporate password." Default value: `AD/LDAP`. - - {{< warning >}} - This setting is used by Chef Manage and not Chef Infra Server. Chef Manage is deprecated. - {{< /warning >}} - -`ldap['timeout']` - -: The amount of time (in seconds) to wait before timing out. Default - value: `60000`. - -`ldap['tls_enabled']` - -: Enable TLS. When enabled, communication with the LDAP server is done - via a secure SSL connection on a dedicated port. When `true`, - `ldap['port']` is also set to `636`. Default value: `false`. Must be - `false` when `ldap['ssl_enabled']` is `true`. - - {{< note >}} - - Previous versions of Chef Infra Server used the `ldap['ssl_enabled']` setting to first enable SSL, and then the `ldap['encryption']` setting to specify the encryption type. These settings are deprecated. - - {{< /note >}} diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/config_rb_server_summary.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/config_rb_server_summary.md deleted file mode 100644 index 32715754fe..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/config_rb_server_summary.md +++ /dev/null @@ -1,8 +0,0 @@ -The `/etc/opscode/chef-server.rb` file contains all of the non-default -configuration settings used by the Chef Infra Server. The default -settings are built into the Chef Infra Server configuration and should -only be added to the `chef-server.rb` file to apply non-default values. -These configuration settings are processed when the -`chef-server-ctl reconfigure` command is run. The `chef-server.rb` file -is a Ruby file, which means that conditional statements can be used -within it. \ No newline at end of file diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/notes_config_rb_server_must_reconfigure.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/notes_config_rb_server_must_reconfigure.md deleted file mode 100644 index e224908d32..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/notes_config_rb_server_must_reconfigure.md +++ /dev/null @@ -1,5 +0,0 @@ -When changes are made to the chef-server.rb file the Chef Infra Server must be reconfigured by running the following command: - -```bash -chef-server-ctl reconfigure -``` \ No newline at end of file diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_services_bifrost.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_services_bifrost.md deleted file mode 100644 index 8e3f7a533f..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_services_bifrost.md +++ /dev/null @@ -1,2 +0,0 @@ -The **oc_bifrost** service ensures that every request to view or manage -objects stored on the Chef Infra Server is authorized. \ No newline at end of file diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_services_bookshelf.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_services_bookshelf.md deleted file mode 100644 index 8e2c037f67..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_services_bookshelf.md +++ /dev/null @@ -1,4 +0,0 @@ -The **bookshelf** service is an Amazon Simple Storage Service -(S3)-compatible service that is used to store cookbooks, including all -of the files---recipes, templates, and so on---that are associated with -each cookbook. \ No newline at end of file diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_services_erchef.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_services_erchef.md deleted file mode 100644 index e384d536a2..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_services_erchef.md +++ /dev/null @@ -1,11 +0,0 @@ -The **opscode-erchef** service is an Erlang-based service that is used -to handle Chef Infra Server API requests to the following areas within -the Chef Infra Server: - -- Cookbooks -- Data bags -- Environments -- Nodes -- Roles -- Sandboxes -- Search \ No newline at end of file diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_services_expander.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_services_expander.md deleted file mode 100644 index bc27280bee..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_services_expander.md +++ /dev/null @@ -1,3 +0,0 @@ -The **opscode-expander** service is used to process data (pulled from -the **rabbitmq** service's message queue) so that it can be properly -indexed by the **opscode-solr4** service. \ No newline at end of file diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_services_oc_id.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_services_oc_id.md deleted file mode 100644 index eb2f69fa7f..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_services_oc_id.md +++ /dev/null @@ -1,6 +0,0 @@ -The **oc-id** service enables OAuth 2.0 authentication to the Chef Infra -Server by external applications, including Chef Supermarket. OAuth 2.0 -uses token-based authentication, where external applications use tokens -that are issued by the **oc-id** provider. No special -credentials---`webui_priv.pem` or privileged keys---are stored on the -external application. \ No newline at end of file diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_services_postgresql.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_services_postgresql.md deleted file mode 100644 index 027de67cca..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_services_postgresql.md +++ /dev/null @@ -1 +0,0 @@ -The **postgresql** service is used to store node, object, and user data. \ No newline at end of file diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_services_rabbitmq.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_services_rabbitmq.md deleted file mode 100644 index 6953338391..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_services_rabbitmq.md +++ /dev/null @@ -1,3 +0,0 @@ -The **rabbitmq** service is used to provide the message queue that is -used by the Chef Infra Server to get search data to Apache Solr so that -it can be indexed for search. \ No newline at end of file diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_services_redis.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_services_redis.md deleted file mode 100644 index 4fdcb48d9c..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_services_redis.md +++ /dev/null @@ -1,2 +0,0 @@ -Key-value store used in conjunction with Nginx to route requests and -populate request data used by the Chef Infra Server. \ No newline at end of file diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_services_solr4.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_services_solr4.md deleted file mode 100644 index e52ffa4ff8..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_services_solr4.md +++ /dev/null @@ -1,4 +0,0 @@ -The **opscode-solr4** service is used to create the search indexes used -for searching objects like nodes, data bags, and cookbooks. (This -service ensures timely search results via the Chef Infra Server API; -data that is used by the Chef platform is stored in PostgreSQL.) \ No newline at end of file diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_tuning_bookshelf.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_tuning_bookshelf.md deleted file mode 100644 index b67c0a3bf2..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_tuning_bookshelf.md +++ /dev/null @@ -1,6 +0,0 @@ -The following setting is often modified from the default as part of the -tuning effort for the **bookshelf** service: - -`bookshelf['vip']` - -: The virtual IP address. Default value: `node['fqdn']`. \ No newline at end of file diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_tuning_erchef.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_tuning_erchef.md deleted file mode 100644 index 5f08daf94e..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_tuning_erchef.md +++ /dev/null @@ -1,22 +0,0 @@ -The following settings are often modified from the default as part of -the tuning effort for the **opscode-erchef** service: - -`opscode_erchef['db_pool_size']` - -: The number of open connections to PostgreSQL that are maintained by - the service. If failures indicate that the **opscode-erchef** - service ran out of connections, try increasing the - `postgresql['max_connections']` setting. If failures persist, then - increase this value (in small increments) and also increase the - value for `postgresql['max_connections']`. Default value: `20`. - -`opscode_erchef['s3_url_ttl']` - -: The amount of time (in seconds) before connections to the server - expire. If Chef Infra Client runs are timing out, increase this - setting to `3600`, and then adjust again if necessary. Default - value: `900`. - -`opscode_erchef['strict_search_result_acls']` - -: {{< reusable_text_versioned "settings_strict_search_result_acls" >}} \ No newline at end of file diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_tuning_general.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_tuning_general.md deleted file mode 100644 index a8b44469c1..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_tuning_general.md +++ /dev/null @@ -1,26 +0,0 @@ -The following settings are typically added to the server configuration -file (no equal sign is necessary to set the value): - -`api_fqdn` - -: The FQDN for the Chef Infra Server. This setting is not in the - server configuration file by default. When added, its value should - be equal to the FQDN for the service URI used by the Chef Infra - Server. For example: `api_fqdn "chef.example.com"`. - -`bootstrap` - -: Default value: `true`. - -`ip_version` - -: Use to set the IP version: `"ipv4"` or `"ipv6"`. When set to - `"ipv6"`, the API listens on IPv6 and front end and back end - services communicate via IPv6 when a high availability configuration - is used. When configuring for IPv6 in a high availability - configuration, be sure to set the netmask on the IPv6 `backend_vip` - attribute. Default value: `"ipv4"`. - -`notification_email` - -: Default value: `info@example.com`. \ No newline at end of file diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_tuning_nginx.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_tuning_nginx.md deleted file mode 100644 index 20b62196a5..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_tuning_nginx.md +++ /dev/null @@ -1,63 +0,0 @@ -The following settings are often modified from the default as part of -the tuning effort for the **nginx** service and to configure the Chef -Infra Server to use SSL certificates: - -`nginx['ssl_certificate']` - -: The SSL certificate used to verify communication over HTTPS. Default - value: `nil`. - -`nginx['ssl_certificate_key']` - -: The certificate key used for SSL communication. Default value: - `nil`. - -`nginx['ssl_ciphers']` - -: The list of supported cipher suites that are used to establish a - secure connection. To favor AES256 with ECDHE forward security, drop - the `RC4-SHA:RC4-MD5:RC4:RSA` prefix. For example: - - ```ruby - nginx['ssl_ciphers'] = "HIGH:MEDIUM:!LOW:!kEDH: \ - !aNULL:!ADH:!eNULL:!EXP: \ - !SSLv2:!SEED:!CAMELLIA: \ - !PSK" - ``` - -`nginx['ssl_protocols']` - -: The SSL protocol versions that are enabled for the Chef Infra Server API. - For enhanced security set this value to `'TLSv1.2'`. TLS 1.2 is supported on - Chef Infra Client 10.16.4 and later on Linux, Unix, and macOS, and on Chef - Infra Client 12.8 and later on Windows. If it is necessary to support these - older end-of-life Chef Infra Client releases, set this value to `'TLSv1.1 TLSv1.2'`. - - ```ruby - nginx['ssl_protocols'] = 'TLSv1.2' - ``` - -
-

Note

-
- - See for more - information about the values used with the `nginx['ssl_ciphers']` and - `nginx['ssl_protocols']` settings. - -
-
- - For example, after copying the SSL certificate files to the Chef Infra - Server, update the `nginx['ssl_certificate']` and - `nginx['ssl_certificate_key']` settings to specify the paths to those - files, and then (optionally) update the `nginx['ssl_ciphers']` and - `nginx['ssl_protocols']` settings to reflect the desired level of - hardness for the Chef Infra Server: - - ```ruby - nginx['ssl_certificate'] = '/etc/pki/tls/private/name.of.pem' - nginx['ssl_certificate_key'] = '/etc/pki/tls/private/name.of.key' - nginx['ssl_ciphers'] = 'HIGH:MEDIUM:!LOW:!kEDH:!aNULL:!ADH:!eNULL:!EXP:!SSLv2:!SEED:!CAMELLIA:!PSK' - nginx['ssl_protocols'] = 'TLSv1.2' - ``` diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_tuning_postgresql.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_tuning_postgresql.md deleted file mode 100644 index 423bbef08a..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_tuning_postgresql.md +++ /dev/null @@ -1,34 +0,0 @@ -The following setting is often modified from the default as part of the tuning effort for the **postgresql** service: - -`postgresql['max_connections']` - -: The maximum number of allowed concurrent connections. This value should only be tuned when the `opscode_erchef['db_pool_size']` value used by the **opscode-erchef** service is modified. Default value: `350`. - If there are more than two front end machines in a cluster, the - `postgresql['max_connections']` setting should be increased. The - increased value depends on the number of machines in the front end, - but also the number of services that are running on each of these - machines. - - - Each front end machine always runs the **oc_bifrost** and - **opscode-erchef** services. - - The Reporting add-on adds the **reporting** service. - - Each of these services requires 25 connections, above the default - value. - - Use the following formula to help determine what the increased value - should be: - - ```ruby - new_value = current_value + [ - (# of front end machines - 2) * (25 * # of services) - ] - ``` - - For example, if the current value is 350, there are four front end - machines, and all add-ons are installed, then the formula looks - like: - - ```ruby - 550 = 350 + [(4 - 2) * (25 * 4)] - ``` diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_tuning_solr.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_tuning_solr.md deleted file mode 100644 index 8652366637..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_tuning_solr.md +++ /dev/null @@ -1,3 +0,0 @@ -The following sections describe ways of tuning the **opscode-solr4** -service to improve performance around large node sizes, available -memory, and update frequencies. \ No newline at end of file diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_tuning_solr_available_memory.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_tuning_solr_available_memory.md deleted file mode 100644 index c13f016fc2..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_tuning_solr_available_memory.md +++ /dev/null @@ -1,27 +0,0 @@ -Use the following configuration setting to help ensure that Apache Solr -does not run out of memory: - -`opscode_solr4['heap_size']` - -: The amount of memory (in MBs) available to Apache Solr. If there is - not enough memory available, search queries made by nodes to Apache - Solr may fail. The amount of memory that must be available also - depends on the number of nodes in the organization, the frequency of - search queries, and other characteristics that are unique to each - organization. In general, as the number of nodes increases, so does - the amount of memory. - -If Apache Solr is running out of memory, the -`/var/log/opscode/opscode-solr4/current` log file will contain a message -similar to: - -```bash -SEVERE: java.lang.OutOfMemoryError: Java heap space -``` - -The default value for `opscode_solr4['heap_size']` should work for many -organizations, especially those with fewer than 25 nodes. For -organizations with more than 25 nodes, set this value to 25% of system -memory or `1024`, whichever is smaller. For very large configurations, -increase this value to 25% of system memory or `4096`, whichever is -smaller. This value should not exceed `8192`. diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_tuning_solr_large_node_sizes.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_tuning_solr_large_node_sizes.md deleted file mode 100644 index 6dec8e687d..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_tuning_solr_large_node_sizes.md +++ /dev/null @@ -1,59 +0,0 @@ -The maximum field length setting for Apache Solr should be greater than -any expected node object file sizes in order for them to be successfully -added to the search index. If a node object file is greater than the -maximum field length, the node object will be indexed up to the maximum, -but the part of the file past that limit will not be indexed. If this -occurs, it will seem as if nodes disappear from the search index. To -ensure that large node file sizes are indexed properly, verify the -following configuration settings: - -`nginx['client_max_body_size']` - -: The maximum accepted body size for a client request, as indicated by - the `Content-Length` request header. When the maximum accepted body - size is greater than this value, a `413 Request Entity Too Large` - error is returned. Default value: `250m`. - -and - -`opscode_erchef['max_request_size']` - -: When the request body size is greater than this value, a 413 Request - Entity Too Large error is returned. Default value: `2000000`. - -to ensure that those settings are not part of the reasons for incomplete -indexing, and then update the following setting so that its value is -greater than the expected node file sizes: - -`opscode_solr4['max_field_length']` - -: The maximum field length (in number of tokens/terms). If a field - length exceeds this value, Apache Solr may not be able to complete - building the index. Default value: `100000` (increased from the - Apache Solr default value of `10000`). - -Use the `wc` command to get the byte count of a large node object file. -For example: - -```bash -wc -c NODE_NAME.json -``` - -and then ensure there is a buffer beyond that value. For example, verify -the size of the largest node object file: - -```bash -wc -c nodebsp2016.json -``` - -which returns `154516`. Update the `opscode_solr4['max_field_length']` -setting to have a value greater than the returned value. For example: -`180000`. - -If you don't have a node object file available then you can get an -approximate size of the node data by running the following command on a -node. - -```bash -ohai | wc -c -``` diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_tuning_solr_update_frequency.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_tuning_solr_update_frequency.md deleted file mode 100644 index a5d0b9bb48..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_tuning_solr_update_frequency.md +++ /dev/null @@ -1,24 +0,0 @@ -At the end of every Chef Infra Client run, the node object is saved to -the Chef Infra Server. From the Chef Infra Server, each node object is -then added to the `SOLR` search index. This process is asynchronous. By -default, node objects are committed to the search index every 60 seconds -or per 1000 node objects, whichever occurs first. - -When data is committed to the Apache Solr index, all incoming updates -are blocked. If the duration between updates is too short, it is -possible for the rate at which updates are asked to occur to be faster -than the rate at which objects can be actually committed. - -Use the following configuration setting to improve the indexing -performance of node objects: - -`opscode_solr4['commit_interval']` - -: The frequency (in seconds) at which node objects are added to the - Apache Solr search index. Default value: `60000` (every 60 seconds). - -`opscode_solr4['max_commit_docs']` - -: The frequency (in documents) at which node objects are added to the - Apache Solr search index. Default value: `1000` (every 1000 - documents). \ No newline at end of file diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/settings_strict_search_result_acls.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/settings_strict_search_result_acls.md deleted file mode 100644 index d8715f15dd..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/settings_strict_search_result_acls.md +++ /dev/null @@ -1,28 +0,0 @@ -Use to specify that search results only return objects to which an actor -(user, client, etc.) has read access, as determined by ACL settings. -This affects all searches. When `true`, the performance of the Chef -management console may increase because it enables the Chef management -console to skip redundant ACL checks. To ensure the Chef management -console is configured properly, after this setting has been applied with -a `chef-server-ctl reconfigure` run `chef-manage-ctl reconfigure` to -ensure the Chef management console also picks up the setting. Default -value: `false`. - -
- -

Warning

- -
- -When `true`, `opscode_erchef['strict_search_result_acls']` affects all -search results and any actor (user, client, etc.) that does not have -read access to a search result will not be able to view it. For example, -this could affect search results returned during a Chef Infra Client -runs if a Chef Infra Client does not have permission to read the -information. - - - -
- -
\ No newline at end of file diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/config_rb_server.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/config_rb_server.md deleted file mode 100644 index 1ec7dd14fc..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/config_rb_server.md +++ /dev/null @@ -1,86 +0,0 @@ -+++ -title = "chef-server.rb Settings" -gh_repo = "chef-server" -+++ - -{{< reusable_text_versioned file="config_rb_server_summary">}} - -## Use Conditions - -{{< reusable_text_versioned file="config_add_condition">}} - -## Recommended Settings - -{{< reusable_text_versioned file="server_tuning_general">}} - -### NGINX SSL Protocols - -{{< reusable_text_versioned file="server_tuning_nginx">}} - -## Optional Settings - -The following settings are often used for performance tuning of the Chef -Infra Server in larger installations. - -{{< note >}} -{{< reusable_text_versioned file="notes_config_rb_server_must_reconfigure">}} -{{< /note >}} - -{{< note >}} - -Review the full list of [optional -settings]({{< relref "/server/config_rb_server_optional_settings" >}}) that can be added to -the chef-server.rb file. Many of these optional settings should not be -added without first consulting with Chef support. - -{{< /note >}} - -### bookshelf - -{{< reusable_text_versioned file="server_tuning_bookshelf">}} - -{{< warning >}} - -{{< reusable_text_versioned file="notes_server_aws_cookbook_storage">}} - -{{< /warning >}} - -### opscode-account - -The following setting is often modified from the default as part of the -tuning effort for the **opscode-account** service: - -`opscode_account['worker_processes']` - -: The number of allowed worker processes. This value should be - increased if requests made to the **opscode-account** service are - timing out, but only if the front-end machines have available CPU - and RAM. Default value: `4`. - -### opscode-erchef - -{{< reusable_text_versioned file="server_tuning_erchef">}} - -#### Data Collector - -The following settings are often modified from the default as part of -the tuning effort for the **data_collector** **opscode-erchef** -application: - -`data_collector['http_max_count']` - -: The maximum worker count for the HTTP connection pool that is used - by the data collector. If failures indicate that **opscode-erchef** - application has run out of HTTP connections for the - **data_collector** then increase this value. Default value: 100. - -### postgresql - -{{< reusable_text_versioned file="server_tuning_postgresql">}} - -`postgresql['sslmode']` - -: SSL encryption mode between the Chef Infra Server and PostgreSQL. - Valid settings are `'disable'` and `'require'`. Default value: - `'disable'`. diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/config_rb_server_optional_settings.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/config_rb_server_optional_settings.md deleted file mode 100644 index bbe21662bc..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/config_rb_server_optional_settings.md +++ /dev/null @@ -1,1997 +0,0 @@ -+++ -title = "chef-server.rb 14 Optional Settings" -gh_repo = "chef-server" -+++ - -{{< reusable_text_versioned file="config_rb_server_summary" >}} - -## Settings - -The following sections describe the various settings that are available -in the chef-server.rb file. - -{{< note >}} -{{< reusable_text_versioned file="notes_config_rb_server_must_reconfigure" >}} -{{< /note >}} - -### General - -This configuration file has the following general settings: - -`addons['install']` - -: Default value: `false`. - -`addons['path']` - -: Default value: `nil`. - -`addons['packages']` - -: Default value: - - ```ruby - %w{chef-manage} - ``` - -`api_version` - -: The version of the Chef Infra Server. Default value: `'12.0.0'`. - -`default_orgname` - -: The `ORG_NAME` part of the `/organizations` endpoint in Chef Infra - Server. - -`flavor` - -: Default value: `'cs'`. - -`fips` - -: Set to `true` to run the server in FIPS compliance mode. Set to - `false` to force the server to run without FIPS compliance mode. - Default: The value in the kernel configuration. - -{{< note spaces=4 >}} -Chef Infra Server versions earlier than 14.5 configured with `nginx['enable_non_ssl'] = false` and `fips = true` require `export CSC_LB_URL=https://127.0.0.1` to run the command `chef-server-ctl reindex ` -{{< /note >}} - -`insecure_addon_compat` - -: Set to `true` to keep Chef Infra Server compatible with older add-on - versions by rendering secrets and credentials to - `/etc/opscode/chef-server-running.json` and other files in - `/etc/opscode/`. When set to `false`, secrets are **only** written - to `/etc/opscode/private-chef-secrets.json` and **not** to any other - files. Default value: `true`. - - See [Add-on - Compatibility]({{< relref "/server/server_security#add-on-compatibility" >}}) for the - minimum add-on versions supporting `insecure_addon_compat false`. - -`install_path` - -: The directory in which the Chef Infra Server is installed. Default - value: `'/opt/opscode'`. - -`from_email` - -: The email address from which invitations to the Chef management - console are sent. Default value: `'"Opscode" '`. - -`license['nodes']` - -: The number of licensed nodes. Default value: `25`. - -`license['upgrade_url']` - -: The URL to visit for more information about how to update the number - of nodes licensed for an organization. Default value: - `'https://www.chef.io/pricing'`. - -`notification_email` - -: The email addressed to which email notifications are sent. Default - value: `'pc-default@chef.io'`. - -`role` - -: The configuration type of the Chef Infra Server. Possible values: - `backend`, `frontend`, or `standalone`. Default value: - `'standalone'`. - -`topology` - -: The topology of the Chef Infra Server. Possible values: `manual`, - `standalone`, and `tier`. Default value: `'standalone'`. - -### bookshelf - -{{< reusable_text_versioned file="server_services_bookshelf" >}} - -{{< note >}} -{{< reusable_text_versioned file="notes_server_aws_cookbook_storage" >}} -{{< /note >}} - -This configuration file has the following settings for `bookshelf`: - -`bookshelf['access_key_id']` - -: Deprecated. Use `chef-server-ctl set-secret bookshelf access_key_id` from - the [Secrets Management]({{< relref "/server/ctl_chef_server#secrets-management" >}}) - commands. - - The access key identifier. This may point at an external storage - location, such as Amazon EC2. See [AWS external bookshelf - settings]({{< relref "/server#aws-settings" >}}) for more information on configuring external bookshelf. Default value: **generated**. - -`bookshelf['data_dir']` - -: The directory in which on-disk data is stored. The default value is - the recommended value. Default value: - `/var/opt/opscode/bookshelf/data`. - -`bookshelf['dir']` - -: The working directory. The default value is the recommended value. - Default value: `/var/opt/opscode/bookshelf`. - -`bookshelf['enable']` - -: Enable a service. Default value: `true`. - -`bookshelf['enable_request_logging']` - -: Use to configure request logging for the bookshelf service. Default - value: `false`. - -`bookshelf['external_url']` - -: The base URL to which the service is to return links to API - resources. Use `:host_header` to ensure the URL is derived from the - host header of the incoming HTTP request. Default value: - `:host_header`. - -`bookshelf['listen']` - -: The IP address on which the service is to listen. Default value: - `127.0.0.1`. - -`bookshelf['log_directory']` - -: The directory in which log data is stored. The default value is the - recommended value. Default value: `/var/log/opscode/bookshelf`. - -`bookshelf['log_rotation']` - -: The log rotation policy for this service. Log files are rotated when - they exceed `file_maxbytes`. The maximum number of log files in the - rotation is defined by `num_to_keep`. Default value: - - ```ruby - { 'file_maxbytes' => 104857600, 'num_to_keep' => 10 } - ``` - -`bookshelf['port']` - -: The port on which the service is to listen. Default value: `4321`. - -`bookshelf['secret_access_key']` - -: Deprecated. Use `chef-server-ctl set-secret bookshelf secret_access_key` - from the [Secrets Management]({{< relref "/server/ctl_chef_server#secrets-management" >}}) - commands. - - The secret key. This may point at an external storage location, such - as Amazon EC2. See [AWS external bookshelf - settings]({{< relref "/server#aws-settings" >}}) for - more information on configuring external bookshelf. Default value: - **generated**. - -`bookshelf['storage_type']` - -: Determines where cookbooks are stored. Default value: `:filesystem`. - - In instances that require cookbooks to be stored within a SQL - backend, such as in a high availability setup, you must set - `storage_type` to `:sql`: - - ```ruby - bookshelf['storage_type'] = :sql - ``` - -`bookshelf['stream_download']` - -: Enable stream downloading of cookbooks. This setting (when `true`) - typically results in improved cookbook download performance, - especially with the memory usage of the **bookshelf** service and - the behavior of load balancers and proxies in-between Chef Infra - Client and the Chef Infra Server. Default value: `true`. - -`bookshelf['sql_connection_user']` - -: The PostgreSQL user name in `'username@hostname'` format (e.g. - `'bookshelf@my_postgresql.postgres.database.azure.com'`), where - `username` would normally equal the value of `bookshelf['sql_user']` - (default: `'bookshelf'`). This setting is **required** in an - external Azure PostgreSQL database-as-a-service configuration. If - set to `nil`, Chef Infra Server assumes that the database is not on - Azure and the PostgreSQL connection will be made using the value - specified in `bookshelf['sql_user']`. Default value: `nil`. - -`bookshelf['vip']` - -: The virtual IP address. This may point at an external storage - location, such as Amazon EC2. See [AWS external bookshelf - settings]({{< relref "/server#aws-settings" >}}) for - more information on configuring external bookshelf. Default value: - `127.0.0.1`. - -### bootstrap - -This configuration file has the following settings for `bootstrap`: - -`bootstrap['enable']` - -: Indicates whether an attempt to bootstrap the Chef Infra Server is - made. Generally only enabled on systems that have bootstrap enabled - via a `server` entry. Default value: `true`. - -### compliance forwarding - -The configuration file has the following settings for forwarding -`compliance` requests using the Chef Infra Server authentication system. - -`profiles['root_url']` - -: If set, any properly signed requests arriving at - `/organizations/ORGNAME/owners/OWNER/compliance` will be forwarded - to this URL. This is expected to be a fully qualified resource, e.g. - `http://compliance.example.org/owners/OWNER/compliance`. - -### dark_launch - -This configuration file has the following settings for `dark_launch`: - -`dark_launch['actions']` - -: Enable Chef actions. Default value: `true`. - -`dark_launch['add_type_and_bag_to_items']` - -: Default value: `true`. - -`dark_launch['new_theme']` - -: Default value: `true`. - -`dark_launch['private-chef']` - -: Default value: `true`. - -`dark_launch['quick_start']` - -: Default value: `false`. - -`dark_launch['reporting']` - -: Enable Reporting, which performs data collection during a Chef Infra - Client run. Default value: `true`. - -`dark_launch['sql_users']` - -: Default value: `true`. - -### data_collector - -This configuration file has the following settings for `data_collector`: - -`data_collector['root_url']` - -: The fully qualified URL to the data collector server API. When - present, it will enable the data collector in **opscode-erchef**. - This also enables Chef Infra Server authenticated forwarding any properly - signed requests arriving at `/organizations/ORGNAME/data-collector` - to this URL with the data collector token appended. This is also - target for requests authenticated and forwarded by the - `/organizations/ORGNAME/data-collector` endpoint. For the forwarding - to work correctly the `data_collector['token']` field must also be - set. For example, if the data collector in Chef Automate is being - used, the URI would look like: - `http://my_automate_server.example.org/data-collector/v0/`. - -`data_collector['proxy']` - -: If set to `true`, Chef Infra Server will proxy all requests sent to - `/data-collector` to the configured Chef Automate - `data_collector['root_url']`. Note that *this route* does not check - the request signature and add the right data_collector token, but - just proxies the Chef Automate endpoint **as-is**. Default value: `nil`. - -`data_collector['token']` - -: Deprecated. Use `chef-server-ctl set-secret data_collector token` from - the [Secrets Management]({{< relref "/server/ctl_chef_server#secrets-management" >}}) - commands. - - Legacy configuration for shared data collector security token. When - configured, the token will be passed as an HTTP header named - `x-data-collector-token` which the server can choose to accept or - reject. - -`data_collector['timeout']` - -: The amount of time (in milliseconds) before a request to the data - collector API times out. Default value: 30000. - -`data_collector['http_init_count']` - -: The initial worker count for the HTTP connection pool that is used - by the data collector. Default value: 25. - -`data_collector['http_max_count']` - -: The maximum worker count for the HTTP connection pool that is used - by the data collector. Default value: 100. - -`data_collector['http_max_age']` - -: The maximum connection worker age (in seconds) for the HTTP - connection pool that is used by the data collector. Default value: - "{70, sec}". - -`data_collector['http_cull_interval']` - -: The maximum cull interval (in minutes) for the HTTP connection pool - that is used by the data collector. Default value: "{1, min}". - -`data_collector['http_max_connection_duration']` - -: The maximum connection duration (in seconds) for the HTTP connection - pool that is used by the data collector. Default value: "{70, sec}". - -`data_collector['ibrowse_options']` - -: An array of comma-separated key-value pairs of ibrowse options for - the HTTP connection pool that is used by the data collector. Default - value: "\[{connect_timeout, - 10000}\]". - -`data_collector['health_check']` - -: A boolean that controls whether the data collector health is - included in the overall health at the `_status` endpoint. When set - to `true`, Chef Infra Server will report that healthy front end Chef - HA cluster members have failed when the data_collector\['root_url'\] cannot be reached. As a result, the load balancer - will remove those members from the load balancer pool. Default - value: true\`. - -### estatsd - -This configuration file has the following settings for `estatsd`: - -`estatsd['dir']` - -: The working directory. The default value is the recommended value. - Default value: `'/var/opt/opscode/estatsd'`. - -`estatsd['enable']` - -: Enable a service. Default value: `true`. - -`estatsd['log_directory']` - -: The directory in which log data is stored. The default value is the - recommended value. Default value: `'/var/log/opscode/estatsd'`. - -`estatsd['port']` - -: The port on which the service is to listen. Default value: `9466`. - -`estatsd['protocol']` - -: Use to send application statistics with StatsD protocol formatting. - Set this value to `statsd` to apply StatsD protocol formatting. - -`estatsd['vip']` - -: The virtual IP address. Default value: `'127.0.0.1'`. - -### lb / lb_internal - -This configuration file has the following settings for `lb`: - -`lb['api_fqdn']` - -: The FQDN for the Chef Infra Server. FQDNs must always be in lowercase. Default value: `node['fqdn']`. - -`lb['ban_refresh_interval']` - -: Default value: `600`. - -`lb['bookshelf']` - -: Default value: `127.0.0.1`. - -`lb['cache_cookbook_files']` - -: Default value: `false`. - -`lb['chef_max_version']` - -: The maximum version of Chef Infra Client that is allowed to access - the Chef Infra Server via the Chef Infra Server API. Default value: - `11`. - -`lb['chef_min_version']` - -: The minimum version of Chef Infra Client that is allowed to access - the Chef Infra Server via the Chef Infra Server API. Default value: - `10`. - -`lb['chef_server_webui']` - -: Default value: `127.0.0.1`. - -`lb['debug']` - -: Default value: `false`. - -`lb['enable']` - -: Enable a service. Default value: `true`. - -`lb['erchef']` - -: Default value: `127.0.0.1`. - -`lb['maint_refresh_interval']` - -: Default value: `600`. - -`lb['redis_connection_pool_size']` - -: Default value: `250`. - -`lb['redis_connection_timeout']` - -: The amount of time (in milliseconds) to wait before timing out. - Default value: `1000`. - -`lb['redis_keepalive_timeout']` - -: The amount of time (in milliseconds) to wait before timing out. - Default value: `2000`. - -`lb['upstream']['bookshelf']` - -: The default value is the recommended value. Default value: - `[ '127.0.0.1' ]`. - -`lb['upstream']['oc_bifrost']` - -: The default value is the recommended value. Default value: - `[ '127.0.0.1' ]`. - -`lb['upstream']['opscode_erchef']` - -: The default value is the recommended value. Default value: - `[ '127.0.0.1' ]`. - -`lb['upstream']['opscode_solr4']` - -: The default value is the recommended value. Default value: - `[ '127.0.0.1' ]`. - -`lb['vip']` - -: The virtual IP address. Default value: `127.0.0.1`. - -`lb['web_ui_fqdn']` - -: FQDNs must always be in lowercase. Default value: `node['fqdn']`. - -`lb['xdl_defaults']['503_mode']` - -: The default value is the recommended value. Default value: `false`. - -`lb['xdl_defaults']['couchdb_acls']` - -: The default value is the recommended value. Default value: `true`. - -`lb['xdl_defaults']['couchdb_association_requests']` - -: The default value is the recommended value. Default value: `true`. - -`lb['xdl_defaults']['couchdb_associations']` - -: The default value is the recommended value. Default value: `true`. - -`lb['xdl_defaults']['couchdb_containers']` - -: The default value is the recommended value. Default value: `true`. - -`lb['xdl_defaults']['couchdb_groups']` - -: The default value is the recommended value. Default value: `true`. - -`lb['xdl_defaults']['couchdb_organizations']` - -: The default value is the recommended value. Default value: `true`. - -And for the internal load balancers: - -`lb_internal['account_port']` - -: Default value: `9685`. - -`lb_internal['chef_port']` - -: Default value: `9680`. - -`lb_internal['enable']` - -: Default value: `true`. - -`lb_internal['oc_bifrost_port']` - -: Default value: `9683`. - -`lb_internal['vip']` - -: The virtual IP address. Default value: `'127.0.0.1'`. - -### ldap - -{{< reusable_text_versioned file="config_rb_server_settings_ldap" >}} - -### nginx - -This configuration file has the following settings for `nginx`: - -`nginx['cache_max_size']` - -: The `max_size` parameter used by the Nginx cache manager, which is - part of the `proxy_cache_path` directive. When the size of file - storage exceeds this value, the Nginx cache manager removes the - least recently used data. Default value: `5000m`. - -`nginx['client_max_body_size']` - -: The maximum accepted body size for a client request, as indicated by - the `Content-Length` request header. Default value: `250m`. - -`nginx['dir']` - -: The working directory. The default value is the recommended value. - Default value: `/var/opt/opscode/nginx`. - -`nginx['enable']` - -: Enable a service. Default value: `true`. - -`nginx['enable_ipv6']` - -: Enable Internet Protocol version 6 (IPv6) addresses. Default value: - `false`. - -`nginx['enable_non_ssl']` - -: Allow port 80 redirects to port 443. Set to - `true`, to enable SSL termination by the front-end hardware load balancers for WebUI and API endpoints. Default value: `false`. - -{{< note spaces=4 >}} -Chef Infra Server versions earlier than 14.5 configured with `nginx['enable_non_ssl'] = false` and `fips = true` require `export CSC_LB_URL=https://127.0.0.1` to run the command `chef-server-ctl reindex ` -{{< /note >}} - -`nginx['enable_stub_status']` - -: Enables the Nginx `stub_status` module. See - `nginx['stub_status']['allow_list']`, - `nginx['stub_status']['listen_host']`, - `nginx['stub_status']['listen_port']`, and - `nginx['stub_status']['location']`. Default value: `true`. - -`nginx['gzip']` - -: Enable gzip compression. Default value: `on`. - -`nginx['gzip_comp_level']` - -: The compression level used with gzip, from least amount of - compression (`1`, fastest) to the most (`2`, slowest). Default - value: `2`. - -`nginx['gzip_http_version']` - -: Enable gzip depending on the version of the HTTP request. Default - value: `1.0`. - -`nginx['gzip_proxied']` - -: The type of compression used based on the request and response. - Default value: `any`. - -`nginx['gzip_types']` - -: Enable compression for the specified MIME-types. Default value: - - ```ruby - [ 'text/plain', - 'text/css', - 'application/x-javascript', - 'text/xml', 'application/xml', - 'application/xml+rss', - 'text/javascript', - 'application/json' - ] - ``` - -`nginx['keepalive_timeout']` - -: The amount of time (in seconds) to wait for requests on a HTTP - keepalive connection. Default value: `65`. - -`nginx['log_directory']` - -: The directory in which log data is stored. The default value is the - recommended value. Default value: `/var/log/opscode/nginx`. - -`nginx['log_rotation']` - -: The log rotation policy for this service. Log files are rotated when - they exceed `file_maxbytes`. The maximum number of log files in the - rotation is defined by `num_to_keep`. Default value: - `{ 'file_maxbytes' => 104857600, 'num_to_keep' => 10 }` - -`nginx['log_x_forwarded_for']` - -: Log \$http_x_forwarded_for ("X-Forwarded-For") instead of - \$remote_addr if `true`. Default value `false`. - -`nginx['non_ssl_port']` - -: The port on which the WebUI and API are bound for non-SSL - connections. Default value: `80`. Use `nginx['enable_non_ssl']` to - enable or disable SSL redirects on this port number. Set to `false` - to disable non-SSL connections. - -`nginx['sendfile']` - -: Copy data between file descriptors when `sendfile()` is used. - Default value: `on`. - -`nginx['server_name']` - -: The FQDN for the server. FQDNs must always be in lowercase. Default value: `node['fqdn']`. - -`nginx['ssl_certificate']` - -: The SSL certificate used to verify communication over HTTPS. Default - value: `nil`. - -`nginx['ssl_certificate_key']` - -: The certificate key used for SSL communication. Default value: - `nil`. - -`nginx['ssl_ciphers']` - -: The list of supported cipher suites that are used to establish a - secure connection. To favor AES256 with ECDHE forward security, drop - the `RC4-SHA:RC4-MD5:RC4:RSA` prefix. See [this - link](https://www.openssl.org/docs/man1.1.1/man1/ciphers.html) for more - information. For example: - - ```ruby - nginx['ssl_ciphers'] = HIGH: ... :!PSK - ``` - -`nginx['ssl_company_name']` - -: The name of your company. Default value: `YouCorp`. - -`nginx['ssl_country_name']` - -: The country in which your company is located. Default value: `US`. - -`nginx['ssl_email_address']` - -: The default email address for your company. Default value: - `you@example.com`. - -`nginx['ssl_locality_name']` - -: The city in which your company is located. Default value: `Seattle`. - -`nginx['ssl_organizational_unit_name']` - -: The organization or group within your company that is running the - Chef Infra Server. Default value: `Operations`. - -`nginx['ssl_port']` - -: Default value: `443`. - -`nginx['ssl_protocols']` - -: The SSL protocol versions that are enabled for the Chef Infra Server API. - Starting with Chef Infra Server 14.3, this value defaults to `'TLSv1.2'` for - enhanced security. Previous releases defaulted to `'TLSv1 TLSv1.1 TLSv1.2'`, - which allowed for less secure SSL connections. TLS 1.2 is supported on - Chef Infra Client 10.16.4 and later on Linux, Unix, and macOS, and on Chef - Infra Client 12.8 and later on Windows. If it is necessary to support these older end-of-life - Chef Infra Client releases, set this value to `'TLSv1.1 TLSv1.2'`. - - ```ruby - nginx['ssl_protocols'] = 'TLSv1.2' - ``` - - Default value: `TLSv1.2`. - -`nginx['ssl_state_name']` - -: The state, province, or region in which your company is located. - Default value: `WA`. - -`nginx['strict_host_header']` - -: Whether nginx should only respond to requests where the Host header - matches one of the configured FQDNs. Default value: `false`. - -`nginx['stub_status']['allow_list']` - -: The IP address on which accessing the `stub_status` endpoint is - allowed. Default value: `["127.0.0.1"]`. - -`nginx['stub_status']['listen_host']` - -: The host on which the Nginx `stub_status` module listens. Default - value: `"127.0.0.1"`. - -`nginx['stub_status']['listen_port']` - -: The port on which the Nginx `stub_status` module listens. Default - value: `"9999"`. - -`nginx['stub_status']['location']` - -: The name of the Nginx `stub_status` endpoint used to access data - generated by the Nginx `stub_status` module. Default value: - `"/nginx_status"`. - -`nginx['tcp_nodelay']` - -: Enable the Nagle buffering algorithm. Default value: `on`. - -`nginx['tcp_nopush']` - -: Enable TCP/IP transactions. Default value: `on`. - -`nginx["time_format"]` - -: The time format of nginx `access.log`. Possible values : `"time_iso8601"` (ex: [2020-10-21T07:22:00+00:00]), `"time_local"` (ex: [07/Jun/2018:01:05:11 +0900]). - - Default value : `"time_iso8601"`. - - **New in Chef Infra Server 14.1** - -`nginx['url']` - -: Default value: `https://#{node['fqdn']}`. - -`nginx['use_implicit_hosts']` - -: Automatically add localhost and any - local IP addresses to the configured FQDNs. Useful in combination - with `nginx['strict_host_header']`. Default value: `true`. - -`nginx['show_welcome_page']` - -: Determines whether or not the default nginx welcome page is shown. - Default value: `true`. - -`nginx['worker_connections']` - -: The maximum number of simultaneous clients. Use with - `nginx['worker_processes']` to determine the maximum number of - allowed clients. Default value: `10240`. - -`nginx['worker_processes']` - -: The number of allowed worker processes. Use with - `nginx['worker_connections']` to determine the maximum number of - allowed clients. Default value: `node['cpu']['total'].to_i`. - -`nginx['x_forwarded_proto']` - -: The protocol used to connect to the server. Possible values: `http` - and `https`. This is the protocol used to connect to the Chef Infra - Server by a Chef Infra Client or a workstation. Default value: - `'https'`. - -`nginx['hsts_max_age']` - -: Time duration in seconds till which the browser caches the `HSTS` information. - Possible values: greater than or equal to `31536000` and less than or equal to `63072000`. - Default value: `31536000` (1 year). - -`nginx['nginx_no_root']` - -: Boolean, default `false`. Specifies that `nginx` processes, including the `master` process, should not - run as the `root` user on a system and will instead run as `user['username']` (defaults to `opscode`). - **REQUIRES** that `nginx['ssl_port']` and `nginx['non_ssl_port']` options are configured to non-privileged - ports greater than `1024` or that the local system is otherwise allowed to bind to privileged ports - with the user `user['username']`. - - **New in Chef Infra Server 14.10* - -### oc_bifrost - -{{< reusable_text_versioned file="server_services_bifrost" >}} - -This configuration file has the following settings for `oc_bifrost`: - -`oc_bifrost['db_pool_size']` - -: The number of open connections to PostgreSQL that are maintained by - the service. This value should be increased if failures indicate - that the **oc_bifrost** service ran out of connections. This value - should be tuned in conjunction with the - `postgresql['max_connections']` setting for PostgreSQL. Default - value: `20`. - -`oc_bifrost['dir']` - -: The working directory. The default value is the recommended value. - Default value: `/var/opt/opscode/oc_bifrost`. - -`oc_bifrost['enable']` - -: Enable a service. Default value: `true`. - -`oc_bifrost['enable_request_logging']` - -: Use to configure request logging for the `oc_bifrost` service. - Default value: `true`. - -`oc_bifrost['extended_perf_log']` - -: Default value: `true`. - -`oc_bifrost['listen']` - -: The IP address on which the service is to listen. Default value: - `'127.0.0.1'`. - -`oc_bifrost['log_directory']` - -: The directory in which log data is stored. The default value is the - recommended value. Default value: `/var/log/opscode/oc_bifrost`. - -`oc_bifrost['log_rotation']` - -: The log rotation policy for this service. Log files are rotated when - they exceed `file_maxbytes`. The maximum number of log files in the - rotation is defined by `num_to_keep`. Default value: - - ```ruby - { 'file_maxbytes' => 104857600, 'num_to_keep' => 10 } - ``` - -`oc_bifrost['port']` - -: The port on which the service is to listen. Default value: `9463`. - -`oc_bifrost['sql_connection_user']` - -: The PostgreSQL user name in `'username@hostname'` format (e.g. - `'bifrost@my_postgresql.postgres.database.azure.com'`), where - `username` would normally equal the value of - `oc_bifrost['sql_user']` (default: `'bifrost'`). This setting is - **required** in an external Azure PostgreSQL database-as-a-service - configuration. If set to `nil`, Chef Infra Server assumes that the - database is not on Azure and the PostgreSQL connection will be made - using the value specified in `oc_bifrost['sql_user']`. Default - value: `nil`. - -`oc_bifrost['sql_password']` - -: The password for the `sql_user`. Default value: **generated**. - - To override the default value, use the [Secrets - Management]({{< relref "/server/ctl_chef_server#secrets-management" >}}) - command: `chef-server-ctl set-secret oc_bifrost sql_password`. - -`oc_bifrost['sql_ro_password']` - -: The password for the `sql_ro_user`. Default value: **generated**. - - To override the default value, use the [Secrets - Management]({{< relref "/server/ctl_chef_server#secrets-management" >}}) - command: `chef-server-ctl set-secret oc_bifrost sql_ro_password`. - -`oc_bifrost['sql_ro_user']` - -: Default value: `'bifrost_ro'`. - -`oc_bifrost['sql_user']` - -: The user with permission to publish data. Default value: - `'bifrost'`. - -`oc_bifrost['superuser_id']` - -: Default value: **generated**. - -`oc_bifrost['vip']` - -: The virtual IP address. Default value: `'127.0.0.1'`. - -### oc_chef_authz - -The **opscode-authz** service is used to handle authorization requests -from oc_erchef to oc_bifrost in the Chef Infra Server. - -This configuration file has the following settings for `oc_chef_authz`: - -`oc_chef_authz['http_cull_interval']` - -: Default value: `'{1, min}'`. - -`oc_chef_authz['http_init_count']` - -: Default value: `25`. - -`oc_chef_authz['http_max_age']` - -: Default value: `'{70, sec}'`. - -`oc_chef_authz['http_max_connection_duration']` - -: Default value: `'{70, sec}'`. - -`oc_chef_authz['http_max_count']` - -: Default value: `100`. - -`oc_chef_authz['ibrowse_options']` - -: The amount of time (in milliseconds) to wait for a connection to be - established. Default value: `'[{connect_timeout, 5000}]'`. - -`oc_chef_authz['max_connection_request_limit']` - -: The maximum number of requests allowed per connection. - Default value: `100`. - -### oc-chef-pedant - -This configuration file has the following settings for `oc-chef-pedant`: - -`oc_chef_pedant['debug_org_creation']` - -: Run tests with full output. Default value: `false`. - -`oc_chef_pedant['dir']` - -: The working directory. The default value is the recommended value. - Default value: - - ```ruby - '/var/opt/opscode/oc-chef-pedant' - ``` - -`oc_chef_pedant['log_directory']` - -: The directory in which log data is stored. The default value is the - recommended value. Default value: - - ```ruby - '/var/log/opscode/oc-chef-pedant' - ``` - -`oc_chef_pedant['log_http_requests']` - -: Log HTTP requests in a file named `http-traffic.log` that is located - in the path specified by `log_directory`. Default value: `true`. - -`oc_chef_pedant['log_rotation']` - -: The log rotation policy for this service. Log files are rotated when - they exceed `file_maxbytes`. The maximum number of log files in the - rotation is defined by `num_to_keep`. Default value: - - ```ruby - { 'file_maxbytes' => 104857600, 'num_to_keep' => 10 } - ``` - -### oc-id - -{{< reusable_text_versioned file="server_services_oc_id" >}} - -This configuration file has the following settings for `oc-id`: - -`oc_id['administrators']` - -: An array of Chef Infra Server user names who may add applications to - the identity service. For example, `['user1', 'user2']`. Default - value: `[ ]`. - -`oc_id['applications']` - -: A Hash that contains OAuth 2 application information. Default value: - `{ }`. - - {{< readfile file="content/server/reusable/md/config_ocid_application_hash_supermarket.md" >}} - -`oc_id['db_pool_size']` - -: The number of open connections to PostgreSQL that are maintained by - the service. Default value: `'20'`. - -`oc_id['dir']` - -: The working directory. The default value is the recommended value. - Default value: none. - -`oc_id['enable']` - -: Enable a service. Default value: `true`. - -`oc_id['email_from_address']` - -: Outbound email address. Defaults to the `'from_email'` value. - -`oc_id['log_directory']` - -: The directory in which log data is stored. The default value is the - recommended value. Default value: `'/var/opt/opscode/oc_id'`. - -`oc_id['log_rotation']` - -: The log rotation policy for this service. Log files are rotated when - they exceed `file_maxbytes`. The maximum number of log files in the - rotation is defined by `num_to_keep`. Default value: - - ```ruby - { 'file_maxbytes' => 104857600, 'num_to_keep' => 10 } - ``` - -`oc_id['origin']` - -: The FQDN for the server that is sending outbound email. FQDNs must - always be in lowercase. Defaults to the `'api_fqdn'` value, which - is the FQDN for the Chef Infra Server. - -`oc_id['num_to_keep']` - -: The number of log files to keep. Default value: `10`. - -`oc_id['port']` - -: The port on which the service is to listen. Default value: `9090`. - -`oc_id['sql_connection_user']` - -: The PostgreSQL user name in `'username@hostname'` format (e.g. - `'oc_id@my_postgresql.postgres.database.azure.com'`), where - `username` would normally equal the value of `oc_id['sql_user']` - (default: `'od_id'`). This setting is **required** in an external - Azure PostgreSQL database-as-a-service configuration. If set to - `nil`, Chef Infra Server assumes that the database is not on Azure - and the PostgreSQL connection will be made using the value specified - in `oc_id['sql_user']`. Default value: `nil`. - -`oc_id['sql_database']` - -: The name of the database. Default value: `oc_id`. - -`oc_id['sql_password']` - -: The password for the `sql_user`. Default value: **generated**. - - To override the default value, use the [Secrets - Management]({{< relref "/server/ctl_chef_server#secrets-management" >}}) - command: `chef-server-ctl set-secret oc_id sql_password`. - -`oc_id['sql_user']` - -: The user with permission to write to `sql_database`. Default value: - `oc_id`. - -`oc_id['vip']` - -: The virtual IP address. Default value: `'127.0.0.1'`. - -### opscode-erchef - -{{< reusable_text_versioned file="server_services_erchef" >}} - -This configuration file has the following settings for `opscode-erchef`: - -`opscode_erchef["allow_email_update_only_from_manage"]` - -: Set to `true`, users can only update their email from the Chef management console. - Set to `false`, users can update their email using knife and the Chef management console. - - Default value : `false`. - - **New in Chef Infra Server 14.5** - -`opscode_erchef['auth_skew']` - -: Default value: `900`. - -`opscode_erchef['authz_fanout']` - -: Default value: `20`. - -`opscode_erchef['authz_timeout']` - -: The amount of time (in seconds) before a request to the - **oc_bifrost** service times out. Default value: `2000`. - -`opscode_erchef['base_resource_url']` - -: The base URL to which the service is to return links to API - resources. Use `:host_header` to ensure the URL is derived from the - host header of the incoming HTTP request. Default value: - `:host_header`. - -`opscode_erchef['bulk_fetch_batch_size']` - -: The number of nodes that may be deserialized. Currently only applies - to the `/search` endpoint in the Chef Infra Server API. The default - value is the recommended value. Default value: `5`. - -`opscode_erchef['cache_ttl']` - -: Default value: `3600`. - -`opscode_erchef['cleanup_batch_size']` - -: Default value: `0`. - -`opscode_erchef['couchdb_max_conn']` - -: Default value: `'100'`. - -`opscode_erchef['db_pool_size']` - -: The number of open connections to PostgreSQL that are maintained by - the service. Default value: `20`. - -`opscode_erchef['depsolver_timeout']` - -: The amount of time (in milliseconds) to wait for cookbook dependency - problems to be solved. Default value: `'5000'`. - -`opscode_erchef['depsolver_worker_count']` - -: The number of Ruby processes for which cookbook dependency problems - are unsolved. Use the `pgrep -fl depselector` command to verify the - number of depsolver workers that are running. If you are seeing 503 - service unavailable errors, increase this value. Default value: - `'5'`. - -`opscode_erchef['dir']` - -: The working directory. The default value is the recommended value. - Default value: `/var/opt/opscode/opscode-erchef`. - -`opscode_erchef['enable']` - -: Enable a service. Default value: `true`. - -`opscode_erchef['enable_actionlog']` - -: Use to enable Chef actions, a premium feature of the Chef Infra - Server. Default value: `false`. - -`opscode_erchef['enable_request_logging']` - -: Use to configure request logging for the `opscode_erchef` service. - Default value: `true`. - -`opscode_erchef['ibrowse_max_pipeline_size']` - -: Default value: `1`. - -`opscode_erchef['ibrowse_max_sessions']` - -: Default value: `256`. - -`opscode_erchef['enable_ibrowse_traces']` - -: Use to configure ibrowse logging for the `opscode_erchef` service. - Default value: `false`. - -`opscode_erchef["include_version_in_status"]` - -: Set to `true` to include `server_version` as part of the `/_status` endpoint. - - Default value : `false`. - - **New in Chef Infra Server 14.1** - -`opscode_erchef['listen']` - -: The IP address on which the service is to listen. Default value: - `127.0.0.1`. - -`opscode_erchef['log_directory']` - -: The directory in which log data is stored. The default value is the - recommended value. Default value: `/var/log/opscode/opscode-erchef`. - -`opscode_erchef['log_rotation']` - -: The log rotation policy for this service. Log files are rotated when - they exceed `file_maxbytes`. The maximum number of log files in the - rotation is defined by `num_to_keep`. Default value: - - ```ruby - { 'file_maxbytes' => 104857600, 'num_to_keep' => 10 } - ``` - -`opscode_erchef['max_cache_size']` - -: Default value: `10000`. - -`opscode_erchef['max_request_size']` - -: When the request body size is greater than this value, a - `413 Request Entity Too Large` error is returned. Default value: - `2000000`. - -`opscode_erchef['nginx_bookshelf_caching']` - -: Whether Nginx is used to cache cookbooks. When `:on`, Nginx serves - up the cached content instead of forwarding the request. Default - value: `:off`. - -`opscode_erchef['port']` - -: The port on which the service is to listen. Default value: `8000`. - -`opscode_erchef['reindex_batch_size']` - -: The number of items to fetch from the database and send to the - search index at a time. Default value: `10`. - -`opscode_erchef['reindex_sleep_min_ms']` - -: The minimum number of milliseconds to sleep before retrying a failed - attempt to index an item. Retries are delayed a random number of - miliseconds between `reindex_sleep_min_ms` and - `reindex_sleep_max_ms`. Set both this and `reindex_sleep_max_ms` to - 0 to retry without delay. Default value: `500` - -`opscode_erchef['reindex_sleep_max_ms']` - -: The maximum number of milliseconds to sleep before retrying a failed - attempt to index an item. Retries are delayed a random number of - miliseconds between `reindex_sleep_min_ms` and - `reindex_sleep_max_ms`. Set both this and `reindex_sleep_min_ms` to - 0 to retry without delay. Default value: `2000` - -`opscode_erchef['reindex_item_retries']` - -: The number of times to retry sending an object for indexing in the - case of failure. Default value: `3` - -`opscode_erchef['root_metric_key']` - -: Default value: `chefAPI`. - -`opscode_erchef['s3_bucket']` - -: The name of the Amazon Simple Storage Service (S3) bucket. This may - point at external storage locations, such as Amazon EC2. See [AWS - external bookshelf - settings]({{< relref "/server#aws-settings" >}}) for - more information on configuring external bookshelf. - -`opscode_erchef['s3_parallel_ops_fanout']` - -: Default value: `20`. - -`opscode_erchef['s3_parallel_ops_timeout']` - -: Default value: `5000`. - -`opscode_erchef['s3_url_expiry_window_size']` - -: The frequency at which unique URLs are generated. This value may be - a specific amount of time, i.e. `15m` (fifteen minutes) or a - percentage of the value of `s3_url_ttl`, i.e. `10%`. Default value: - `:off`. - -`opscode_erchef['s3_url_ttl']` - -: The amount of time (in seconds) before connections to the server - expire. If node bootstraps are timing out, increase this setting. - Default value: `28800`. - -`opscode_erchef['s3_url_type']` - -: The URL style to use (`path` or `vhost`) when connecting to S3. - Mainly used to manually override the default setting. Note that - Amazon may eliminate path-style URLs on some or all S3 buckets - in the future. Default value: `vhost`. - -`opscode_erchef['sql_connection_user']` - -: The PostgreSQL user name in `'username@hostname'` format (e.g. - `'opscode_chef@my_postgresql.postgres.database.azure.com'`), where - `username` would normally equal the value of - `opscode-erchef['sql_user']` (default: `'opscode_chef'`). This - setting is **required** in an external Azure PostgreSQL - database-as-a-service configuration. If set to `nil`, Chef Infra - Server assumes that the database is not on Azure and the PostgreSQL - connection will be made using the value specified in - `opscode_erchef['sql_user']`.Default value: `nil`. - -`opscode_erchef['strict_search_result_acls']` - -: {{< reusable_text_versioned file="settings_strict_search_result_acls" >}} - -`opscode_erchef['udp_socket_pool_size']` - -: Default value: `20`. - -`opscode_erchef['umask']` - -: Default value: `0022`. - -`opscode_erchef['validation_client_name']` - -: Default value: `chef-validator`. - -`opscode_erchef['vip']` - -: The virtual IP address. Default value: `127.0.0.1`. - -`opscode_erchef['cbv_cache_enabled']` - -: Enable cookbook version response caching by setting this to `true`. If you frequently see - very long response times from `cookbook_versions` when under load, this is worth enabling. - Enabling this makes it possible for a client to receive stale results. When a cookbook is updated - in place (without incrementing the version), and the old response has not expired from the cache, - the Infra Server will give the old response to the client. Subsequent client runs will receive the - updated response. Default value: `false`. - -`opscode_erchef['cbv_cache_item_ttl']` - -: The maximum time in milliseconds that Chef Infra Server will keep any given cookbook version response in the cache when - when `cbv_cache_enabled` is enabled. - Default value: `30000`. - -{{< note >}} -Be careful if increasing this number - requests for a given set of cookbook versions will be stale if the resolved cookbook versions are updated before the cache entry times out. This will -not occur if you increment the version of a cookbook with every cookbook update, which is the recommended approach to updating cookbooks. -{{< /note >}} - -`opscode_erchef['search_queue_mode']` - -: The search index queue mode . Default value: `batch`. - -`opscode_erchef['search_provider']` - -: The search index provider. Default value: `elasticsearch`. - -`opscode_erchef['search_auth_username']` - -: The OpenSearch username. Default value: `opensearch_user`. - -`opscode_erchef['search_auth_password']` - -: The OpenSearch password. Default value: `nil`. - -### OpenSearch - -This configuration file has the following settings for `opensearch`: - -`opensearch['enable']` - -: Enable the service. Default value: `true`. - -`opensearch['dir']` - -: The working directory. The default value is the recommended value. Default value: `/var/opt/opscode/opensearch` - -`opensearch['data_dir']` - -: The paths used to store data. Default value: `/var/opt/opscode/elasticsearch/data` - -`opensearch['plugins_directory']` - -: The default location of the plugins directory depends on which package you install. Default value: `/var/opt/opscode/opensearch/plugins` - -`opensearch['scripts_directory']` - -: The default location of the scripts directory depends on which package you install. Default value: `/var/opt/opscode/opensearch/scripts` - -`opensearch['temp_directory']` - -: By default, OpenSearch uses a private temporary directory that the startup script creates immediately below the system temporary directory. Default value: `/var/opt/opscode/opensearch/tmp` - -`opensearch['log_directory']` - -: The directory in which log data is stored. The default value is the recommended value. Default value: `/var/log/opscode/opensearch` - -`opensearch['log_rotation']['file_maxbytes']` - -: The log rotation policy for this service. Log files are rotated when they exceed `file_maxbytes`. Default value: `104857600`. - -`opensearch['log_rotation']['num_to_keep']` - -: The log rotation policy for this service. `num_to_keep` specifies the maximum number of log files in the rotation. Default value: `10`. - -`opensearch['vip']` - -: The virtual IP address for the machine on which Apache Solr is running. Default value: `127.0.0.1` - -`opensearch['listen']` - -: The IP address for the machine on which Apache Solr is running. Default value: `127.0.0.1` - -`opensearch['port']` - -: The port on which the service is listening. Default value: `9200` - -`opensearch['enable_gc_log']` - -: Enable or disable GC logging. Default value: `false` - -`opensearch['initial_cluster_join_timeout']` - -: Default value: `90` - -`opensearch['jvm_opts']` - -: Default values are set based on [JVM configuration options](https://github.com/elastic/elasticsearch/blob/6.8/distribution/src/config/jvm.options). - - {{< note spaces=4 >}} - - Each item in this list will be placed as is into the `java_opts` config file. Entries are set in chef-server.rb as: - - ```ruby - opensearch.jvm_opts = [ - "-xoption1", - "-xoption2", - ... - "optionN" - ] - ``` - - {{< /note >}} - -`opensearch['heap_size']` - -: The amount of memory (in MBs) available to OpenSearch. If there is not enough memory available, search queries made by nodes to OpenSearch may fail. The amount of memory that must be available also depends on the number of nodes in the organization, the frequency of search queries, and other characteristics that are unique to each organization. In general, as the number of nodes increases, so does the amount of memory. The default value should work for many organizations with fewer than 25 nodes. For an organization with several hundred nodes, the amount of memory that is required often exceeds 3GB. Default value is is equivalent to 25% of the system memory or 1024 MB, whichever is greater. - - {{< note spaces=4 >}} - - If `heap_size` is also specified directly in `java_opts`, it will be ignored in favor of the chef-server.rb values or the defaults as calculated here. Only use chef-server.rb to set `heap_size`. It will raise an error if the system memory is less than 4 GB. This value is bounded between 1 GB - 28 GB. - - {{< /note >}} - -`opensearch['new_size']` - -: Defaults to the larger of 1/16th of the `heap_size` or 32 MB. - - {{< note spaces=4 >}} - - If `new_size` is also specified directly in `java_opts`, it will be ignored in favor of the chef-server.rb values or the defaults calculated here. Only use chef-server.rb to set `new_size`. - - {{< /note >}} - -### External OpenSearch - -`opensearch['external']` - -: Enable external `opensearch` service by setting to `true`. Default value: `false`. - -`opensearch['external_url']` - -: The external OpenSearch URL. Example: `http://127.0.0.1:9200`. Default value: `nil` - -{{< note >}} -Chef Infra Server supports OpenSearch only as an external indexing provider. You must provide values for `external` and `external_url` under this configuration. -{{< /note >}} - -### Elasticsearch - -This configuration file has the following settings for `elasticsearch`: - -`elasticsearch['enable']` - -: Enable a service. Default value: `true`. - -`elasticsearch['dir']` - -: The working directory. The default value is the recommended value. Default value: `/var/opt/opscode/elasticsearch` - -`elasticsearch['data_dir']` - -: The paths used to store data. Default value: `/var/opt/opscode/elasticsearch/data` - -`elasticsearch['plugins_directory']` - -: The default location of the plugins directory depends on which package you install. Default value: `/var/opt/opscode/elasticsearch/plugins` - -`elasticsearch['scripts_directory']` - -: The default location of the scripts directory depends on which package you install. Default value: `/var/opt/opscode/elasticsearch/scripts` - -`elasticsearch['temp_directory']` - -: By default, Elasticsearch uses a private temporary directory that the startup script creates immediately below the system temporary directory. Default value: `/var/opt/opscode/elasticsearch/tmp` - -`elasticsearch['log_directory']` - -: The directory in which log data is stored. The default value is the recommended value. Default value: `/var/log/opscode/elasticsearch` - -`elasticsearch['log_rotation']['file_maxbytes']` - -: The log rotation policy for this service. Log files are rotated when they exceed file_maxbytes. Default value for 'file_maxbytes': `104857600` - -`elasticsearch['log_rotation']['num_to_keep']` - -: The log rotation policy for this service. The maximum number of log files in the rotation is defined by num_to_keep. Default value for 'num_to_keep': => `10` - -`elasticsearch['vip']` - -: The virtual IP address for the machine on which Apache Solr is running. Default value: `127.0.0.1` - -`elasticsearch['listen']` - -: The IP address for the machine on which Apache Solr is running. Default value: `127.0.0.1` - -`elasticsearch['port']` - -: The port on which the service is to listen. Default value: `9200` - -`elasticsearch['enable_gc_log']` - -: Enable or disable GC logging. Default value: `false` - -`elasticsearch['initial_cluster_join_timeout']` - -: Default value: `90` - -`elasticsearch['jvm_opts']` - -: Default values are set based on [JVM configuration options](https://github.com/elastic/elasticsearch/blob/6.8/distribution/src/config/jvm.options). - -{{< note >}} - -Each item in this list will be placed as is into the java_opts config file. Entries are set in chef-server.rb as: - -```ruby - elasticsearch.jvm_opts = [ - "-xoption1", - "-xoption2", - ... - "optionN" - ] -``` - -{{< /note >}} - -`elasticsearch['heap_size']` - -: The amount of memory (in MBs) available to Elasticsearch. If there is not enough memory available, search queries made by nodes to Elasticsearch may fail. The amount of memory that must be available also depends on the number of nodes in the organization, the frequency of search queries, and other characteristics that are unique to each organization. In general, as the number of nodes increases, so does the amount of memory. The default value should work for many organizations with fewer than 25 nodes. For an organization with several hundred nodes, the amount of memory that is required often exceeds 3GB. Default value is is equivalent to 25% of the system memory or 1024 MB, whichever is greater. - -{{< note >}} - -If new_size or heap_size is also specified directly in java_opts, it will be ignored in favor of the chef-server.rb values or the defaults as calculated here. Only use chef-server.rb to set heap and new sizes. Learn more about [Elasticsearch heap-size](https://www.elastic.co/guide/en/elasticsearch/reference/current/heap-size.html). It will error out if the system memory is less than 4 GB. This value is bounded between 1 GB - 28 GB. - -{{< /note >}} - -`elasticsearch['new_size']` - -: Defaults to the larger of 1/16th the heap_size and 32 MB. - -{{< note >}} - -If new_size or heap_size is also specified directly in java_opts, it will be ignored in favor of the chef-server.rb values or the defaults as calculated here. Only use chef-server.rb to set heap and new sizes. Learn more about [Elasticsearch heap-size documentation](https://www.elastic.co/guide/en/elasticsearch/reference/current/heap-size.html). - -{{< /note >}} - -### postgresql - -{{< reusable_text_versioned file="server_services_postgresql" >}} - -This configuration file has the following settings for `postgresql`: - -`postgresql['checkpoint_completion_target']` - -: A completion percentage that is used to determine how quickly a - checkpoint should finish in relation to the completion status of the - next checkpoint. For example, if the value is `0.5`, then a - checkpoint attempts to finish before 50% of the next checkpoint is - done. Default value: `0.5`. - -`postgresql['checkpoint_segments']` - -: The maximum amount (in megabytes) between checkpoints in log file - segments. Default value: `3`. - -`postgresql['checkpoint_timeout']` - -: The amount of time (in minutes) between checkpoints. Default value: - `5min`. - -`postgresql['checkpoint_warning']` - -: The frequency (in seconds) at which messages are sent to the server - log files if checkpoint segments are being filled faster than their - currently configured values. Default value: `30s`. - -`postgresql['data_dir']` - -: The directory in which on-disk data is stored. The default value is - the recommended value. Default value: - `/var/opt/opscode/postgresql/#{node['private_chef']['postgresql']['version']}/data`. - -`postgresql['db_connection_superuser']` - -: The PostgreSQL superuser name in `'username@hostname'` format (e.g. - `'opscode_pgsql@my_postgresql.postgres.database.azure.com'`), where - `username` would normally equal the value of - `postgresql['db_superuser']` with any dashes replaced by - underscores. This setting is **required** in an external Azure - PostgreSQL database-as-a-service configuration. If set to `nil`, - Chef Infra Server assumes that the database is not on Azure and the - PostgreSQL connection will be made using the value specified in - `postgresql['db_superuser']`. Default value: `nil`. - -`postgresql['db_superuser']` - -: Default value: `opscode-pgsql`. If `username` is set, set - `db_superuser` to the same value. - -`postgresql['db_superuser_password']` - -: Password for the DB superuser. Default value: **generated**. - - To override the default value, use the [Secrets - Management]({{< relref "/server/ctl_chef_server#secrets-management" >}}) - command: `chef-server-ctl set-db-superuser-password`. - -`postgresql['dir']` - -: The working directory. The default value is the recommended value. - Default value: - `/var/opt/opscode/postgresql/#{node['private_chef']['postgresql']['version']}`. - -`postgresql['effective_cache_size']` - -: The size of the disk cache that is used for data files. Default - value: 50% of available RAM. - -`postgresql['enable']` - -: Enable a service. Default value: `true`. - -`postgresql['home']` - -: The home directory for PostgreSQL. Default value: - `/var/opt/opscode/postgresql`. - -`postgresql['keepalives_count']` - -: The maximum number of keepalive proves that should be sent before - dropping a connection. Default value: `2`. - -`postgresql['keepalives_idle']` - -: The amount of time (in seconds) a connection must remain idle before - keepalive probes will resume. Default value: `60`. - -`postgresql['keepalives_interval']` - -: The amount of time (in seconds) between probes. Default value: `15`. - -`postgresql['listen_address']` - -: The connection source to which PostgreSQL is to respond. Default - value: `localhost`. - -`postgresql['log_directory']` - -: The directory in which log data is stored. The default value is the - recommended value. Default value: - `/var/log/opscode/postgresql/#{node['private_chef']['postgresql']['version']}`. - -`postgresql['log_min_duration_statement']` - -: When to log a slow PostgreSQL query statement. Possible values: `-1` - (disabled, do not log any statements), `0` (log every statement), or - an integer greater than zero. When the integer is greater than zero, - this value is the amount of time (in milliseconds) that a query - statement must have run before it is logged. Default value: `-1`. - -`postgresql['log_rotation']` - -: The log rotation policy for this service. Log files are rotated when - they exceed `file_maxbytes`. The maximum number of log files in the - rotation is defined by `num_to_keep`. Default value: - `{ 'file_maxbytes' => 104857600, 'num_to_keep' => 10 }` - -`postgresql['max_connections']` - -: The maximum number of allowed concurrent connections. Default value: - `350`. - -`postgresql['md5_auth_cidr_addresses']` - -: Use instead of `trust_auth_cidr_addresses` to encrypt passwords - using MD5 hashes. Default value: `[ '127.0.0.1/32', '::1/128' ]`. - -`postgresql['port']` - -: The port on which the service is to listen. Default value: `5432`. - -`postgresql['shared_buffers']` - -: The amount of memory that is dedicated to PostgreSQL for data - caching. Default value: - `#{(node['memory']['total'].to_i / 4) / (1024)}MB`. - -`postgresql['shell']` - -: Default value: `/bin/sh`. - -`postgresql['shmall']` - -: The total amount of available shared memory. Default value: - `4194304`. - -`postgresql['shmmax']` - -: The maximum amount of shared memory. Default value: `17179869184`. - -`postgresql['sslmode']` - -: SSL encryption mode between the Chef Infra Server and PostgreSQL. - Valid settings are `'disable'` and `'require'`. Default value: - `'disable'`. - -`postgresql['trust_auth_cidr_addresses']` - -: Use for clear-text passwords. See `md5_auth_cidr_addresses`. Default - value: `'127.0.0.1/32', '::1/128'`. - -`postgresql['user_path']` - -: Default value: `/opt/opscode/embedded/bin:/opt/opscode/bin:$PATH`. - -`postgresql['username']` - -: The PostgreSQL account user name. Default value: `opscode-pgsql`. If - setting this value, must set `db_superuser` to the same value. - -`postgresql['version']` - -: The (currently) hardcoded version of PostgreSQL. Default value: - `'9.2'`. - -`postgresql['vip']` - -: The virtual IP address. Default value: `127.0.0.1`. - -`postgresql['work_mem']` - -: The size (in megabytes) of allowed in-memory sorting. Default value: - `8MB`. - -`postgresql['pg_upgrade_timeout']` - -: The timeout value (in seconds) for PostgreSQL upgrade. Default value: - `7200`. - -### redis_lb - -{{< reusable_text_versioned file="server_services_redis" >}} - -This configuration file has the following settings for `redis_lb`: - -`redis_lb['activerehashing']` - -: Enable active rehashing. Default value: `'no'`. - -`redis_lb['aof_rewrite_min_size']` - -: The minimum size of the append-only file. Only files larger than - this value are rewritten. Default value: `'16mb'`. - -`redis_lb['aof_rewrite_percent']` - -: The size of the current append-only file, as compared to the base - size. The append-only file is rewritten when the current file - exceeds the base size by this value. Default value: `'50'`. - -`redis_lb['appendfsync']` - -: The frequency at which the operating system writes data on-disk, - instead of waiting for more data. Possible values: `no` (don't - fsync, let operating system flush data), `always` (fsync after every - write to the append-only log file), and `everysec` (fsync only once - time per second). Default value: `'always'`. - -`redis_lb['appendonly']` - -: Dump data asynchronously on-disk or to an append-only log file. Set - to `yes` to dump data to an append-only log file. Default value: - `'no'`. - -`redis_lb['bind']` - -: Bind Redis to the specified IP address. Default value: - `'127.0.0.1'`. - -`redis_lb['data_dir']` - -: The directory in which on-disk data is stored. The default value is - the recommended value. Default value: - `'/var/opt/opscode/redis_lb/data'`. - -`redis_lb['databases']` - -: The number of databases. Default value: `'16'`. - -`redis_lb['dir']` - -: The working directory. The default value is the recommended value. - Default value: `'/var/opt/opscode/redis_lb'`. - -`redis_lb['enable']` - -: Enable a service. Default value: `true`. - -`redis_lb['ha']` - -: Run the Chef Infra Server in a high availability topology. When - `topology` is set to `ha`, this setting defaults to `true`. Default - value: `false`. - -`redis_lb['keepalive']` - -: The amount of time (in seconds) to wait for requests on a - connection. Default value: `'60'`. - -`redis_lb['log_directory']` - -: The directory in which log data is stored. The default value is the - recommended value. Default value: `'/var/log/opscode/redis_lb'`. - -`redis_lb['log_rotation']` - -: The log rotation policy for this service. Log files are rotated when - they exceed `file_maxbytes`. The maximum number of log files in the - rotation is defined by `num_to_keep`. Default value: - - ```ruby - { 'file_maxbytes' => 104857600, 'num_to_keep' => 10 } - ``` - -`redis_lb['loglevel']` - -: The level of logging to be stored in a log file.. Possible values: - `debug`, `notice`, `verbose`, and `warning`. Default value: - `'notice'`. - -`redis_lb['maxmemory']` - -: The maximum amount of memory (in bytes). Default value: `'8m'`. - -`redis_lb['maxmemory_policy']` - -: The policy applied when the maximum amount of memory is reached. - Possible values: `allkeys-lru` (remove keys, starting with those - used least frequently), `allkeys-random` (remove keys randomly), - `noeviction` (don't expire, return an error on write operation), - `volatile-lru` (remove expired keys, starting with those used least - frequently), `volatile-random` (remove expired keys randomly), and - `volatile-ttl` (remove keys, starting with nearest expired time). - Default value: `'noeviction'`. - -`redis_lb['port']` - -: The port on which the service is to listen. Default value: - `'16379'`. - -`redis_lb['save_frequency']` - -: Set the save frequency. Pattern: - `{ "seconds" => "keys", "seconds" => "keys", "seconds" => "keys" }`. - Default value: - - ```ruby - { '900' => '1', '300' => '10', '60' => '1000' } - ``` - - Which saves the database every 15 minutes if at least one key - changes, every 5 minutes if at least 10 keys change, and every 60 - seconds if 10000 keys change. - -`redis_lb['timeout']` - -: The amount of time (in seconds) a client may be idle before timeout. - Default value: `'300'`. - -`redis_lb['vip']` - -: The virtual IP address. Default value: `'127.0.0.1'`. - -`redis_lb['password']` - -: Legacy configuration setting for the Redis password. Default value: - **generated**. - - To override the default value, use the [Secrets - Management]({{< relref "/server/ctl_chef_server#secrets-management" >}}) - command: `chef-server-ctl set-secret redis_lb password`. - -### upgrades - -This configuration file has the following settings for `upgrades`: - -`upgrades['dir']` - -: The working directory. The default value is the recommended value. - Default value: `'/var/opt/opscode/upgrades'`. - -### user - -This configuration file has the following settings for `user`: - -`user['home']` - -: The home directory for the user under which Chef Infra Server - services run. Default value: `/opt/opscode/embedded`. - -`user['shell']` - -: The shell for the user under which Chef Infra Server services run. - Default value: `/bin/sh`. - -`user['username']` - -: The user name under which Chef Infra Server services run. Default - value: `opscode`. - -### required_recipe - -`required_recipe` is a feature that allows an administrator to specify a -recipe that will be run by all Chef Infra Clients that connect to it, -regardless of the node's run list. This feature is targeted at expert -level practitioners who are delivering isolated configuration changes to -the target systems, such as self-contained agent software. Further -explanation of the feature can be found in -[Chef Infra Client Development Docs](https://github.com/chef/chef/blob/main/docs/dev/design_documents/server_enforced_recipes.md). - -This configuration file has the following settings for -`required_recipe`: - -`required_recipe["enable"]` - -: Whether the feature is enabled. Default value: `false`. - -`required_recipe["path"]` - -: The location of the recipe to serve. The file must be owned by the - root user and group, and may not be group or world-writeable. - Default value: `nil`. diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/index.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/index.md deleted file mode 100644 index 2ae2541c48..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/index.md +++ /dev/null @@ -1,3 +0,0 @@ -+++ -headless = true -+++ \ No newline at end of file diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/config_add_condition.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/config_add_condition.md deleted file mode 100644 index 5351c32bdc..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/config_add_condition.md +++ /dev/null @@ -1,13 +0,0 @@ -Use a `case` statement to apply different values based on whether the -setting exists on the front-end or back-end servers. Add code to the -server configuration file similar to the following: - -```ruby -role_name = ChefServer['servers'][node['fqdn']]['role'] -case role_name -when 'backend' - # backend-specific configuration here -when 'frontend' - # frontend-specific configuration here -end -``` diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/config_rb_server_settings_ldap.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/config_rb_server_settings_ldap.md deleted file mode 100644 index c9c78c48e9..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/config_rb_server_settings_ldap.md +++ /dev/null @@ -1,197 +0,0 @@ - -  - -
- -

Warning

- -
- -The following settings **MUST** be in the config file for LDAP -authentication to Active Directory to work: - -- `base_dn` -- `bind_dn` -- `group_dn` -- `host` - -If those settings are missing, you will get authentication errors and be -unable to proceed. - -
- -
- -This configuration file has the following settings for `ldap`: - -`ldap['base_dn']` - -: The root LDAP node under which all other nodes exist in the - directory structure. For Active Directory, this is typically - `cn=users` and then the domain. For example: - - ```ruby - 'OU=Employees,OU=Domain users,DC=example,DC=com' - ``` - - Default value: `nil`. - -`ldap['bind_dn']` - -: The distinguished name used to bind to the LDAP server. The user the - Chef Infra Server will use to perform LDAP searches. This is often - the administrator or manager user. This user needs to have read - access to all LDAP users that require authentication. The Chef Infra - Server must do an LDAP search before any user can log in. Many - Active Directory and LDAP systems do not allow an anonymous bind. If - anonymous bind is allowed, leave the `bind_dn` and `bind_password` - settings blank. If anonymous bind is not allowed, a user with `READ` - access to the directory is required. This user must be specified as - an LDAP distinguished name similar to: - - ```ruby - 'CN=user,OU=Employees,OU=Domainuser,DC=example,DC=com' - ``` - -
-

Note

-
- - If you need to escape characters in a distinguished name, such as - when using Active Directory, they must be [escaped with a backslash - escape - character](https://social.technet.microsoft.com/wiki/contents/articles/5312.active-directory-characters-to-escape.aspx). - - ```ruby - 'CN=example\\user,OU=Employees,OU=Domainuser,DC=example,DC=com' - ``` - -
-
- - Default value: `nil`. - -`ldap['bind_password']` - -: Deprecated. Use `chef-server-ctl set-secret ldap bind_password` from the - [Secrets Management](/ctl_chef_server.html#ctl-chef-server-secrets-management) - commands. - - Legacy configuration for the password of the binding user. The - password for the user specified by `ldap['bind_dn']`. Leave this - value and `ldap['bind_dn']` unset if anonymous bind is sufficient. - Default value: `nil`. - - ```bash - chef-server-ctl set-secret ldap bind_password - Enter ldap bind_password: (no terminal output) - Re-enter ldap bind_password: (no terminal output) - ``` - - Remove a set password via - - ```bash - chef-server-ctl remove-secret ldap bind_password - ``` - -`ldap['group_dn']` - -: The distinguished name for a group. When set to the distinguished - name of a group, only members of that group can log in. This feature - filters based on the `memberOf` attribute and only works with LDAP - servers that provide such an attribute. In OpenLDAP, the `memberOf` - overlay provides this attribute. For example, if the value of the - `memberOf` attribute is `CN=abcxyz,OU=users,DC=company,DC=com`, then - use: - - ```ruby - ldap['group_dn'] = 'CN=abcxyz,OU=users,DC=company,DC=com' - ``` - -`ldap['host']` - -: The name (or IP address) of the LDAP server. The hostname of the - LDAP or Active Directory server. Be sure the Chef Infra Server is - able to resolve any host names. Default value: `ldap-server-host`. - -`ldap['login_attribute']` - -: The LDAP attribute that holds the user's login name. Use to specify - the Chef Infra Server user name for an LDAP user. Default value: - `sAMAccountName`. - -`ldap['port']` - -: An integer that specifies the port on which the LDAP server listens. - The default value is an appropriate value for most configurations. - Default value: `389` or `636` when `ldap['encryption']` is set to - `:simple_tls`. - -`ldap['ssl_enabled']` - -: Cause the Chef Infra Server to connect to the LDAP server using SSL. - Default value: `false`. Must be `false` when `ldap['tls_enabled']` - is `true`. - -
-

Note

-
- - It's recommended that you enable SSL for Active Directory. - -
-
- -
-

Note

-
- - Previous versions of the Chef Infra Server used the - `ldap['ssl_enabled']` setting to first enable SSL, and then the - `ldap['encryption']` setting to specify the encryption type. These - settings are deprecated. - -
-
- -`ldap['system_adjective']` - -: A descriptive name for the login system that is displayed to users - in the Chef Infra Server management console. If a value like - "corporate" is used, then the Chef management console user interface - will display strings like "the corporate login server", "corporate - login", or "corporate password." Default value: `AD/LDAP`. - -
-

Warning

-
- - This setting is **not** used by the Chef Infra Server. It is used - only by the Chef management console. - -
-
- -`ldap['timeout']` - -: The amount of time (in seconds) to wait before timing out. Default - value: `60000`. - -`ldap['tls_enabled']` - -: Enable TLS. When enabled, communication with the LDAP server is done - via a secure SSL connection on a dedicated port. When `true`, - `ldap['port']` is also set to `636`. Default value: `false`. Must be - `false` when `ldap['ssl_enabled']` is `true`. - -
-

Note

-
- - Previous versions of the Chef Infra Server used the - `ldap['ssl_enabled']` setting to first enable SSL, and then the - `ldap['encryption']` setting to specify the encryption type. These - settings are deprecated. - -
-
diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/config_rb_server_summary.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/config_rb_server_summary.md deleted file mode 100644 index 019229038a..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/config_rb_server_summary.md +++ /dev/null @@ -1,8 +0,0 @@ -The `/etc/opscode/chef-server.rb` file contains all of the non-default -configuration settings used by the Chef Infra Server. The default -settings are built into the Chef Infra Server configuration and should -only be added to the `chef-server.rb` file to apply non-default values. -These configuration settings are processed when the -`chef-server-ctl reconfigure` command is run. The `chef-server.rb` file -is a Ruby file, which means that conditional statements can be used -within it. diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/notes_config_rb_server_must_reconfigure.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/notes_config_rb_server_must_reconfigure.md deleted file mode 100644 index e224908d32..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/notes_config_rb_server_must_reconfigure.md +++ /dev/null @@ -1,5 +0,0 @@ -When changes are made to the chef-server.rb file the Chef Infra Server must be reconfigured by running the following command: - -```bash -chef-server-ctl reconfigure -``` \ No newline at end of file diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/notes_server_aws_cookbook_storage.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/notes_server_aws_cookbook_storage.md deleted file mode 100644 index 0ad8df3c7c..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/notes_server_aws_cookbook_storage.md +++ /dev/null @@ -1,3 +0,0 @@ -To [configure the server for external cookbook -storage](/server/#aws-settings), updates are made to -settings for both the **bookshelf** and **opscode-erchef** services. \ No newline at end of file diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_services_bifrost.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_services_bifrost.md deleted file mode 100644 index 4ba0e07281..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_services_bifrost.md +++ /dev/null @@ -1,2 +0,0 @@ -The **oc_bifrost** service ensures that every request to view or manage -objects stored on the Chef Infra Server is authorized. diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_services_bookshelf.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_services_bookshelf.md deleted file mode 100644 index e1cd6c0881..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_services_bookshelf.md +++ /dev/null @@ -1,4 +0,0 @@ -The **bookshelf** service is an Amazon Simple Storage Service -(S3)-compatible service that is used to store cookbooks, including all -of the files---recipes, templates, and so on---that are associated with -each cookbook. diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_services_erchef.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_services_erchef.md deleted file mode 100644 index d277fe53e8..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_services_erchef.md +++ /dev/null @@ -1,11 +0,0 @@ -The **opscode-erchef** service is an Erlang-based service that is used -to handle Chef Infra Server API requests to the following areas within -the Chef Infra Server: - -- Cookbooks -- Data bags -- Environments -- Nodes -- Roles -- Sandboxes -- Search diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_services_oc_id.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_services_oc_id.md deleted file mode 100644 index 4082e755ef..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_services_oc_id.md +++ /dev/null @@ -1,6 +0,0 @@ -The **oc-id** service enables OAuth 2.0 authentication to the Chef Infra -Server by external applications, including Chef Supermarket. OAuth 2.0 -uses token-based authentication, where external applications use tokens -that are issued by the **oc-id** provider. No special -credentials---`webui_priv.pem` or privileged keys---are stored on the -external application. diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_services_postgresql.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_services_postgresql.md deleted file mode 100644 index e8611bd0e8..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_services_postgresql.md +++ /dev/null @@ -1 +0,0 @@ -The **postgresql** service is used to store node, object, and user data. diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_services_rabbitmq.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_services_rabbitmq.md deleted file mode 100644 index edb7c2248b..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_services_rabbitmq.md +++ /dev/null @@ -1,3 +0,0 @@ -The **rabbitmq** service is used to provide the message queue that is -used by the Chef Infra Server to get search data to Apache Solr so that -it can be indexed for search. diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_services_redis.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_services_redis.md deleted file mode 100644 index c9634cfd88..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_services_redis.md +++ /dev/null @@ -1,2 +0,0 @@ -Key-value store used in conjunction with Nginx to route requests and -populate request data used by the Chef Infra Server. diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_tuning_bookshelf.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_tuning_bookshelf.md deleted file mode 100644 index 21f57331c8..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_tuning_bookshelf.md +++ /dev/null @@ -1,6 +0,0 @@ -The following setting is often modified from the default as part of the -tuning effort for the **bookshelf** service: - -`bookshelf['vip']` - -: The virtual IP address. Default value: `node['fqdn']`. diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_tuning_erchef.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_tuning_erchef.md deleted file mode 100644 index 5591c2ec00..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_tuning_erchef.md +++ /dev/null @@ -1,22 +0,0 @@ -The following settings are often modified from the default as part of -the tuning effort for the **opscode-erchef** service: - -`opscode_erchef['db_pool_size']` - -: The number of open connections to PostgreSQL that are maintained by - the service. If failures indicate that the **opscode-erchef** - service ran out of connections, try increasing the - `postgresql['max_connections']` setting. If failures persist, then - increase this value (in small increments) and also increase the - value for `postgresql['max_connections']`. Default value: `20`. - -`opscode_erchef['s3_url_ttl']` - -: The amount of time (in seconds) before connections to the server - expire. If Chef Infra Client runs are timing out, increase this - setting to `3600`, and then adjust again if necessary. Default - value: `900`. - -`opscode_erchef['strict_search_result_acls']` - -: {{< reusable_text_versioned "settings_strict_search_result_acls" >}} diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_tuning_expander.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_tuning_expander.md deleted file mode 100644 index 146441cafc..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_tuning_expander.md +++ /dev/null @@ -1,12 +0,0 @@ -The following setting is often modified from the default as part of the -tuning effort for the **opscode-expander** service: - -`opscode_expander['nodes']` - -: The number of allowed worker processes. The **opscode-expander** - service runs on the back-end and feeds data to the **opscode-solr** - service, which creates and maintains search data used by the Chef - Infra Server. Additional memory may be required by these worker - processes depending on the frequency and volume of Chef Infra Client - runs across the organization, but only if the back-end machines have - available CPU and RAM. Default value: `2`. diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_tuning_general.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_tuning_general.md deleted file mode 100644 index 8ec7e38865..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_tuning_general.md +++ /dev/null @@ -1,27 +0,0 @@ -The following settings are typically added to the server configuration -file (no equal sign is necessary to set the value): - -`api_fqdn` - -: The FQDN for the Chef Infra Server. This setting is not in the - server configuration file by default. When added, its value should - be equal to the FQDN for the service URI used by the Chef Infra - Server. FQDNs must always be in lowercase. - For example: `api_fqdn "chef.example.com"`. - -`bootstrap` - -: Default value: `true`. - -`ip_version` - -: Use to set the IP version: `"ipv4"` or `"ipv6"`. When set to - `"ipv6"`, the API listens on IPv6 and front end and back end - services communicate via IPv6 when a high availability configuration - is used. When configuring for IPv6 in a high availability - configuration, be sure to set the netmask on the IPv6 `backend_vip` - attribute. Default value: `"ipv4"`. - -`notification_email` - -: Default value: `info@example.com`. diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_tuning_nginx.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_tuning_nginx.md deleted file mode 100644 index a4d4e99ff1..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_tuning_nginx.md +++ /dev/null @@ -1,65 +0,0 @@ -The following settings are often modified from the default as part of -the tuning effort for the **nginx** service and to configure the Chef -Infra Server to use SSL certificates: - -`nginx['ssl_certificate']` - -: The SSL certificate used to verify communication over HTTPS. Default - value: `nil`. - -`nginx['ssl_certificate_key']` - -: The certificate key used for SSL communication. Default value: - `nil`. - -`nginx['ssl_ciphers']` - -: The list of supported cipher suites that are used to establish a - secure connection. To favor AES256 with ECDHE forward security, drop - the `RC4-SHA:RC4-MD5:RC4:RSA` prefix. For example: - - ```ruby - nginx['ssl_ciphers'] = "HIGH:MEDIUM:!LOW:!kEDH: \ - !aNULL:!ADH:!eNULL:!EXP: \ - !SSLv2:!SEED:!CAMELLIA: \ - !PSK" - ``` - -`nginx['ssl_protocols']` - -: The SSL protocol versions that are enabled for the Chef Infra Server API. - Starting with Chef Infra Server 14.3, this value defaults to `'TLSv1.2'` for - enhanced security. Previous releases defaulted to `'TLSv1 TLSv1.1 TLSv1.2'`, - which allowed for less secure SSL connections. TLS 1.2 is supported on - Chef Infra Client 10.16.4 and later on Linux, Unix, and macOS, and on Chef - Infra Client 12.8 and later on Windows. If it is necessary to support these - older end-of-life Chef Infra Client releases, set this value to `'TLSv1.1 TLSv1.2'`. - - ```ruby - nginx['ssl_protocols'] = 'TLSv1.2' - ``` - -
-

Note

-
- - See for more - information about the values used with the `nginx['ssl_ciphers']` and - `nginx['ssl_protocols']` settings. - -
-
- - For example, after copying the SSL certificate files to the Chef Infra - Server, update the `nginx['ssl_certificate']` and - `nginx['ssl_certificate_key']` settings to specify the paths to those - files, and then (optionally) update the `nginx['ssl_ciphers']` and - `nginx['ssl_protocols']` settings to reflect the desired level of - hardness for the Chef Infra Server: - - ```ruby - nginx['ssl_certificate'] = '/etc/pki/tls/private/name.of.pem' - nginx['ssl_certificate_key'] = '/etc/pki/tls/private/name.of.key' - nginx['ssl_ciphers'] = 'HIGH:MEDIUM:!LOW:!kEDH:!aNULL:!ADH:!eNULL:!EXP:!SSLv2:!SEED:!CAMELLIA:!PSK' - nginx['ssl_protocols'] = 'TLSv1.2' - ``` diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_tuning_postgresql.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_tuning_postgresql.md deleted file mode 100644 index 423bbef08a..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_tuning_postgresql.md +++ /dev/null @@ -1,34 +0,0 @@ -The following setting is often modified from the default as part of the tuning effort for the **postgresql** service: - -`postgresql['max_connections']` - -: The maximum number of allowed concurrent connections. This value should only be tuned when the `opscode_erchef['db_pool_size']` value used by the **opscode-erchef** service is modified. Default value: `350`. - If there are more than two front end machines in a cluster, the - `postgresql['max_connections']` setting should be increased. The - increased value depends on the number of machines in the front end, - but also the number of services that are running on each of these - machines. - - - Each front end machine always runs the **oc_bifrost** and - **opscode-erchef** services. - - The Reporting add-on adds the **reporting** service. - - Each of these services requires 25 connections, above the default - value. - - Use the following formula to help determine what the increased value - should be: - - ```ruby - new_value = current_value + [ - (# of front end machines - 2) * (25 * # of services) - ] - ``` - - For example, if the current value is 350, there are four front end - machines, and all add-ons are installed, then the formula looks - like: - - ```ruby - 550 = 350 + [(4 - 2) * (25 * 4)] - ``` diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_tuning_solr.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_tuning_solr.md deleted file mode 100644 index ad1551f9e9..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_tuning_solr.md +++ /dev/null @@ -1,3 +0,0 @@ -The following sections describe ways of tuning the **opscode-solr4** -service to improve performance around large node sizes, available -memory, and update frequencies. diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_tuning_solr_available_memory.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_tuning_solr_available_memory.md deleted file mode 100644 index c13f016fc2..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_tuning_solr_available_memory.md +++ /dev/null @@ -1,27 +0,0 @@ -Use the following configuration setting to help ensure that Apache Solr -does not run out of memory: - -`opscode_solr4['heap_size']` - -: The amount of memory (in MBs) available to Apache Solr. If there is - not enough memory available, search queries made by nodes to Apache - Solr may fail. The amount of memory that must be available also - depends on the number of nodes in the organization, the frequency of - search queries, and other characteristics that are unique to each - organization. In general, as the number of nodes increases, so does - the amount of memory. - -If Apache Solr is running out of memory, the -`/var/log/opscode/opscode-solr4/current` log file will contain a message -similar to: - -```bash -SEVERE: java.lang.OutOfMemoryError: Java heap space -``` - -The default value for `opscode_solr4['heap_size']` should work for many -organizations, especially those with fewer than 25 nodes. For -organizations with more than 25 nodes, set this value to 25% of system -memory or `1024`, whichever is smaller. For very large configurations, -increase this value to 25% of system memory or `4096`, whichever is -smaller. This value should not exceed `8192`. diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_tuning_solr_large_node_sizes.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_tuning_solr_large_node_sizes.md deleted file mode 100644 index 6dec8e687d..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_tuning_solr_large_node_sizes.md +++ /dev/null @@ -1,59 +0,0 @@ -The maximum field length setting for Apache Solr should be greater than -any expected node object file sizes in order for them to be successfully -added to the search index. If a node object file is greater than the -maximum field length, the node object will be indexed up to the maximum, -but the part of the file past that limit will not be indexed. If this -occurs, it will seem as if nodes disappear from the search index. To -ensure that large node file sizes are indexed properly, verify the -following configuration settings: - -`nginx['client_max_body_size']` - -: The maximum accepted body size for a client request, as indicated by - the `Content-Length` request header. When the maximum accepted body - size is greater than this value, a `413 Request Entity Too Large` - error is returned. Default value: `250m`. - -and - -`opscode_erchef['max_request_size']` - -: When the request body size is greater than this value, a 413 Request - Entity Too Large error is returned. Default value: `2000000`. - -to ensure that those settings are not part of the reasons for incomplete -indexing, and then update the following setting so that its value is -greater than the expected node file sizes: - -`opscode_solr4['max_field_length']` - -: The maximum field length (in number of tokens/terms). If a field - length exceeds this value, Apache Solr may not be able to complete - building the index. Default value: `100000` (increased from the - Apache Solr default value of `10000`). - -Use the `wc` command to get the byte count of a large node object file. -For example: - -```bash -wc -c NODE_NAME.json -``` - -and then ensure there is a buffer beyond that value. For example, verify -the size of the largest node object file: - -```bash -wc -c nodebsp2016.json -``` - -which returns `154516`. Update the `opscode_solr4['max_field_length']` -setting to have a value greater than the returned value. For example: -`180000`. - -If you don't have a node object file available then you can get an -approximate size of the node data by running the following command on a -node. - -```bash -ohai | wc -c -``` diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_tuning_solr_update_frequency.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_tuning_solr_update_frequency.md deleted file mode 100644 index 6d9a8d6886..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_tuning_solr_update_frequency.md +++ /dev/null @@ -1,24 +0,0 @@ -At the end of every Chef Infra Client run, the node object is saved to -the Chef Infra Server. From the Chef Infra Server, each node object is -then added to the `SOLR` search index. This process is asynchronous. By -default, node objects are committed to the search index every 60 seconds -or per 1000 node objects, whichever occurs first. - -When data is committed to the Apache Solr index, all incoming updates -are blocked. If the duration between updates is too short, it is -possible for the rate at which updates are asked to occur to be faster -than the rate at which objects can be actually committed. - -Use the following configuration setting to improve the indexing -performance of node objects: - -`opscode_solr4['commit_interval']` - -: The frequency (in seconds) at which node objects are added to the - Apache Solr search index. Default value: `60000` (every 60 seconds). - -`opscode_solr4['max_commit_docs']` - -: The frequency (in documents) at which node objects are added to the - Apache Solr search index. Default value: `1000` (every 1000 - documents). diff --git a/_vendor/github.com/chef/supermarket/docs-chef-io/content/supermarket/config_rb_supermarket.md b/_vendor/github.com/chef/supermarket/docs-chef-io/content/supermarket/config_rb_supermarket.md index 15224784d7..9e37b01118 100644 --- a/_vendor/github.com/chef/supermarket/docs-chef-io/content/supermarket/config_rb_supermarket.md +++ b/_vendor/github.com/chef/supermarket/docs-chef-io/content/supermarket/config_rb_supermarket.md @@ -252,11 +252,31 @@ Use these settings to integrate Supermarket with GitHub Enterprise. ### Google Analytics -Use this setting to set up [Google Analytics](https://analytics.google.com) tracking for Supermarket: +Use these settings to set up [Google Analytics](https://analytics.google.com) tracking for Supermarket. + +`default['supermarket']['enable_gtag']` + +: Whether to enable Google Analytics tracking. + + Allowed values: `"true"`, `"false"`. + + Default value: `"false"`. `default['supermarket']['google_analytics_id']` -: The Google Analytics [tracking ID](https://support.google.com/analytics/answer/7372977?hl=en) for Supermarket. Default value: `nil`. +: The Google Analytics [tracking ID](https://support.google.com/analytics/answer/9539598?hl=en) for Supermarket. + + Default value: `nil`. + +### OneTrust + +`default['supermarket']['enable_onetrust']` + +: Whether to enable [OneTrust](https://www.onetrust.com) cookie consent verification for Supermarket. + + Allowed values: `"true"`, `"false"`. + + Default value: `"false"`. ### Nginx diff --git a/_vendor/modules.txt b/_vendor/modules.txt index 158d3bb914..b68e6ebf82 100644 --- a/_vendor/modules.txt +++ b/_vendor/modules.txt @@ -1,7 +1,7 @@ -# github.com/chef/automate/components/docs-chef-io v0.0.0-20231027151655-61e0a5d70b2c +# github.com/chef/automate/components/docs-chef-io v0.0.0-20231211091719-675a588cf45d # github.com/chef/desktop-config/docs-chef-io v0.0.0-20230711052355-bad26ce3ac0b # github.com/habitat-sh/habitat/components/docs-chef-io v0.0.0-20230808222519-d0c20bbe8c45 -# github.com/chef/chef-server/docs-chef-io v0.0.0-20231127093116-305bca610b36 +# github.com/chef/chef-server/docs-chef-io v0.0.0-20240110155437-6cd481103560 # github.com/inspec/inspec/docs-chef-io v0.0.0-20231116093529-690d036f8af1 # github.com/inspec/inspec-alicloud/docs-chef-io v0.0.0-20220614123852-e453ba687370 # github.com/inspec/inspec-aws/docs-chef-io v0.0.0-20220228151600-69aa036b1527 @@ -9,7 +9,7 @@ # github.com/inspec/inspec-habitat/docs-chef-io v0.0.0-20220218210405-bfd542da49fd # github.com/inspec/inspec-k8s/docs-chef-io v0.0.0-20230522203306-c23ca61f913f # github.com/chef/chef-workstation/docs-chef-io v0.0.0-20231204171850-c0bc9926378a -# github.com/chef/supermarket/docs-chef-io v0.0.0-20231004141257-7ada2c50bece +# github.com/chef/supermarket/docs-chef-io v0.0.0-20240108083346-2a3969cbfd05 # github.com/chef/effortless/docs-chef-io v0.0.0-20230711123605-c8beb79aba4f # github.com/chef/compliance-profiles/docs-chef-io v0.0.0-20231031143423-5ffd549d4a19 # github.com/chef/compliance-remediation-2022/docs-chef-io v0.0.0-20230809063034-95b117807a75 diff --git a/content/api_omnitruck.md b/content/api_omnitruck.md index e061303561..a548df0d3c 100644 --- a/content/api_omnitruck.md +++ b/content/api_omnitruck.md @@ -2,15 +2,8 @@ title = "Omnitruck API" draft = false gh_repo = "chef-web-docs" -aliases = ["/api_omnitruck.html"] -product = ["automate", "client", "server", "habitat", "inspec", "supermarket", "workstation"] - -[menu] - [menu.overview] - title = "Omnitruck API" - identifier = "overview/packages_&_platforms/download/api_omnitruck.md Omnitruck API" - parent = "overview/packages_&_platforms/download" - weight = 15 +product = [] +robots = "noindex" +++ Chef's Omnitruck API powers the Chef Software install script as well as diff --git a/content/chef_repo.md b/content/chef_repo.md index 9c7d1ccbc6..305a891fd4 100644 --- a/content/chef_repo.md +++ b/content/chef_repo.md @@ -11,7 +11,7 @@ aliases = ["/chef_repo.html"] parent = "chef_infra/cookbook_reference" weight = 15 +++ - + {{< readfile file="content/reusable/md/chef_repo_description.md" >}} ## Generate the chef-repo @@ -28,94 +28,88 @@ chef generate repo REPO_NAME {{< /note >}} -## Directory Structure +## Directory structure -The chef-repo contains several directories, each with a README file that describes what it is for and how to use that directory when managing systems. +The chef-repo contains several directories, each with a README file that describes what it's for and how to use that directory when managing systems. The default structure of a new chef-repo is: -```output +```plain . chef-repo - - cookbooks - - README.md - - example - - attribtes - - default.rb - - recipes - - default.rb - - metadata.rb - - README.md - - data_bags - - example - - example_item.json - - README.md - - policyfiles - - README.md - - .chef-repo.txt - - chefignore - - License - - README.md +├── LICENSE +├── README.md +├── chefignore +├── cookbooks +│ ├── README.md +│ └── example +│ ├── README.md +│ ├── attributes +│ │ ├── README.md +│ │ └── default.rb +│ ├── metadata.rb +│ └── recipes +│ ├── README.md +│ └── default.rb +├── data_bags +│ ├── README.md +│ └── example +│ ├── README.md +│ └── example_item.json +└── policyfiles + └── README.md ``` -### cookbooks/ - -This directory contains the cookbooks that are used to configure systems in the infrastructure which are are downloaded from the [Chef Supermarket](https://supermarket.chef.io/) or created locally. The Chef Infra Client uses cookbooks to configuring the systems in the organization. Each cookbook can be configured to contain cookbook-specific copyright, email, and license data. +### cookbooks -### data_bags/ +The `cookbooks` directory contains cookbooks that configure systems in the infrastructure which are are downloaded from the [Chef Supermarket](https://supermarket.chef.io/) or created locally. The Chef Infra Client uses cookbooks to configuring the systems in the organization. Each cookbook can be configured to contain cookbook-specific copyright, email, and license data. -The `data_bags/` directory is used to store all the data bags that exist for an organization. Each sub-directory corresponds to a single data bag on the Chef Infra Server and contains a JSON file corresponding to each data bag item. +### data_bags -### policyfiles/ +The `data_bags` directory is used to store all the data bags that exist for an organization. Each sub-directory corresponds to a single data bag on the Chef Infra Server and contains a JSON file corresponding to each data bag item. -The `policyfiles/` directory is used to store Policyfiles in the `.rb` format that define the set of cookbooks and attributes to apply to specific systems managed by the Chef Infra Server. +### policyfiles -## chefignore Files +The `policyfiles` directory is used to store Policyfiles in the `.rb` format that define the set of cookbooks and attributes to apply to specific systems managed by the Chef Infra Server. -The chefignore file is used to tell knife which cookbook files in the chef-repo should be ignored when uploading data to the Chef Infra Server. The type of data that should be ignored includes swap files, version control data, build output data, and so fort. The chefignore file uses the `File.fnmatch` Ruby syntax to define the ignore patterns using `*`, `**`, and `?` wildcards. +### chefignore -- A pattern is relative to the cookbook root -- A pattern may contain relative directory names -- A pattern may match all files in a directory +A `chefignore` file tells knife which cookbook files in the chef-repo it should ignore when uploading data to the Chef Infra Server. +Include swap files, version control data, and build output data in a `chefignore` file. -The chefignore file can be located in any subdirectory of a chef-repo: `/`, `/cookbooks`, `/cookbooks/COOKBOOK_NAME/`, etc. It should contain sections similar to the following: - -```none -## section -*ignore_pattern +The `chefignore` file has the following rules: -## section -ignore_pattern* +- Patterns use `*`, `**`, and `?` wildcards to match files and directories as defined by the `File.fnmatch` Ruby method. +- A pattern is relative to the directory it's included in. +- A pattern may contain relative directory names. +- A pattern may match all files in a directory. +- You can add a `chefignore` file to any subdirectory of a chef-repo. For example, `/`, `/cookbooks`, `/cookbooks/COOKBOOK_NAME/`, etc. +- Lines that start with `#` are comments. -## section -**ignore_pattern +Group types of ignored files in sections similar to the following: -## section -ignore_pattern** - -## section -?ignore_pattern +```plain +## OS generated files +*ignore_pattern -## section -ignore_pattern? +## Editors +another_ignore_pattern* ``` -### Examples - -The following example shows how to add entries to the `chefignore` file. +See Ruby's [`File.fnmatch` documentation](https://ruby-doc.org/core-2.5.1/File.html#method-c-fnmatch) for information on creating matching file patterns. -#### Ignore editor swap files +#### Examples -Many text editors leave files behind. To prevent these files from being uploaded to the Chef Infra Server, add an entry to the `chefignore` file. +Many text editors leave files behind. To prevent knife from uploading these files to the Chef Infra Server, add an entry to the `chefignore` file. -For Emacs: +For Emacs backup files: -```none +```plain *~ ``` -and for vim: +and for Vim swap files: -```none +```plain *.sw[a-z] ``` diff --git a/content/chef_solo.md b/content/chef_solo.md index 17078e4a14..fab211b458 100644 --- a/content/chef_solo.md +++ b/content/chef_solo.md @@ -28,16 +28,15 @@ cookbooks be added to an archive. For example: tar zcvf chef-solo.tar.gz ./cookbooks ``` -If multiple cookbook directories are being used, chef-solo expects the +If you use multiple cookbook directories, chef-solo expects the tar.gz archive to have a directory structure similar to the following: ```text -cookbooks/ - |---- cbname1/ - |--attributes/ ... etc - ... - |---- cbname2/ - |--attributes/ +. cookbooks +├── cookbook-name-1 +│ └── attributes +└── cookbook-name-2 + └── attributes ``` The `cookbook_path` variable in the solo.rb file must include both @@ -80,7 +79,7 @@ run-list. For example: } ``` -## Data Bags +## Data bags A data bag is defined using JSON. chef-solo will look for data bags in `/var/chef/data_bags`, but this location can be modified by changing the diff --git a/content/cookbook_repo.md b/content/cookbook_repo.md index fee6066bdb..8dd01cf201 100644 --- a/content/cookbook_repo.md +++ b/content/cookbook_repo.md @@ -29,16 +29,19 @@ chef generate repo REPO_NAME The default structure of the cookbooks directory is: -```output +```plain . chef-repo - - cookbooks - - example - - attributes - - default.rb - - recipes - - default.rb - - metadata.rb - - README.rb +└── cookbooks + ├── README.md + └── example + ├── README.md + ├── attributes + │ ├── README.md + │ └── default.rb + ├── metadata.rb + └── recipes + ├── README.md + └── default.rb ``` ## Cookbook Commands @@ -65,21 +68,25 @@ The `custom_web` cookbook directory has the structure: ```text . cookbooks - - custom_web - - recipes - - default.rb - - test - - integration - - default - - default_test.rb - - .gitignore - - CHANGELOG.md - - chefignore - - kitchen.yml - - LICENSE - - metadata.rb - - Policyfile.rb - - README.md +└── custom_web + ├── CHANGELOG.md + ├── LICENSE + ├── Policyfile.rb + ├── README.md + ├── chefignore + ├── compliance + │ ├── README.md + │ ├── inputs + │ ├── profiles + │ └── waivers + ├── kitchen.yml + ├── metadata.rb + ├── recipes + │ └── default.rb + └── test + └── integration + └── default + └── default_test.rb ``` Any unneeded directory components can be left unused or deleted, if diff --git a/content/cookbooks.md b/content/cookbooks.md index 62a3250ac7..8d363d294e 100644 --- a/content/cookbooks.md +++ b/content/cookbooks.md @@ -27,100 +27,26 @@ Chef Infra Client runs a recipe only when instructed. When Chef Infra Client run A cookbook is comprised of recipes and other optional components as files or directories. - - - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ComponentFile/Directory NameDescription
Recipesrecipes/{{< readfile file="content/reusable/md/cookbooks_recipe.md" >}}
Attributesattributes/{{< readfile file="content/reusable/md/cookbooks_attribute.md" >}}
Filesfiles/A file distribution is a specific type of resource that tells a cookbook how to distribute files, including by node, by platform, or by file version.
Librarieslibraries/A library allows the use of arbitrary Ruby code in a cookbook, either as a way to extend the Chef Infra Client language or to implement a new class.
Custom Resourcesresources/A custom resource is an abstract approach for defining a set of actions and (for each action) a set of properties and validation parameters.
Templatestemplates/A template is a file written in markup language that uses Ruby statements to solve complex configuration scenarios.
Ohai Pluginsohai/Custom Ohai plugins can be written to load additional information about your nodes to be used in recipes. This requires Chef Infra Server 12.18.14 or later.
Metadatametadata.rbThis file contains information about the cookbook such as the cookbook name, description, and version.
- - +| Component | File/Directory Name | Description | +|----------------------------------------|---------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------| +| [Recipes](/recipes/) | recipes/ | {{< readfile file="content/reusable/md/cookbooks_recipe.md" >}} | +| [Attributes](/attributes/) | attributes/ | {{< readfile file="content/reusable/md/cookbooks_attribute.md" >}} | +| [Files](/files/) | files/ | A file distribution is a specific type of resource that tells a cookbook how to distribute files, including by node, by platform, or by file version. | +| [Libraries](/libraries/) | libraries/ | A library allows the use of arbitrary Ruby code in a cookbook, either as a way to extend the Chef Infra Client language or to implement a new class. | +| [Custom Resources](/custom_resources/) | resources/ | A custom resource is an abstract approach for defining a set of actions and (for each action) a set of properties and validation parameters. | +| [Templates](/templates/) | templates/ | A template is a file written in markup language that uses Ruby statements to solve complex configuration scenarios. | +| [Ohai Plugins](/ohai_custom/) | ohai/ | Custom Ohai plugins can be written to load additional information about your nodes to be used in recipes. This requires Chef Infra Server 12.18.14 or later. | +| [Metadata](/config_rb_metadata/) | metadata.rb | This file contains information about the cookbook such as the cookbook name, description, and version. | + ## Community Cookbooks Chef maintains a large collection of cookbooks. In addition, there are thousands of cookbooks created and maintained by the community: - - - ---- - - - - - - - - - - - - - - - - - - - - -
ComponentsDescription
Cookbooks Maintained by ChefChef maintains a collection of cookbooks that are widely used by the community.
Cookbooks Maintained by Sous ChefsSous Chefs is a community organization that collaborates to maintain many of the most used Chef cookbooks.
Cookbooks Maintained by the CommunityThe community has authored thousands of cookbooks, ranging from niche cookbooks that are used by only a few organizations to popular cookbooks used by almost everyone.
- - +| Components | Description | +|:------------------------------------------------------------------------------:|:-----------------------------------------------------------------------------------------------------------------------------------------------------------------------:| +| [Cookbooks Maintained by Chef](https://github.com/chef-cookbooks) | Chef maintains a collection of cookbooks that are widely used by the community. | +| [Cookbooks Maintained by Sous Chefs](https://github.com/sous-chefs) | Sous Chefs is a community organization that collaborates to maintain many of the most used Chef cookbooks. | +| [Cookbooks Maintained by the Community](https://supermarket.chef.io/cookbooks) | The community has authored thousands of cookbooks, ranging from niche cookbooks that are used by only a few organizations to popular cookbooks used by almost everyone. | ## Generate a Cookbook @@ -130,19 +56,23 @@ A cookbook generated with`chef generate cookbook custom_web` creates a cookbook ```text . cookbooks - - custom_web - - recipes - - default.rb - - test - - integration - - default - - default_test.rb - - .gitignore - - CHANGELOG.md - - chefignore - - kitchen.yml - - LICENSE - - metadata.rb - - Policyfile.rb - - README.md +└── custom_web + ├── CHANGELOG.md + ├── LICENSE + ├── Policyfile.rb + ├── README.md + ├── chefignore + ├── compliance + │ ├── README.md + │ ├── inputs + │ ├── profiles + │ └── waivers + ├── kitchen.yml + ├── metadata.rb + ├── recipes + │ └── default.rb + └── test + └── integration + └── default + └── default_test.rb ``` diff --git a/content/custom_resources.md b/content/custom_resources.md index f677d45054..99053f10fa 100644 --- a/content/custom_resources.md +++ b/content/custom_resources.md @@ -65,24 +65,23 @@ chef generate resource cookbooks/custom_web site The `custom_web` cookbook directory with a custom resource has the structure: ```text -- cookbooks - - custom_web - - recipes - - default.rb - - resources - - site.rb - - test - - integration - - default - - default_test.rb - - .gitignore - - CHANGELOG.md - - chefignore - - kitchen.yml - - LICENSE - - metadata.rb - - Policyfile.rb - - README.md +. cookbooks +└── custom_web + ├── CHANGELOG.md + ├── LICENSE + ├── Policyfile.rb + ├── README.md + ├── chefignore + ├── kitchen.yml + ├── metadata.rb + ├── recipes + │ └── default.rb + ├── resources + │ └── site.rb + └── test + └── integration + └── default + └── default_test.rb ``` ### Example Resource diff --git a/content/data_bags.md b/content/data_bags.md index 6f567586e5..c7f14d4b79 100644 --- a/content/data_bags.md +++ b/content/data_bags.md @@ -15,25 +15,22 @@ product = ["client", "server"] {{< readfile file="content/reusable/md/data_bag.md" >}} -## Create a Data Bag +## Create a data bag -A data bag can be created in two ways: using knife or manually. In -general, using knife to create data bags is recommended, but as long as -the data bag folders and data bag item JSON files are created correctly, +You can create a data bag in two ways: using knife or manually. +We recommend using knife, but as long as you create the data bag folders and item JSON files correctly, either method is safe and effective. -### Create a Data Bag with Knife +### Create a data bag with knife -knife can be used to create data bags and data bag items when the -`knife data bag` subcommand is run with the `create` argument. For -example: +Use the `knife data bag create` command to create data bags and data bag items. +For example: ```bash knife data bag create DATA_BAG_NAME (DATA_BAG_ITEM) ``` -knife can be used to update data bag items using the `from file` -argument: +Use the `from file` argument to update data bag items: ```bash knife data bag from file BAG_NAME ITEM_NAME.json @@ -61,7 +58,7 @@ Chef Infra Server use the following command: knife data bag from file admins charlie.json ``` -In some cases, such as when knife is not being run from the root +In some cases, such as when knife isn't being run from the root directory for the chef-repo, the full path to the data bag item may be required. For example: @@ -79,7 +76,7 @@ create the data bag folders and data bag item JSON files. For example: mkdir data_bags/admins ``` -would create a data bag folder named "admins". The equivalent command +would create a data bag folder named `admins`. The equivalent command for using knife is: ```bash @@ -102,7 +99,7 @@ equivalent command for using knife is: knife data bag create admins charlie ``` -## Store Data in a Data Bag +## Store data in a data bag When the chef-repo is cloned from GitHub, the following occurs: @@ -128,42 +125,47 @@ When deploying from a private repository using a data bag, use the where `ssh_private_key` is the same SSH private key as used with a private git repository and the new lines converted to `\n`. -### Directory Structure +### Directory structure All data bags are stored in the `data_bags` directory of the chef-repo. This directory structure is understood by knife so that the full path -does not need to be entered when working with data bags from the command +doesn't need to be entered when working with data bags from the command line. An example of the `data_bags` directory structure: ```text -- data_bags - - admins - - charlie.json - - bob.json - - tom.json - - db_users - - charlie.json - - bob.json - - sarah.json - - db_config - - small.json - - medium.json - - large.json +. chef-repo +└── data_bags + ├── README.md + ├─── admins + │ ├── README.md + │ ├── charlie.json + │ ├── bob.json + │ └── tom.json + ├─── db_users + │ ├── README.md + │ ├── charlie.json + │ ├── bob.json + │ └── sarah.json + └─── db_config + ├── README.md + ├── small.json + ├── medium.json + └── large.json ``` where `admins`, `db_users`, and `db_config` are the names of individual -data bags and all of the files that end with `.json` are the individual +data bags and all the files that end with `.json` are the individual data bag items. -### Data Bag Items +### Data bag items {{< readfile file="content/reusable/md/data_bag_item.md" >}} -## Encrypt a Data Bag Item +## Encrypt a data bag item {{< readfile file="content/reusable/md/data_bag_encryption.md" >}} -### Encryption Versions +### Encryption versions The manner by which a data bag item is encrypted depends on the Chef Infra Client version used. See the following: @@ -213,7 +215,7 @@ Chef Infra Client 13.0+ - Option to disable version 0, 1, and 2 -### Knife Options +### Knife options knife can encrypt and decrypt data bag items when the `knife data bag` subcommand is run with the `create`, `edit`, `from file`, or `show` @@ -221,10 +223,10 @@ arguments and the following options: | Option | Description | |--------------------|-------------------------------------------------------------| -| `--secret SECRET` | The encryption key that's used for values contained within a data bag item. If `secret` is not specified, Chef Infra Client looks for a secret at the path specified by the `encrypted_data_bag_secret` setting in the client.rb file. | +| `--secret SECRET` | The encryption key that's used for values contained within a data bag item. If `secret` isn't specified, Chef Infra Client looks for a secret at the path specified by the `encrypted_data_bag_secret` setting in the client.rb file. | | `--secret-file FILE` | The path to the file that contains the encryption key. | -### Secret Keys +### Secret keys {{< readfile file="content/reusable/md/data_bag_encryption_secret_key.md" >}} @@ -242,10 +244,10 @@ location in which the file that contains the secret-key is located. knife will ask for user credentials before the encrypted data bag item is saved. -### Verify Encryption +### Verify encryption -When the contents of a data bag item are encrypted, they will not be -readable until they are decrypted. Encryption can be verified with a +When the contents of a data bag item are encrypted, they won't be +readable until they're decrypted. Encryption can be verified with a knife command similar to: ```bash @@ -287,18 +289,18 @@ that will return JSON output similar to: } ``` -## Edit a Data Bag Item +## Edit a data bag item A data bag can be edited in two ways: using knife or by using the Chef management console. -### Edit a Data Bag with Knife +### Edit a data bag with knife {{< readfile file="content/workstation/reusable/md/knife_data_bag_edit.md" >}} {{< readfile file="content/workstation/reusable/md/knife_data_bag_edit_item.md" >}} -## Use Data Bags +## Use data bags Data bags can be accessed in the following ways: @@ -311,7 +313,7 @@ Data bags can be accessed in the following ways: ### Environments Values that are stored in a data bag are global to the organization and -are available to any environment. There are two main strategies that can +are available to any environment. The two main strategies that can be used to store shared environment data within a data bag: by using a top-level key that corresponds to the environment or by using separate items for each environment. @@ -366,7 +368,7 @@ The Chef Infra Language provides access to data bags and data bag items - `data_bag(bag)`, where `bag` is the name of the data bag. - `data_bag_item('bag_name', 'item', 'secret')`, where `bag` is the name of the data bag and `item` is the name of the data bag item. If - `'secret'` is not specified, Chef Infra Client will look for a + `'secret'` isn't specified, Chef Infra Client will look for a secret at the path specified by the `encrypted_data_bag_secret` setting in the client.rb file. @@ -404,10 +406,10 @@ using the key specified above, or (if none is specified) by the `Chef::Config[:encrypted_data_bag_secret]` method, which defaults to `/etc/chef/encrypted_data_bag_secret`. -#### Create and Edit +#### Create and edit Creating and editing the contents of a data bag or a data bag item from -a recipe is not recommended. The recommended method of updating a data +a recipe isn't recommended. The recommended method of updating a data bag or a data bag item is to use knife and the `knife data bag` subcommand. If this action must be done from a recipe, please note the following: @@ -419,7 +421,7 @@ following: Infra Client is making updates to a data bag at a time. - Altering data bags from the node when using the open source Chef Infra Server requires the node's API client to be granted admin - privileges. In most cases, this is not advisable. + privileges. In most cases, this isn't advisable. and then take steps to ensure that any subsequent actions are done carefully. The following examples show how a recipe can be used to @@ -456,7 +458,7 @@ sam['Full Name'] = 'Samantha' sam.save ``` -#### Create Users +#### Create users Chef Infra Client can create users on systems based on the contents of a data bag. For example, a data bag named "admins" can contain a data bag @@ -502,15 +504,14 @@ data bag are accessible from a directory structure that exists on the same machine as chef-solo. The location of this directory is configurable using the `data_bag_path` option in the solo.rb file. The name of each sub-directory corresponds to a data bag and each JSON file -within a sub-directory corresponds to a data bag item. Search is not -available in recipes when they are run with chef-solo; use the +within a sub-directory corresponds to a data bag item. Search isn't +available in recipes when they're run with chef-solo; use the `data_bag()` and `data_bag_item()` functions to access data bags and data bag items. {{< note >}} -Use the `chef-solo-search` cookbook library (developed by Chef community -member "edelight" and available from GitHub) to add data bag search +Use the `chef-solo-search` cookbook library to add data bag search capabilities to a chef-solo environment: . diff --git a/content/download/_index.md b/content/download/_index.md index 58c0f471d4..b6d3eae7c7 100644 --- a/content/download/_index.md +++ b/content/download/_index.md @@ -3,6 +3,7 @@ title = "Download Chef Tools" draft = false gh_repo = "chef-web-docs" robots = "noindex" +aliases = ["/api_omnitruck.html"] [cascade] product = [] @@ -19,12 +20,10 @@ This page provides guidance on downloading Chef products. ## Download APIs -Use one of Chef's download APIs to download Chef software packages and get package metadata. +Chef has two download APIs for downloading software packages and retrieving package metadata: -There are two APIs available depending on the type of user you are: - -- [Omnitruck API]({{< relref "api_omnitruck" >}}) for commercial and trial users -- [Community API]({{< relref "/download/community" >}}) for open source community users +- [Commercial API]({{< relref "commercial" >}}) for commercial users +- [Community API]({{< relref "community" >}}) for open source community users ## Download page diff --git a/content/download/commercial.md b/content/download/commercial.md index f81bd95803..253494f90f 100644 --- a/content/download/commercial.md +++ b/content/download/commercial.md @@ -1,6 +1,5 @@ +++ title = "Commercial API" -draft = true gh_repo = "chef-web-docs" [menu] diff --git a/content/download/trial.md b/content/download/trial.md deleted file mode 100644 index 0370b16cee..0000000000 --- a/content/download/trial.md +++ /dev/null @@ -1,239 +0,0 @@ -+++ -title = "Trial API" -draft = true -gh_repo = "chef-web-docs" - -[menu] - [menu.overview] - title = "Trial API" - identifier = "overview/packages_&_platforms/download/Trial" - parent = "overview/packages_&_platforms/download" - weight = 40 -+++ - -Trial users can use Chef's Trial API to download Chef software packages and view software package metadata. - -## License - -You are not required to use a license to use the Chef Trial API to download products. -However, you are limited to latest versions of Chef products if you don't have a license. -[Contact Chef](https://www.chef.io/contact-us) if you'd like to request a trial license. - -See [Chef's licensing documentation]({{< relref "chef_license" >}}) for more information on the Chef license. - -## Endpoints - -The Chef Commercial Download API has the following endpoints: - -- `/architectures` -- `/platforms` -- `/products` -- `/packages` -- `/versions/all` -- `/versions/latest` -- `/metadata` -- `/download` - -See the [parameters section](#parameters) below to understand the query strings used in the following endpoint descriptions. - -### architectures - -The `architectures` endpoint returns a valid list of architecture that Chef products are built for. -Any of these architectures can be used in the `m` [query string](#parameters) value in various endpoints below. - -```plain -https://chefdownload-trial.chef.io/architectures -``` - -### platforms - -The `platforms` endpoint returns a list of valid platform keys along with full friendly names. Any of these platform keys can be used in the `p` [query string](#parameters) value in various endpoints below. - -```plain -https://chefdownload-trial.chef.io/platforms -``` - -### products - -The `products` endpoint returns a list of valid product keys. In the following endpoints, you can replace the `` string with a product key in the response of this endpoint. - -```plain -https://chefdownload-trial.chef.io/products -``` - -Use `eol=true` to return EOL products. - -```plain -https://chefdownload-trial.chef.io/products?eol=true -``` - -### packages - -Use `packages` to get a full list of all packages for a particular release channel and product. - -By default, it returns packages for the latest version. - -```plain -https://chefdownload-trial.chef.io/stable//packages -``` - -You can specify a version number with the `v` query string to get packages for a particular product version. - -```plain -https://chefdownload-trial.chef.io/stable//packages?v= -``` - -### versions/all - -Use `versions/all` to return a list of versions of a product from a particular release channel. - -```plain -https://chefdownload-trial.chef.io/stable//versions/all -``` - -### versions/latest - -Use `versions/latest` to return the latest version of a product from a particular release channel. - -```plain -https://chefdownload-trial.chef.io/stable//versions/latest -``` - -### metadata - -The `metadata` endpoint returns data about a particular package of a Chef product. By default it returns the latest version. - -```plain -https://chefdownload-trial.chef.io/stable//metadata?p=&pv=&m= -``` - -To get data about a version of a package other than the latest, you must use a license ID. - -```plain -https://chefdownload-trial.chef.io/stable//metadata?p=&pv=&m=&v=&license_id= -``` - -### download - -The `download` endpoint downloads a particular package of a Chef product. By default it downloads the latest version. - -```plain -https://chefdownload-trial.chef.io/stable//download?p=&pv=&m= -``` - -To get download a version of a package other than the latest, you must use a license ID. - -```plain -https://chefdownload-trial.chef.io/stable//download?p=&pv=&m=&v=&license_id= -``` - -## Parameters - -The API accepts the following parameters in a query string. - -`` -: The Chef Software product to install. - - A list of valid product keys can be found in the [Chef product matrix](https://github.com/chef/mixlib-install/blob/main/PRODUCT_MATRIX.md) or by using the [`products`](#products) endpoint. - -`eol` -: Whether to include EOL products or EOL versions of a product in the response. - - Possible values: `true` or `false`. - - Default value: `false`. - -`license_id` -: Your license ID. - - A license is optional when using this API to download packages and view package metadata. - However, you are limited to the latest version of Chef products if you don't have one. - -`p` -: The platform. - - Possible values: `debian`, `el` (for RHEL derivatives), `freebsd`, `mac_os_x`, `solaris2`, `sles`, `suse`, `ubuntu` or `windows`. - -`pv` -: The platform version. - - Possible values depend on the platform. For example, Ubuntu: `18.04`, or `20.04`, or for macOS: `10.15` or `11`. - -`m` -: The machine architecture for the machine on which the product will be installed. - - Possible values depend on the platform. For example, for Ubuntu or Debian: `i386` or `x86_64`, or for macOS: `x86_64`. - -`v` -: The version of the product to be installed. - - Versions typically take the form of `x.y.z` where x, y, and z are decimal numbers that are used to represent major (x), minor (y), and patch (z) versions. - One-part (`x`) and two-part (`x.y`) versions are allowed. - - Default value: `latest`. - -## Chef product names - -See the [Supported Versions]({{< relref "versions" >}}) documentation for information about the support status of individual products. - -This is a list of currently supported products that you can install with this API. - -| Product | Product Key | -| ------- | ------------ | -| Chef Infra Client | chef | -| Chef Backend | chef-backend | -| Chef Infra Server | chef-server | -| Chef Workstation | chef-workstation | -| Chef InSpec | inspec | -| Chef Manage | manage | -| Supermarket | supermarket | - -## Examples - -### Get the latest build - -To get the latest supported build of Chef Infra Client for Ubuntu 20.04, enter the following: - -```plain -https://chefdownload-trial.chef.io/stable/chef/metadata?p=ubuntu&pv=20.04&m=x86_64 -``` - -which will return something like: - -```json -sha1 "8e8ae315d4695f9c95efc0a1437d2d453f7ab116" -sha256 "86f14ae08237b4e24201436ecb83c08c29b68aed1d6ede0953a1b4547a920e36" -url "https://chefdownload-trial.chef.io/stable/chef/download?license_id=&m=x86_64&p=ubuntu&pv=20.04" -version "18.2.7" -``` - -### Get an earlier build - -You must use a license ID to get metadata about a package for an earlier release. - -```plain -https://chefdownload-trial.chef.io/stable/chef/metadata?p=ubuntu&pv=20.04&m=x86_64&v=18.1.0&license_id= -``` - -which will return something like: - -```json -sha1 "f45a7ee73a346deba2a52fd7b03b4a0e80f24762" -sha256 "56856c196c5b38ed918bc7c489652896cf30fab9bbcc8def14b9576e59e681f4" -url "https://chefdownload-trial.chef.io/stable/chef/download?license_id=&m=x86_64&p=ubuntu&pv=20.04&v=18.1.0" -version "18.1.0" -``` - -### Download directly - -To use cURL to download a package directly, enter the following: - -```bash -curl -LOJ 'https://chefdownload-trial.chef.io/stable//download?p=&pv=&m=' -``` - -To use GNU Wget to download a package directly, enter the following: - -```bash -wget --content-disposition https://chefdownload-trial.chef.io/stable//download?p=&pv=&m= -``` diff --git a/content/inspec/reusable/md/inspec_filter_table.md b/content/inspec/reusable/md/inspec_filter_table.md new file mode 100644 index 0000000000..54a67059d1 --- /dev/null +++ b/content/inspec/reusable/md/inspec_filter_table.md @@ -0,0 +1 @@ +For information on using filter criteria on plural resources, see the documentation on [FilterTable](https://github.com/inspec/inspec/blob/main/dev-docs/filtertable-usage.md). diff --git a/content/inspec/reusable/md/inspec_installation.md b/content/inspec/reusable/md/inspec_installation.md new file mode 100644 index 0000000000..e376eb7104 --- /dev/null +++ b/content/inspec/reusable/md/inspec_installation.md @@ -0,0 +1 @@ +This resource is distributed with Chef InSpec and is automatically available for use. diff --git a/content/inspec/reusable/md/inspec_matchers_link.md b/content/inspec/reusable/md/inspec_matchers_link.md new file mode 100644 index 0000000000..be09a9bdee --- /dev/null +++ b/content/inspec/reusable/md/inspec_matchers_link.md @@ -0,0 +1,2 @@ + +This Chef InSpec audit resource has the following special matchers. For a full list of available matchers, see our [Universal Matchers page](/inspec/matchers/). diff --git a/content/release_notes_client.md b/content/release_notes_client.md index ec64a61489..608fb41fc5 100644 --- a/content/release_notes_client.md +++ b/content/release_notes_client.md @@ -12,5 +12,5 @@ toc_layout = "release_notes_toc" title = "Chef Infra Client" identifier = "release_notes/release_notes_client.md Chef Infra Client" parent = "release_notes" - weight = 40 + weight = 50 +++ diff --git a/content/release_notes_download_apis.md b/content/release_notes_download_apis.md new file mode 100644 index 0000000000..83a95086a5 --- /dev/null +++ b/content/release_notes_download_apis.md @@ -0,0 +1,18 @@ ++++ +title = "Chef Download APIs Release Notes" +draft = false + +[menu] + [menu.release_notes] + title = "Chef Download APIs" + identifier = "release_notes/Chef Download APIs" + parent = "release_notes" + weight = 30 ++++ + +## 2023-12-20 + +We deployed the [Chef Commercial Download API](/download/commercial/). +Commercial customers can use this API to download Chef software packages and retrieve metadata. + +The Commercial Download API replaces the legacy Omnitruck API. diff --git a/content/release_notes_habitat.md b/content/release_notes_habitat.md index 524eaaa487..4e95335286 100644 --- a/content/release_notes_habitat.md +++ b/content/release_notes_habitat.md @@ -12,5 +12,5 @@ toc_layout = "release_notes_toc" title = "Chef Habitat" identifier = "release_notes/Chef Habitat" parent = "release_notes" - weight = 30 + weight = 40 +++ \ No newline at end of file diff --git a/content/release_notes_inspec.md b/content/release_notes_inspec.md index b4c4eb6fce..279adc9d14 100644 --- a/content/release_notes_inspec.md +++ b/content/release_notes_inspec.md @@ -12,5 +12,5 @@ toc_layout = "release_notes_toc" title = "Chef InSpec" identifier = "release_notes/release_notes_inspec.md Chef InSpec" parent = "release_notes" - weight = 60 + weight = 70 +++ \ No newline at end of file diff --git a/content/release_notes_local_license_service.md b/content/release_notes_local_license_service.md index 9b67dca221..25da04a759 100644 --- a/content/release_notes_local_license_service.md +++ b/content/release_notes_local_license_service.md @@ -8,7 +8,7 @@ product = [] title = "Chef Local License Service" identifier = "release_notes/Chef Local License Service" parent = "release_notes" - weight = 70 + weight = 80 +++ Chef Local License Service provides license keys to commercially licensed Chef software in an online or air-gapped environment. diff --git a/content/release_notes_manage.md b/content/release_notes_manage.md index 398999b773..5a32314180 100644 --- a/content/release_notes_manage.md +++ b/content/release_notes_manage.md @@ -13,7 +13,7 @@ toc_layout = "release_notes_toc" title = "Chef Manage" identifier = "release_notes/release_notes_manage.md Chef Manage" parent = "release_notes" - weight = 80 + weight = 90 +++ Chef Manage provides a web-based user interface that manages Chef Infra nodes and other policy objects, such as data bags and roles, on the instance of Chef Infra Server that it's installed on. diff --git a/content/release_notes_server.md b/content/release_notes_server.md index d70ba38503..72416decbd 100644 --- a/content/release_notes_server.md +++ b/content/release_notes_server.md @@ -12,5 +12,5 @@ toc_layout = "release_notes_toc" title = "Chef Infra Server" identifier = "release_notes/release_notes_server.md Chef Infra Server" parent = "release_notes" - weight = 50 + weight = 60 +++ diff --git a/content/release_notes_supermarket.md b/content/release_notes_supermarket.md index 8f12997925..bea3519076 100644 --- a/content/release_notes_supermarket.md +++ b/content/release_notes_supermarket.md @@ -11,5 +11,5 @@ toc_layout = "release_notes_toc" title = "Chef Supermarket" identifier = "release_notes/Chef Supermarket" parent = "release_notes" - weight = 90 + weight = 100 +++ diff --git a/content/release_notes_workstation.md b/content/release_notes_workstation.md index ed80a3e957..4c49d123f1 100644 --- a/content/release_notes_workstation.md +++ b/content/release_notes_workstation.md @@ -11,5 +11,5 @@ toc_layout = "release_notes_toc" title = "Chef Workstation" identifier = "release_notes/release_notes.md Chef Workstation" parent = "release_notes" - weight = 100 + weight = 110 +++ \ No newline at end of file diff --git a/content/templates.md b/content/templates.md index 59afba1386..c111c44197 100644 --- a/content/templates.md +++ b/content/templates.md @@ -33,23 +33,28 @@ The `custom_web` cookbook directory with a template has the structure: ```text . cookbooks - - custom_web - - recipes - - default.rb - - templates - - http.erb - - test - - integration - - default - - default_test.rb - - .gitignore - - CHANGELOG.md - - chefignore - - kitchen.yml - - LICENSE - - metadata.rb - - Policyfile.rb - - README.md +├── README.md +└── custom_web + ├── CHANGELOG.md + ├── LICENSE + ├── Policyfile.rb + ├── README.md + ├── chefignore + ├── compliance + │ ├── README.md + │ ├── inputs + │ ├── profiles + │ └── waivers + ├── kitchen.yml + ├── metadata.rb + ├── recipes + │ └── default.rb + ├── templates + │ └── httpd.erb + └── test + └── integration + └── default + └── default_test.rb ``` ## Requirements diff --git a/content/versions.md b/content/versions.md index fc2e67c06b..5b63766ff7 100644 --- a/content/versions.md +++ b/content/versions.md @@ -96,7 +96,7 @@ newer versions or products. | Product | Version | Lifecycle Status | EOL Date | |-------------------|---------|------------------|-------------------| | Chef Backend | 3.x | Deprecated | TBD | -| Chef Infra Client | 17.x | Deprecated | April 30, 2024 | +| Chef Infra Client | 17.x | Deprecated | November 30, 2024 | | Chef Infra Server | 14.x | Deprecated | TBD | | Chef Manage | 2.5.x+ | Deprecated | TBD | diff --git a/generated/_vendor/github.com/chef/cookstyle/docs-chef-io/assets/cookstyle/cops_chef_correctness_opensslpasswordhelpers.yml b/generated/_vendor/github.com/chef/cookstyle/docs-chef-io/assets/cookstyle/cops_chef_correctness_opensslpasswordhelpers.yml index 01bbde7e60..f30c542e3a 100644 --- a/generated/_vendor/github.com/chef/cookstyle/docs-chef-io/assets/cookstyle/cops_chef_correctness_opensslpasswordhelpers.yml +++ b/generated/_vendor/github.com/chef/cookstyle/docs-chef-io/assets/cookstyle/cops_chef_correctness_opensslpasswordhelpers.yml @@ -10,7 +10,7 @@ description: |- basic_auth_password = secure_password autocorrection: false target_chef_version: All Versions -examples: +examples: version_added: 6.6.0 enabled: true excluded_file_paths: diff --git a/generated/_vendor/github.com/chef/cookstyle/docs-chef-io/assets/cookstyle/cops_chef_deprecations_cheffile.yml b/generated/_vendor/github.com/chef/cookstyle/docs-chef-io/assets/cookstyle/cops_chef_deprecations_cheffile.yml index 9fd44cf2b0..4cc440d474 100644 --- a/generated/_vendor/github.com/chef/cookstyle/docs-chef-io/assets/cookstyle/cops_chef_deprecations_cheffile.yml +++ b/generated/_vendor/github.com/chef/cookstyle/docs-chef-io/assets/cookstyle/cops_chef_deprecations_cheffile.yml @@ -8,7 +8,7 @@ description: The Librarian-Chef depsolving project is no longer maintained and a offers a more similar, and still supported, experience to Librarian-Chef. autocorrection: false target_chef_version: All Versions -examples: +examples: version_added: 5.12.0 enabled: true included_file_paths: diff --git a/generated/_vendor/github.com/chef/cookstyle/docs-chef-io/assets/cookstyle/cops_chef_deprecations_delivery.yml b/generated/_vendor/github.com/chef/cookstyle/docs-chef-io/assets/cookstyle/cops_chef_deprecations_delivery.yml index 84c0b75d73..ab7a22740a 100644 --- a/generated/_vendor/github.com/chef/cookstyle/docs-chef-io/assets/cookstyle/cops_chef_deprecations_delivery.yml +++ b/generated/_vendor/github.com/chef/cookstyle/docs-chef-io/assets/cookstyle/cops_chef_deprecations_delivery.yml @@ -9,7 +9,7 @@ description: |- or Delivery cookbooks. The contents of this directory are now obsolete and should be removed. autocorrection: false target_chef_version: All Versions -examples: +examples: version_added: 7.31.0 enabled: true included_file_paths: diff --git a/generated/_vendor/github.com/chef/cookstyle/docs-chef-io/assets/cookstyle/cops_chef_deprecations_foodcriticfile.yml b/generated/_vendor/github.com/chef/cookstyle/docs-chef-io/assets/cookstyle/cops_chef_deprecations_foodcriticfile.yml index 7dfbf83d9e..1669dc1715 100644 --- a/generated/_vendor/github.com/chef/cookstyle/docs-chef-io/assets/cookstyle/cops_chef_deprecations_foodcriticfile.yml +++ b/generated/_vendor/github.com/chef/cookstyle/docs-chef-io/assets/cookstyle/cops_chef_deprecations_foodcriticfile.yml @@ -7,7 +7,7 @@ description: The Foodcritic cookbook linter has been deprecated and should no lo by Foodcritic in your cookbooks. autocorrection: false target_chef_version: All Versions -examples: +examples: version_added: 7.32.0 enabled: true included_file_paths: diff --git a/generated/_vendor/github.com/chef/cookstyle/docs-chef-io/assets/cookstyle/cops_chef_deprecations_searchusespositionalparameters.yml b/generated/_vendor/github.com/chef/cookstyle/docs-chef-io/assets/cookstyle/cops_chef_deprecations_searchusespositionalparameters.yml index f5fb6f09e0..a6483b1661 100644 --- a/generated/_vendor/github.com/chef/cookstyle/docs-chef-io/assets/cookstyle/cops_chef_deprecations_searchusespositionalparameters.yml +++ b/generated/_vendor/github.com/chef/cookstyle/docs-chef-io/assets/cookstyle/cops_chef_deprecations_searchusespositionalparameters.yml @@ -11,7 +11,7 @@ description: |- search(:node, '*:*', start: 0) autocorrection: true target_chef_version: All Versions -examples: +examples: version_added: 5.11.0 enabled: true excluded_file_paths: diff --git a/generated/_vendor/github.com/chef/cookstyle/docs-chef-io/assets/cookstyle/cops_chef_effortless_berksfile.yml b/generated/_vendor/github.com/chef/cookstyle/docs-chef-io/assets/cookstyle/cops_chef_effortless_berksfile.yml index b154c95fd6..548e1b595b 100644 --- a/generated/_vendor/github.com/chef/cookstyle/docs-chef-io/assets/cookstyle/cops_chef_effortless_berksfile.yml +++ b/generated/_vendor/github.com/chef/cookstyle/docs-chef-io/assets/cookstyle/cops_chef_effortless_berksfile.yml @@ -6,7 +6,7 @@ description: Policyfiles should be used for cookbook dependency solving instead a Berkshelf Berksfile. autocorrection: false target_chef_version: All Versions -examples: +examples: version_added: 5.12.0 enabled: false included_file_paths: diff --git a/generated/_vendor/github.com/chef/cookstyle/docs-chef-io/assets/cookstyle/cops_chef_modernize_definitions.yml b/generated/_vendor/github.com/chef/cookstyle/docs-chef-io/assets/cookstyle/cops_chef_modernize_definitions.yml index 2a76d7e225..b48a80d496 100644 --- a/generated/_vendor/github.com/chef/cookstyle/docs-chef-io/assets/cookstyle/cops_chef_modernize_definitions.yml +++ b/generated/_vendor/github.com/chef/cookstyle/docs-chef-io/assets/cookstyle/cops_chef_modernize_definitions.yml @@ -9,7 +9,7 @@ description: In 2016 with Chef Infra Client 12.5 Custom Resources were introduce resource reporting. autocorrection: false target_chef_version: All Versions -examples: +examples: version_added: 5.11.0 enabled: true included_file_paths: diff --git a/generated/_vendor/github.com/chef/cookstyle/docs-chef-io/assets/cookstyle/cops_chef_redundantcode_sensitivepropertyinresource.yml b/generated/_vendor/github.com/chef/cookstyle/docs-chef-io/assets/cookstyle/cops_chef_redundantcode_sensitivepropertyinresource.yml index 8303c7919a..b61f14aa86 100644 --- a/generated/_vendor/github.com/chef/cookstyle/docs-chef-io/assets/cookstyle/cops_chef_redundantcode_sensitivepropertyinresource.yml +++ b/generated/_vendor/github.com/chef/cookstyle/docs-chef-io/assets/cookstyle/cops_chef_redundantcode_sensitivepropertyinresource.yml @@ -9,7 +9,7 @@ description: |- property :sensitive, [true, false], default: false autocorrection: true target_chef_version: All Versions -examples: +examples: version_added: 5.16.0 enabled: true included_file_paths: diff --git a/generated/_vendor/github.com/chef/cookstyle/docs-chef-io/assets/cookstyle/cops_chef_ruby_gemspeclicense.yml b/generated/_vendor/github.com/chef/cookstyle/docs-chef-io/assets/cookstyle/cops_chef_ruby_gemspeclicense.yml new file mode 100644 index 0000000000..413de2683f --- /dev/null +++ b/generated/_vendor/github.com/chef/cookstyle/docs-chef-io/assets/cookstyle/cops_chef_ruby_gemspeclicense.yml @@ -0,0 +1,14 @@ +--- +short_name: GemspecLicense +full_name: Chef/Ruby/GemspecLicense +department: Chef/Ruby +description: All gemspec files should define their license. +autocorrection: false +target_chef_version: All Versions +examples: |2- + + # good + spec.license = "Apache-2.0" + ``` +version_added: +enabled: false diff --git a/generated/_vendor/github.com/chef/cookstyle/docs-chef-io/assets/cookstyle/cops_chef_ruby_gemspecrequirerubygems.yml b/generated/_vendor/github.com/chef/cookstyle/docs-chef-io/assets/cookstyle/cops_chef_ruby_gemspecrequirerubygems.yml new file mode 100644 index 0000000000..02a65dfa91 --- /dev/null +++ b/generated/_vendor/github.com/chef/cookstyle/docs-chef-io/assets/cookstyle/cops_chef_ruby_gemspecrequirerubygems.yml @@ -0,0 +1,11 @@ +--- +short_name: GemspecRequireRubygems +full_name: Chef/Ruby/GemspecRequireRubygems +department: Chef/Ruby +description: Rubygems does not need to be required in a Gemspec. It's already loaded + out of the box in Ruby now. +autocorrection: true +target_chef_version: All Versions +examples: +version_added: +enabled: false diff --git a/generated/_vendor/github.com/chef/cookstyle/docs-chef-io/assets/cookstyle/cops_chef_ruby_legacypowershelloutmethods.yml b/generated/_vendor/github.com/chef/cookstyle/docs-chef-io/assets/cookstyle/cops_chef_ruby_legacypowershelloutmethods.yml new file mode 100644 index 0000000000..5670632813 --- /dev/null +++ b/generated/_vendor/github.com/chef/cookstyle/docs-chef-io/assets/cookstyle/cops_chef_ruby_legacypowershelloutmethods.yml @@ -0,0 +1,12 @@ +--- +short_name: LegacyPowershellOutMethods +full_name: Chef/Ruby/LegacyPowershellOutMethods +department: Chef/Ruby +description: |- + Use powershell_exec!/powershell_exec instead of powershell_out!/powershell_out. The new + methods don't spawn 2 shells per shellout and instead use .NET bindings to call PS directly. +autocorrection: false +target_chef_version: All Versions +examples: +version_added: +enabled: false diff --git a/generated/_vendor/github.com/chef/cookstyle/docs-chef-io/assets/cookstyle/cops_chef_ruby_requirenethttps.yml b/generated/_vendor/github.com/chef/cookstyle/docs-chef-io/assets/cookstyle/cops_chef_ruby_requirenethttps.yml new file mode 100644 index 0000000000..41238c40d2 --- /dev/null +++ b/generated/_vendor/github.com/chef/cookstyle/docs-chef-io/assets/cookstyle/cops_chef_ruby_requirenethttps.yml @@ -0,0 +1,19 @@ +--- +short_name: RequireNetHttps +full_name: Chef/Ruby/RequireNetHttps +department: Chef/Ruby +description: net/https is deprecated and just includes net/http and openssl. We should + include those directly instead. +autocorrection: true +target_chef_version: All Versions +examples: |2- + + # bad + require 'net/https' + + # good + require 'net/http' + require 'openssl' + ``` +version_added: +enabled: false diff --git a/generated/_vendor/github.com/chef/cookstyle/docs-chef-io/assets/cookstyle/cops_chef_ruby_unlessdefinedrequire.yml b/generated/_vendor/github.com/chef/cookstyle/docs-chef-io/assets/cookstyle/cops_chef_ruby_unlessdefinedrequire.yml new file mode 100644 index 0000000000..a0427721b7 --- /dev/null +++ b/generated/_vendor/github.com/chef/cookstyle/docs-chef-io/assets/cookstyle/cops_chef_ruby_unlessdefinedrequire.yml @@ -0,0 +1,12 @@ +--- +short_name: UnlessDefinedRequire +full_name: Chef/Ruby/UnlessDefinedRequire +department: Chef/Ruby +description: |- + Rubygems is VERY slow to require gems even if they've already been loaded. To work around this + wrap your require statement with an `if defined?()` check. +autocorrection: true +target_chef_version: All Versions +examples: +version_added: +enabled: false diff --git a/generated/_vendor/github.com/chef/cookstyle/docs-chef-io/assets/cookstyle/cops_chef_style_commentsentencespacing.yml b/generated/_vendor/github.com/chef/cookstyle/docs-chef-io/assets/cookstyle/cops_chef_style_commentsentencespacing.yml index 9b7d6b1bb1..8c24516237 100644 --- a/generated/_vendor/github.com/chef/cookstyle/docs-chef-io/assets/cookstyle/cops_chef_style_commentsentencespacing.yml +++ b/generated/_vendor/github.com/chef/cookstyle/docs-chef-io/assets/cookstyle/cops_chef_style_commentsentencespacing.yml @@ -7,6 +7,6 @@ description: |- Note: This is DISABLED by default. autocorrection: true target_chef_version: All Versions -examples: +examples: version_added: 5.1.0 enabled: false diff --git a/generated/_vendor/modules.txt b/generated/_vendor/modules.txt index f724d229ca..8e17f3f537 100644 --- a/generated/_vendor/modules.txt +++ b/generated/_vendor/modules.txt @@ -1 +1 @@ -# github.com/chef/cookstyle/docs-chef-io v0.0.0-20230825054940-2971520aef80 +# github.com/chef/cookstyle/docs-chef-io v0.0.0-20240123213114-ace8dd00994a diff --git a/generated/generated_content/workstation/cookstyle/cops/_index.md b/generated/generated_content/workstation/cookstyle/cops/_index.md index 7d503fea54..0b69f9aa40 100644 --- a/generated/generated_content/workstation/cookstyle/cops/_index.md +++ b/generated/generated_content/workstation/cookstyle/cops/_index.md @@ -264,6 +264,16 @@ These cops detect redundant cookbook code. - [UnnecessaryNameProperty](/workstation/cookstyle/cops/chef_redundantcode_unnecessarynameproperty) - [UseCreateIfMissing](/workstation/cookstyle/cops/chef_redundantcode_usecreateifmissing) +## Chef/Ruby + + + +- [GemspecLicense](/workstation/cookstyle/cops/chef_ruby_gemspeclicense) +- [GemspecRequireRubygems](/workstation/cookstyle/cops/chef_ruby_gemspecrequirerubygems) +- [LegacyPowershellOutMethods](/workstation/cookstyle/cops/chef_ruby_legacypowershelloutmethods) +- [RequireNetHttps](/workstation/cookstyle/cops/chef_ruby_requirenethttps) +- [UnlessDefinedRequire](/workstation/cookstyle/cops/chef_ruby_unlessdefinedrequire) + ## Chef/Security These cops detect potential security issues in your cookbook code. diff --git a/generated/generated_content/workstation/cookstyle/cops/chef_ruby_gemspeclicense.md b/generated/generated_content/workstation/cookstyle/cops/chef_ruby_gemspeclicense.md new file mode 100644 index 0000000000..edc57bea87 --- /dev/null +++ b/generated/generated_content/workstation/cookstyle/cops/chef_ruby_gemspeclicense.md @@ -0,0 +1,43 @@ ++++ +title = "Chef/Ruby/GemspecLicense" +aliases = ["/workstation/cookstyle/chef_ruby_gemspeclicense/"] + ++++ + + + +[Cookstyle cops page](/workstation/cookstyle/cops/) + +The Cookstyle cops department: `Chef/Ruby` + +| Enabled by default | Supports autocorrection | Target Chef Version | +| --- | --- | --- | +| Not Enabled | No | All Versions | + +All gemspec files should define their license. + +## Examples + +# good +spec.license = "Apache-2.0" +``` + +## Configurable attributes + + + + + + + + + + + + + + + +
NameDefault valueConfigurable values
Version AddedString
Include
    +
+		Array
diff --git a/generated/generated_content/workstation/cookstyle/cops/chef_ruby_gemspecrequirerubygems.md b/generated/generated_content/workstation/cookstyle/cops/chef_ruby_gemspecrequirerubygems.md new file mode 100644 index 0000000000..595b70d1e3 --- /dev/null +++ b/generated/generated_content/workstation/cookstyle/cops/chef_ruby_gemspecrequirerubygems.md @@ -0,0 +1,40 @@ ++++ +title = "Chef/Ruby/GemspecRequireRubygems" +aliases = ["/workstation/cookstyle/chef_ruby_gemspecrequirerubygems/"] + ++++ + + + +[Cookstyle cops page](/workstation/cookstyle/cops/) + +The Cookstyle cops department: `Chef/Ruby` + +| Enabled by default | Supports autocorrection | Target Chef Version | +| --- | --- | --- | +| Not Enabled | Yes | All Versions | + +Rubygems does not need to be required in a Gemspec. It's already loaded out of the box in Ruby now. + +## Examples + + +## Configurable attributes + + + + + + + + + + + + + + + +
NameDefault valueConfigurable values
Version AddedString
Include
    +
+		Array
diff --git a/generated/generated_content/workstation/cookstyle/cops/chef_ruby_legacypowershelloutmethods.md b/generated/generated_content/workstation/cookstyle/cops/chef_ruby_legacypowershelloutmethods.md new file mode 100644 index 0000000000..d5007611fe --- /dev/null +++ b/generated/generated_content/workstation/cookstyle/cops/chef_ruby_legacypowershelloutmethods.md @@ -0,0 +1,41 @@ ++++ +title = "Chef/Ruby/LegacyPowershellOutMethods" +aliases = ["/workstation/cookstyle/chef_ruby_legacypowershelloutmethods/"] + ++++ + + + +[Cookstyle cops page](/workstation/cookstyle/cops/) + +The Cookstyle cops department: `Chef/Ruby` + +| Enabled by default | Supports autocorrection | Target Chef Version | +| --- | --- | --- | +| Not Enabled | No | All Versions | + +Use powershell_exec!/powershell_exec instead of powershell_out!/powershell_out. The new +methods don't spawn 2 shells per shellout and instead use .NET bindings to call PS directly. + +## Examples + + +## Configurable attributes + + + + + + + + + + + + + + + +
NameDefault valueConfigurable values
Version AddedString
Include
    +
+		Array
diff --git a/generated/generated_content/workstation/cookstyle/cops/chef_ruby_requirenethttps.md b/generated/generated_content/workstation/cookstyle/cops/chef_ruby_requirenethttps.md new file mode 100644 index 0000000000..9e03dd6545 --- /dev/null +++ b/generated/generated_content/workstation/cookstyle/cops/chef_ruby_requirenethttps.md @@ -0,0 +1,47 @@ ++++ +title = "Chef/Ruby/RequireNetHttps" +aliases = ["/workstation/cookstyle/chef_ruby_requirenethttps/"] + ++++ + + + +[Cookstyle cops page](/workstation/cookstyle/cops/) + +The Cookstyle cops department: `Chef/Ruby` + +| Enabled by default | Supports autocorrection | Target Chef Version | +| --- | --- | --- | +| Not Enabled | Yes | All Versions | + +net/https is deprecated and just includes net/http and openssl. We should include those directly instead. + +## Examples + +# bad +require 'net/https' + +# good +require 'net/http' +require 'openssl' +``` + +## Configurable attributes + + + + + + + + + + + + + + + +
NameDefault valueConfigurable values
Version AddedString
Include
    +
+		Array
diff --git a/generated/generated_content/workstation/cookstyle/cops/chef_ruby_unlessdefinedrequire.md b/generated/generated_content/workstation/cookstyle/cops/chef_ruby_unlessdefinedrequire.md new file mode 100644 index 0000000000..9f51d85b76 --- /dev/null +++ b/generated/generated_content/workstation/cookstyle/cops/chef_ruby_unlessdefinedrequire.md @@ -0,0 +1,41 @@ ++++ +title = "Chef/Ruby/UnlessDefinedRequire" +aliases = ["/workstation/cookstyle/chef_ruby_unlessdefinedrequire/"] + ++++ + + + +[Cookstyle cops page](/workstation/cookstyle/cops/) + +The Cookstyle cops department: `Chef/Ruby` + +| Enabled by default | Supports autocorrection | Target Chef Version | +| --- | --- | --- | +| Not Enabled | Yes | All Versions | + +Rubygems is VERY slow to require gems even if they've already been loaded. To work around this +wrap your require statement with an `if defined?()` check. + +## Examples + + +## Configurable attributes + + + + + + + + + + + + + + + +
NameDefault valueConfigurable values
Version AddedString
Include
    +
+		Array
diff --git a/generated/go.mod b/generated/go.mod index ace29d8f3b..ef8aff1d39 100644 --- a/generated/go.mod +++ b/generated/go.mod @@ -3,6 +3,6 @@ module github.com/chef/chef-web-docs/generated go 1.17 require ( - github.com/chef/cookstyle v7.32.3+incompatible // indirect - github.com/chef/cookstyle/docs-chef-io v0.0.0-20230825054940-2971520aef80 // indirect + github.com/chef/cookstyle v7.32.7+incompatible // indirect + github.com/chef/cookstyle/docs-chef-io v0.0.0-20240123213114-ace8dd00994a // indirect ) diff --git a/generated/go.sum b/generated/go.sum index 1fe377ebed..9406f1df93 100644 --- a/generated/go.sum +++ b/generated/go.sum @@ -1,4 +1,4 @@ -github.com/chef/cookstyle v7.32.3+incompatible h1:7ZJ3ZdAOAnElLm2nI3FycomDGAZLXXghCX2AsFpd6s8= -github.com/chef/cookstyle v7.32.3+incompatible/go.mod h1:KUadmsdBr7Hpo5dtGVQMiwb8KlC91W3j1lfc0yuVwtw= -github.com/chef/cookstyle/docs-chef-io v0.0.0-20230825054940-2971520aef80 h1:qR1b+TF26odPlERq2C75CrFcIFmJ9TJCjGEs2fUT/0c= -github.com/chef/cookstyle/docs-chef-io v0.0.0-20230825054940-2971520aef80/go.mod h1:1JOEECsW9ozt1/RmprJjAQEvCrOHobpWepSQJRQOhnY= +github.com/chef/cookstyle v7.32.7+incompatible h1:xuM38xNnGIjZEkDFSpoJMnB3A7d0mhiy6IA4fJbbSno= +github.com/chef/cookstyle v7.32.7+incompatible/go.mod h1:KUadmsdBr7Hpo5dtGVQMiwb8KlC91W3j1lfc0yuVwtw= +github.com/chef/cookstyle/docs-chef-io v0.0.0-20240123213114-ace8dd00994a h1:Wctokx9S/SZdDa6sY5XZkE5LZ9cXPrjctiUrKLNvsSQ= +github.com/chef/cookstyle/docs-chef-io v0.0.0-20240123213114-ace8dd00994a/go.mod h1:1JOEECsW9ozt1/RmprJjAQEvCrOHobpWepSQJRQOhnY= diff --git a/go.mod b/go.mod index 8f02b70cba..df73868a7c 100644 --- a/go.mod +++ b/go.mod @@ -3,15 +3,15 @@ module github.com/chef/chef-web-docs go 1.18 require ( - github.com/chef/automate/components/docs-chef-io v0.0.0-20231027151655-61e0a5d70b2c // indirect - github.com/chef/chef-server/docs-chef-io v0.0.0-20231127093116-305bca610b36 // indirect + github.com/chef/automate/components/docs-chef-io v0.0.0-20231211091719-675a588cf45d // indirect + github.com/chef/chef-server/docs-chef-io v0.0.0-20240110155437-6cd481103560 // indirect github.com/chef/chef-workstation/docs-chef-io v0.0.0-20231204171850-c0bc9926378a // indirect github.com/chef/compliance-profiles/docs-chef-io v0.0.0-20231031143423-5ffd549d4a19 // indirect github.com/chef/compliance-remediation-2022/docs-chef-io v0.0.0-20230809063034-95b117807a75 // indirect github.com/chef/desktop-config/docs-chef-io v0.0.0-20230711052355-bad26ce3ac0b // indirect github.com/chef/effortless/docs-chef-io v0.0.0-20230711123605-c8beb79aba4f // indirect github.com/chef/license-service/docs-chef-io v0.0.0-20231117105514-d3f3d53ba2dd // indirect - github.com/chef/supermarket/docs-chef-io v0.0.0-20231004141257-7ada2c50bece // indirect + github.com/chef/supermarket/docs-chef-io v0.0.0-20240108083346-2a3969cbfd05 // indirect github.com/cowboy/jquery-hashchange v0.0.0-20100902193700-0310f3847f90 // indirect github.com/habitat-sh/habitat/components/docs-chef-io v0.0.0-20230808222519-d0c20bbe8c45 // indirect github.com/inspec/inspec-alicloud/docs-chef-io v0.0.0-20220614123852-e453ba687370 // indirect diff --git a/go.sum b/go.sum index d1054d6a4a..575fbed5a9 100644 --- a/go.sum +++ b/go.sum @@ -1,10 +1,10 @@ cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/chef/automate/components/docs-chef-io v0.0.0-20231027151655-61e0a5d70b2c h1:qp3KGGBgifLcQFbci1bzNDNI8qoIwVLvRCuvSfzuCPI= -github.com/chef/automate/components/docs-chef-io v0.0.0-20231027151655-61e0a5d70b2c/go.mod h1:juvLC7Rt33YOCgJ5nnfl4rWZRAbSwqjTbWmcAoA0LtU= -github.com/chef/chef-server/docs-chef-io v0.0.0-20231127093116-305bca610b36 h1:yognvfb/VxihujSLSPmu3mFZ+fXgzDv/L4+84W9TA1o= -github.com/chef/chef-server/docs-chef-io v0.0.0-20231127093116-305bca610b36/go.mod h1:gMSa25GUHmLimA0gjvRd3hs1buOBqkKPrdHzHvaJauY= +github.com/chef/automate/components/docs-chef-io v0.0.0-20231211091719-675a588cf45d h1:nn49oLfseVTQUqwfogcFzo4f1HdhKfM7IE3C5IZ2UIA= +github.com/chef/automate/components/docs-chef-io v0.0.0-20231211091719-675a588cf45d/go.mod h1:juvLC7Rt33YOCgJ5nnfl4rWZRAbSwqjTbWmcAoA0LtU= +github.com/chef/chef-server/docs-chef-io v0.0.0-20240110155437-6cd481103560 h1:1fbTdNlat08FZ9xTSEnyBmTFrVj1O75bwo3x6Iaab40= +github.com/chef/chef-server/docs-chef-io v0.0.0-20240110155437-6cd481103560/go.mod h1:gMSa25GUHmLimA0gjvRd3hs1buOBqkKPrdHzHvaJauY= github.com/chef/chef-workstation/docs-chef-io v0.0.0-20231204171850-c0bc9926378a h1:3Yo2eavBf3KWbUcDq71I1wsOPSjeGL9/MvB8bhMw0Ys= github.com/chef/chef-workstation/docs-chef-io v0.0.0-20231204171850-c0bc9926378a/go.mod h1:gvoh6ov1YU98CVzBEWzEZeCLTRunfQ6r1VO7M3LFE9U= github.com/chef/compliance-profiles/docs-chef-io v0.0.0-20231031143423-5ffd549d4a19 h1:EH5D0WGIvEi2m87pSHKdQPXCuiVrBHcyIenonB3YpTM= @@ -17,8 +17,8 @@ github.com/chef/effortless/docs-chef-io v0.0.0-20230711123605-c8beb79aba4f h1:6+ github.com/chef/effortless/docs-chef-io v0.0.0-20230711123605-c8beb79aba4f/go.mod h1:Lfq+HjwAQwUJ41EPTO/8qbI1oJb2i415fR28d2Ig9kc= github.com/chef/license-service/docs-chef-io v0.0.0-20231117105514-d3f3d53ba2dd h1:I4Rgzposq3E5Dd+swVEry+rs3zvEKSN29NS3noKRcTY= github.com/chef/license-service/docs-chef-io v0.0.0-20231117105514-d3f3d53ba2dd/go.mod h1:leNCF0KadV7zjm7YpVegNnbmWYUFXgaPKHP4tTDacos= -github.com/chef/supermarket/docs-chef-io v0.0.0-20231004141257-7ada2c50bece h1:qCHZDu6a+UgOvMvLRsT9wAfi7P2+uKQm+H1kvpeZ7k4= -github.com/chef/supermarket/docs-chef-io v0.0.0-20231004141257-7ada2c50bece/go.mod h1:L0DhIJHTKsPYhAr9TrhAIg3KXtrS9BJF0XNHfGDDGGg= +github.com/chef/supermarket/docs-chef-io v0.0.0-20240108083346-2a3969cbfd05 h1:G41HG7Z9I1yjhCo4OrH4RQW9ByKk6hkA3nXXs9Ekmzs= +github.com/chef/supermarket/docs-chef-io v0.0.0-20240108083346-2a3969cbfd05/go.mod h1:L0DhIJHTKsPYhAr9TrhAIg3KXtrS9BJF0XNHfGDDGGg= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cowboy/jquery-hashchange v0.0.0-20100902193700-0310f3847f90 h1:p/a5iSATj0OjrqJLX/YKxYdGXhZzW58yyyNIC4JY4S0= github.com/cowboy/jquery-hashchange v0.0.0-20100902193700-0310f3847f90/go.mod h1:N/6F0+wmdvL6k0AjqyKIncMRClKAN92atjZdTLtYMaw= diff --git a/layouts/shortcodes/inspec/inspec_filter_table.md b/layouts/shortcodes/inspec/inspec_filter_table.md new file mode 100644 index 0000000000..c4aabf71e8 --- /dev/null +++ b/layouts/shortcodes/inspec/inspec_filter_table.md @@ -0,0 +1,7 @@ +
+

Note

+
+

See the documentation on FilterTable for information on using filter criteria on plural resources. +

+
+
diff --git a/layouts/shortcodes/inspec/inspec_installation.md b/layouts/shortcodes/inspec/inspec_installation.md new file mode 100644 index 0000000000..e376eb7104 --- /dev/null +++ b/layouts/shortcodes/inspec/inspec_installation.md @@ -0,0 +1 @@ +This resource is distributed with Chef InSpec and is automatically available for use. diff --git a/layouts/shortcodes/inspec/inspec_matchers_link.md b/layouts/shortcodes/inspec/inspec_matchers_link.md new file mode 100644 index 0000000000..be09a9bdee --- /dev/null +++ b/layouts/shortcodes/inspec/inspec_matchers_link.md @@ -0,0 +1,2 @@ + +This Chef InSpec audit resource has the following special matchers. For a full list of available matchers, see our [Universal Matchers page](/inspec/matchers/). diff --git a/layouts/shortcodes/inspec_filter_table.md b/layouts/shortcodes/inspec_filter_table.md new file mode 100644 index 0000000000..92b235679d --- /dev/null +++ b/layouts/shortcodes/inspec_filter_table.md @@ -0,0 +1,8 @@ + +
+

Note

+
+

See the documentation on FilterTable for information on using filter criteria on plural resources. +

+
+
diff --git a/layouts/shortcodes/inspec_matchers_link.md b/layouts/shortcodes/inspec_matchers_link.md new file mode 100644 index 0000000000..be09a9bdee --- /dev/null +++ b/layouts/shortcodes/inspec_matchers_link.md @@ -0,0 +1,2 @@ + +This Chef InSpec audit resource has the following special matchers. For a full list of available matchers, see our [Universal Matchers page](/inspec/matchers/). diff --git a/tools/vale/Microsoft/RangeFormat.yml b/tools/vale/Microsoft/RangeFormat.yml index f1d736e9de..452f7172ef 100644 --- a/tools/vale/Microsoft/RangeFormat.yml +++ b/tools/vale/Microsoft/RangeFormat.yml @@ -10,4 +10,4 @@ action: - '-' - '–' tokens: - - '\b\d+\s?[-]\s?\d+\b' + - '(?