The chef-server.rb file contains all of the non-default configuration settings used by the Chef server. (The default settings are built-in to the Chef server configuration and should only be added to the chef-server.rb file to apply non-default values.) These configuration settings are processed when the chef-server-ctl reconfigure
command is run, such as immediately after setting up the Chef server or after making a change to the underlying configuration settings after the server has been deployed. The chef-server.rb file is a Ruby file, which means that conditional statements can be used in the configuration file.
Note
The chef-server.rb file does not exist by default. To modify the settings for the Chef server, create a file named chef-server.rb
in the /etc/opscode/
directory.
Note
This file was named private-chef.rb in previous versions of Enterprise Chef. After an upgrade to Chef server 12 from Enterprise Chef, the private-chef.rb file is symlinked to chef-server.rb. The private-chef.rb file is deprecated, starting with Chef server 12.
The following sections describe the various settings that are available in the chef-server.rb file.
Note
When changes are made to the chef-server.rb file the Chef server must be reconfigured by running the following command:
$ chef-server-ctl reconfigure
This configuration file has the following general settings:
addons['install']
false
.addons['path']
nil
.addons['packages']
Default value:
%w{opscode-reporting chef-manage opscode-analytics opscode-push-jobs-server}
api_version
'12.0.0'
.default_orgname
/organizations/ORG_NAME
endpoint. Use this setting to ensure that migrated Open Source Chef servers are able to connect to the Chef server API. This value should be the same as the name of the organization that was created during the upgrade from Open Source Chef version 11 to Chef server version 12, which means it will be identical to the ORG_NAME
part of the /organizations
endpoint in Chef server version 12. Default value: the name of the organization specified during the upgrade process from Open Source Chef 11 to Chef server 12.flavor
'cs'
.install_path
'/opt/opscode'
.from_email
'"Opscode" <[email protected]>'
.license['nodes']
25
.license['upgrade_url']
'http://www.chef.io/contact/on-premises-simple'
.notification_email
'[email protected]'
.role
backend
, frontend
, or standalone
. Default value: 'standalone'
.topology
ha
, manual
, standalone
, and tier
. Default value: 'standalone'
.The bookshelf service is an Amazon Simple Storage Service (S3)-compatible service that is used to store cookbooks, including all of the files—recipes, templates, and so on—that are associated with each cookbook.
Note
To configure the server for external cookbook storage, updates are made to settings for both the bookshelf and opscode-erchef services.
This configuration file has the following settings for bookshelf
:
bookshelf['access_key_id']
bookshelf['vip']
, for the endpoint used by the chef-client; bookshelf['external_url']
, for the endpoint used by the Chef server; bookshelf['access_key_id']
, for user access key; bookshelf['secret_access_key']
, for secret key; and opscode_erchef['s3_bucket']
, for the bucket name. Reconfigure the Chef server after changing these settings. Default value: generated by default.bookshelf['data_dir']
/var/opt/opscode/bookshelf/data
.bookshelf['dir']
/var/opt/opscode/bookshelf
.bookshelf['enable']
true
.bookshelf['external_url']
:host_header
to ensure the URL is derived from the host header of the incoming HTTP request. Default value: :host_header
.bookshelf['ha']
topology
is set to ha
, this setting defaults to true
. Default value: false
.bookshelf['listen']
127.0.0.1
.bookshelf['log_directory']
/var/log/opscode/bookshelf
.bookshelf['log_rotation']
The log rotation policy for this service. Log files are rotated when they exceed file_maxbytes
. The maximum number of log files in the rotation is defined by num_to_keep
. Default value:
{ 'file_maxbytes' => 104857600, 'num_to_keep' => 10 }
bookshelf['port']
4321
.bookshelf['secret_access_key']
bookshelf['vip']
, for the endpoint used by the chef-client; bookshelf['external_url']
, for the endpoint used by the Chef server; bookshelf['access_key_id']
, for user access key; bookshelf['secret_access_key']
, for secret key; and opscode_erchef['s3_bucket']
, for the bucket name. Reconfigure the Chef server after changing these settings. Default value: generated by default.bookshelf['stream_download']
true
) typically results in improved cookbook download performance, especially with the memory usage of the bookshelf service and the behavior of load balancers and proxies in-between the chef-client and the Chef server. Default value: true
.bookshelf['vip']
127.0.0.1
.This configuration file has the following settings for bootstrap
:
bootstrap['enable']
server
entry. Default value: true
.This configuration file has the following settings for dark_launch
:
dark_launch['actions']
true
.dark_launch['add_type_and_bag_to_items']
true
.dark_launch['new_theme']
true
.dark_launch['private-chef']
true
.dark_launch['quick_start']
false
.dark_launch['reporting']
true
.dark_launch['sql_users']
true
.This configuration file has the following settings for estatsd
:
estatsd['dir']
'/var/opt/opscode/estatsd'
.estatsd['enable']
true
.estatsd['log_directory']
'/var/log/opscode/estatsd'
.estatsd['port']
9466
.estatsd['protocol']
statsd
to apply StatsD protocol formatting.estatsd['vip']
'127.0.0.1'
.This configuration file has the following settings for jetty
:
jetty['enable']
'false'
. This value should not be modified.jetty['ha']
topology
is set to ha
, this setting defaults to true
. Default value: 'false'
.jetty['log_directory']
The directory in which log data is stored. The default value is the recommended value. Default value:
'/var/opt/opscode/opscode-solr4/jetty/logs'
The keepalived service manages the virtual IP address (VIP) between the backend machines in a high availability topology that uses DRBD.
This configuration file has the following settings for keepalived
:
keepalived['dir']
'/var/opt/opscode/keepalived'
.keepalived['enable']
false
.keepalived['ipv6_on']
false
.keepalived['log_directory']
'/var/log/opscode/keepalived'
.keepalived['log_rotation']
file_maxbytes
. The maximum number of log files in the rotation is defined by num_to_keep
. Default value: { 'file_maxbytes' => 104857600, 'num_to_keep' => 10 }
keepalived['service_posthooks']
The directory to which Keepalived is to send POST
hooks. Default value:
'{ 'rabbitmq' => '/opt/opscode/bin/wait-for-rabbit' }'
keepalived['smtp_connect_timeout']
'30'
.keepalived['smtp_server']
'127.0.0.1'
.keepalived['vrrp_instance_advert_int']
'1'
.keepalived['vrrp_instance_interface']
'eth0'
.keepalived['vrrp_instance_ipaddress']
backend_vip
option. Default value: node['ipaddress']
.keepalived['vrrp_instance_ipaddress_dev']
'eth0'
.keepalived['vrrp_instance_nopreempt']
noprempt
value in VRRP.) Default value: 'true'
.keepalived['vrrp_instance_password']
'sneakybeaky'
.keepalived['vrrp_instance_preempt_delay']
prempt_delay
value for the VRRP instance. Default value: '30'
.keepalived['vrrp_instance_priority']
'100'
.keepalived['vrrp_instance_state']
'BACKUP'
.keepalived['vrrp_instance_virtual_router_id']
'1'
.keepalived['vrrp_sync_group']
'PC_GROUP'
.keepalived['vrrp_sync_instance']
'PC_VI'
.keepalived['vrrp_unicast_bind']
node['ipaddress']
.keepalived['vrrp_unicast_peer']
nil
.This configuration file has the following settings for lb
:
lb['api_fqdn']
node['fqdn']
.lb['ban_refresh_interval']
600
.lb['bookshelf']
127.0.0.1
.lb['cache_cookbook_files']
false
.lb['chef_max_version']
11
.lb['chef_min_version']
10
.lb['chef_server_webui']
127.0.0.1
.lb['debug']
false
.lb['enable']
true
.lb['erchef']
127.0.0.1
.lb['maint_refresh_interval']
600
.lb['redis_connection_pool_size']
250
.lb['redis_connection_timeout']
1000
.lb['redis_keepalive_timeout']
2000
.lb['upstream']['bookshelf']
[ '127.0.0.1' ]
.lb['upstream']['oc_bifrost']
[ '127.0.0.1' ]
.lb['upstream']['opscode_erchef']
[ '127.0.0.1' ]
.lb['upstream']['opscode_solr4']
[ '127.0.0.1' ]
.lb['vip']
127.0.0.1
.lb['web_ui_fqdn']
node['fqdn']
.lb['xdl_defaults']['503_mode']
false
.lb['xdl_defaults']['couchdb_acls']
true
.lb['xdl_defaults']['couchdb_association_requests']
true
.lb['xdl_defaults']['couchdb_associations']
true
.lb['xdl_defaults']['couchdb_containers']
true
.lb['xdl_defaults']['couchdb_groups']
true
.lb['xdl_defaults']['couchdb_organizations']
true
.And for the internal load balancers:
lb_internal['account_port']
9685
.lb_internal['chef_port']
9680
.lb_internal['enable']
true
.lb_internal['oc_bifrost_port']
9683
.lb_internal['vip']
'127.0.0.1'
.This configuration file has the following settings for ldap
:
ldap['base_dn']
The root LDAP node under which all other nodes exist in the directory structure. For Active Directory, this is typically cn=users
and then the domain. For example:
'OU=Employees,OU=Domain users,DC=example,DC=com'
Default value: nil
.
ldap['bind_dn']
The distinguished name used to bind to the LDAP server. The user the Chef server will use to perform LDAP searches. This is often the administrator or manager user. This user needs to have read access to all LDAP users that require authentication. The Chef server must do an LDAP search before any user can log in. Many Active Directory and LDAP systems do not allow an anonymous bind. If anonymous bind is allowed, leave the bind_dn
and bind_password
settings blank. If anonymous bind is not allowed, a user with READ
access to the directory is required. This user must be specified as an LDAP distinguished name similar to:
'CN=user,OU=Employees,OU=Domainuser,DC=example,DC=com'
Default value: nil
.
ldap['bind_password']
ldap['bind_dn']
. Leave this value and ldap['bind_dn']
unset if anonymous bind is sufficient. Default value: nil
.ldap['group_dn']
The distinguished name for a group. When set to the distinguished name of a group, only members of that group can log in. This feature filters based on the memberOf
attribute and only works with LDAP servers that provide such an attribute. In OpenLDAP, the memberOf
overlay provides this attribute. For example, if the value of the memberOf
attribute is CN=abcxyz,OU=users,DC=company,DC=com
, then use:
ldap['group_dn'] = 'CN=user,OU=Employees,DC=example,DC=com'
ldap['host']
ldap-server-host
.ldap['login_attribute']
sAMAccountName
.ldap['port']
389
or 636
when ldap['encryption']
is set to :simple_tls
.ldap['ssl_enabled']
Cause the Chef server to connect to the LDAP server using SSL. Default value: false
. Must be false
when ldap['tls_enabled']
is true
.
Note
Previous versions of the Chef server used the ldap['ssl_enabled']
setting to first enable SSL, and then the ldap['encryption']
setting to specify the encryption type. These settings are deprecated.
ldap['system_adjective']
A descriptive name for the login system that is displayed to users in the Chef server management console. If a value like “corporate” is used, then the Chef management console user interface will display strings like “the corporate login server”, “corporate login”, or “corporate password.” Default value: AD/LDAP
.
Warning
This setting is not used by the Chef server. It is used only by the Chef management console.
ldap['timeout']
60000
.ldap['tls_enabled']
Enable TLS. When enabled, communication with the LDAP server is done via a secure SSL connection on a dedicated port. When true
, ldap['port']
is also set to 636
. Default value: false
. Must be false
when ldap['ssl_enabled']
is true
.
Note
Previous versions of the Chef server used the ldap['ssl_enabled']
setting to first enable SSL, and then the ldap['encryption']
setting to specify the encryption type. These settings are deprecated.
This configuration file has the following settings for nginx
:
nginx['cache_max_size']
max_size
parameter used by the Nginx cache manager, which is part of the proxy_cache_path
directive. When the size of file storage exceeds this value, the Nginx cache manager removes the least recently used data. Default value: 5000m
.nginx['client_max_body_size']
Content-Length
request header. When the maximum accepted body size is greater than this value, a 413 Request Entity Too Large
error is returned. Default value: 250m
.nginx['dir']
/var/opt/opscode/nginx
.nginx['enable']
true
.nginx['enable_ipv6']
false
.nginx['enable_non_ssl']
true
, load balancers on the front-end hardware are allowed to do SSL termination of the WebUI and API. Default value: false
.nginx['enable_stub_status']
stub_status
module. See nginx['stub_status']['allow_list']
, nginx['stub_status']['listen_host']
, nginx['stub_status']['listen_port']
, and nginx['stub_status']['location']
. Default value: true
.nginx['gzip']
on
.nginx['gzip_comp_level']
1
, fastest) to the most (2
, slowest). Default value: 2
.nginx['gzip_http_version']
1.0
.nginx['gzip_proxied']
any
.nginx['gzip_types']
Enable compression for the specified MIME-types. Default value:
[ 'text/plain', 'text/css', 'application/x-javascript', 'text/xml', 'application/xml', 'application/xml+rss', 'text/javascript', 'application/json' ]
nginx['ha']
topology
is set to ha
, this setting defaults to true
. Default value: false
.nginx['keepalive_timeout']
65
.nginx['log_directory']
/var/log/opscode/nginx
.nginx['log_rotation']
file_maxbytes
. The maximum number of log files in the rotation is defined by num_to_keep
. Default value: { 'file_maxbytes' => 104857600, 'num_to_keep' => 10 }
nginx['non_ssl_port']
80
. Use nginx['enable_non_ssl']
to enable or disable SSL redirects on this port number. Set to false
to disable non-SSL connections.nginx['sendfile']
sendfile()
is used. Default value: on
.nginx['server_name']
node['fqdn']
.nginx['ssl_certificate']
nil
.nginx['ssl_certificate_key']
nil
.nginx['ssl_ciphers']
The list of supported cipher suites that are used to establish a secure connection. To favor AES256 with ECDHE forward security, drop the RC4-SHA:RC4-MD5:RC4:RSA
prefix. See this link for more information. For example:
nginx['ssl_ciphers'] = HIGH: ... :!PSK
nginx['ssl_company_name']
YouCorp
.nginx['ssl_country_name']
US
.nginx['ssl_email_address']
[email protected]
.nginx['ssl_locality_name']
Seattle
.nginx['ssl_organizational_unit_name']
Operations
.nginx['ssl_port']
443
.nginx['ssl_protocols']
The SSL protocol versions that are enabled. For the highest possible security, disable SSL 3.0 and allow only TLS:
nginx['ssl_protocols'] = 'TLSv1 TLSv1.1 TLSv1.2'
Default value: TLSv1 TLSv1.1 TLSv1.2
.
nginx['ssl_state_name']
WA
.nginx['stub_status']['allow_list']
stub_status
endpoint is allowed. Default value: ["127.0.0.1"]
.nginx['stub_status']['listen_host']
stub_status
module listens. Default value: "127.0.0.1"
.nginx['stub_status']['listen_port']
stub_status
module listens. Default value: "9999"
.nginx['stub_status']['location']
stub_status
endpoint used to access data generated by the Nginx stub_status
module. Default value: "/nginx_status"
.nginx['tcp_nodelay']
on
.nginx['tcp_nopush']
on
.nginx['url']
https://#{node['fqdn']}
.nginx['worker_connections']
nginx['worker_processes']
to determine the maximum number of allowed clients. Default value: 10240
.nginx['worker_processes']
nginx['worker_connections']
to determine the maximum number of allowed clients. Default value: node['cpu']['total'].to_i
.nginx['x_forwarded_proto']
http
and https
. This is the protocol used to connect to the Chef server by a chef-client or a workstation. Default value: 'https'
.The oc_bifrost service ensures that every request to view or manage objects stored on the Chef server is authorized.
This configuration file has the following settings for oc_bifrost
:
oc_bifrost['db_pool_size']
postgresql['max_connections']
setting for PostgreSQL. Default value: 20
.oc_bifrost['dir']
/var/opt/opscode/oc_bifrost
.oc_bifrost['enable']
true
.oc_bifrost['extended_perf_log']
true
.oc_bifrost['ha']
topology
is set to ha
, this setting defaults to true
.oc_bifrost['listen']
'127.0.0.1'
.oc_bifrost['log_directory']
/var/log/opscode/oc_bifrost
.oc_bifrost['log_rotation']
The log rotation policy for this service. Log files are rotated when they exceed file_maxbytes
. The maximum number of log files in the rotation is defined by num_to_keep
. Default value:
{ 'file_maxbytes' => 104857600, 'num_to_keep' => 10 }
oc_bifrost['port']
9463
.oc_bifrost['sql_password']
sql_user
. Default value: 'challengeaccepted'
.oc_bifrost['sql_ro_password']
sql_ro_user
. Default value: 'foreveralone'
.oc_bifrost['sql_ro_user']
'bifrost_ro'
.oc_bifrost['sql_user']
'bifrost'
.oc_bifrost['superuser_id']
'5ca1ab1ef005ba111abe11eddecafbad'
.oc_bifrost['vip']
'127.0.0.1'
.The opscode-authz service is used to handle authorization requests to the Chef server.
This configuration file has the following settings for oc_chef_authz
:
oc_chef_authz['http_cull_interval']
'{1, min}'
.oc_chef_authz['http_init_count']
25
.oc_chef_authz['http_max_age']
'{70, sec}'
.oc_chef_authz['http_max_connection_duration']
'{70, sec}'
.oc_chef_authz['http_max_count']
100
.oc_chef_authz['ibrowse_options']
'[{connect_timeout, 5000}]'
.This configuration file has the following settings for oc-chef-pedant
:
oc_chef_pedant['debug_org_creation']
false
.oc_chef_pedant['dir']
The working directory. The default value is the recommended value. Default value:
'/var/opt/opscode/oc-chef-pedant'
oc_chef_pedant['log_directory']
The directory in which log data is stored. The default value is the recommended value. Default value:
'/var/log/opscode/oc-chef-pedant'
oc_chef_pedant['log_http_requests']
http-traffic.log
that is located in the path specified by log_directory
. Default value: true
.oc_chef_pedant['log_rotation']
The log rotation policy for this service. Log files are rotated when they exceed file_maxbytes
. The maximum number of log files in the rotation is defined by num_to_keep
. Default value:
{ 'file_maxbytes' => 104857600, 'num_to_keep' => 10 }
The oc-id service enables OAuth 2.0 authentication to the Chef server by external applications, including Chef Supermarket and Chef Analytics. OAuth 2.0 uses token-based authentication, where external applications use tokens that are issued by the oc-id provider. No special credentials—webui_priv.pem
or privileged keys—are stored on the external application.
This configuration file has the following settings for oc-id
:
oc_id['administrators']
['user1', 'user2']
. Default value: [ ]
.oc_id['applications']
A Hash that contains OAuth 2 application information. Default value: { }
.
To define OAuth 2 information for Chef Supermarket, create a Hash similar to:
oc_id['applications'] ||= {} oc_id['applications']['supermarket'] = { 'redirect_uri' => 'https://supermarket.mycompany.com/auth/chef_oauth2/callback' }
To define OAuth 2 information for Chef Analytics, create a Hash similar to:
oc_id['applications'] ||= {} oc_id['applications']['analytics'] = { 'redirect_uri' => 'https://analytics.rhel.aws' }
oc_id['db_pool_size']
'20'
.oc_id['dir']
oc_id['enable']
true
.oc_id['ha']
topology
is set to ha
, this setting defaults to true
. Default value: false
.oc_id['log_directory']
'/var/opt/opscode/oc_id'
.oc_id['log_rotation']
The log rotation policy for this service. Log files are rotated when they exceed file_maxbytes
. The maximum number of log files in the rotation is defined by num_to_keep
. Default value:
{ 'file_maxbytes' => 104857600, 'num_to_keep' => 10 }
oc_id['num_to_keep']
10
.oc_id['port']
9090
.oc_id['sql_database']
oc_id
.oc_id['sql_password']
sql_user
. Default value: snakepliskin
.oc_id['sql_user']
sql_database
. Default value: oc_id
.oc_id['vip']
'127.0.0.1'
.This configuration file has the following settings for opscode-chef-mover
:
opscode_chef_mover['bulk_fetch_batch_size']
'5'
.opscode_chef_mover['cache_ttl']
'3600'
.opscode_chef_mover['db_pool_size']
'5'
.opscode_chef_mover['data_dir']
The directory in which on-disk data is stored. The default value is the recommended value. Default value:
'/var/opt/opscode/opscode-chef-mover/data'
opscode_chef_mover['dir']
The working directory. The default value is the recommended value. Default value:
'/var/opt/opscode/opscode-chef-mover'
opscode_chef_mover['enable']
true
.opscode_chef_mover['ha']
topology
is set to ha
, this setting defaults to true
. Default value: false
.opscode_chef_mover['ibrowse_max_pipeline_size']
1
.opscode_chef_mover['ibrowse_max_sessions']
256
.opscode_chef_mover['log_directory']
The directory in which log data is stored. The default value is the recommended value. Default value:
'/var/log/opscode/opscode-chef-mover'
opscode_chef_mover['log_rotation']
The log rotation policy for this service. Log files are rotated when they exceed file_maxbytes
. The maximum number of log files in the rotation is defined by num_to_keep
. Default value:
{ 'file_maxbytes' => 104857600, 'num_to_keep' => 10 }
opscode_chef_mover['max_cache_size']
'10000'
.opscode_chef_mover['solr_http_cull_interval']
'{1, min}'
.opscode_chef_mover['solr_http_init_count']
25
.opscode_chef_mover['solr_http_max_age']
'{70, sec}'
.opscode_chef_mover['solr_http_max_connection_duration']
'{70, sec}'
.opscode_chef_mover['solr_http_max_count']
100
.opscode_chef_mover['solr_ibrowse_options']
'[{connect_timeout, 10000}]'
.opscode_chef_mover['solr_timeout']
30000
.The opscode-erchef service is an Erlang-based service that is used to handle Chef server API requests to the following areas within the Chef server:
This configuration file has the following settings for opscode-erchef
:
opscode_erchef['auth_skew']
900
.opscode_erchef['authz_fanout']
20
.opscode_erchef['authz_timeout']
2000
.opscode_erchef['base_resource_url']
:host_header
to ensure the URL is derived from the host header of the incoming HTTP request. Default value: :host_header
.opscode_erchef['bulk_fetch_batch_size']
/search
endpoint in the Chef server API. The default value is the recommended value. Default value: 5
.opscode_erchef['cache_ttl']
3600
.opscode_erchef['cleanup_batch_size']
0
.opscode_erchef['couchdb_max_conn']
'100'
.opscode_erchef['db_pool_size']
20
.opscode_erchef['depsolver_timeout']
'5000'
.opscode_erchef['depsolver_worker_count']
pgrep -fl depselector
command to verify the number of depsolver workers that are running. If you are seeing 503 service unavailable errors, increase this value. Default value: '5'
.opscode_erchef['dir']
/var/opt/opscode/opscode-erchef
.opscode_erchef['enable']
true
.opscode_erchef['enable_actionlog']
false
.opscode_erchef['ha']
topology
is set to ha
, this setting defaults to true
. Default value: false
.opscode_erchef['ibrowse_max_pipeline_size']
1
.opscode_erchef['ibrowse_max_sessions']
256
.opscode_erchef['listen']
127.0.0.1
.opscode_erchef['log_directory']
/var/log/opscode/opscode-erchef
.opscode_erchef['log_rotation']
The log rotation policy for this service. Log files are rotated when they exceed file_maxbytes
. The maximum number of log files in the rotation is defined by num_to_keep
. Default value:
{ 'file_maxbytes' => 104857600, 'num_to_keep' => 10 }
opscode_erchef['max_cache_size']
10000
.opscode_erchef['max_request_size']
1000000
.opscode_erchef['nginx_bookshelf_caching']
:on
, Nginx serves up the cached content instead of forwarding the request. Default value: :off
.opscode_erchef['port']
8000
.opscode_erchef['root_metric_key']
chefAPI
.opscode_erchef['s3_bucket']
bookshelf['vip']
, for the endpoint used by the chef-client; bookshelf['external_url']
, for the endpoint used by the Chef server; bookshelf['access_key_id']
, for user access key; bookshelf['secret_access_key']
, for secret key; and opscode_erchef['s3_bucket']
, for the bucket name. Reconfigure the Chef server after changing these settings. Default value: bookshelf
.opscode_erchef['s3_parallel_ops_fanout']
20
.opscode_erchef['s3_parallel_ops_timeout']
5000
.opscode_erchef['s3_url_expiry_window_size']
15m
(fifteen minutes) or a percentage of the value of s3_url_ttl
, i.e. 10%
. Default value: :off
.opscode_erchef['s3_url_ttl']
28800
.opscode_erchef['strict_search_result_acls']
Use to specify that search results only return objects to which an actor (user, client, etc.) has read access, as determined by ACL settings. This affects all searches. When true
, the performance of the Chef management console may increase because it enables the Chef management console to skip redundant ACL checks. To ensure the Chef management console is configured properly, after this setting has been applied with a chef-server-ctl reconfigure
run chef-manage-ctl reconfigure
to ensure the Chef management console also picks up the setting. Default value: false
.
Warning
When true
, opscode_erchef['strict_search_result_acls']
affects all search results and any actor (user, client, etc.) that does not have read access to a search result will not be able to view it. For example, this could affect search results returned during chef-client runs if a chef-client does not have permission to read the information.
opscode_erchef['udp_socket_pool_size']
20
.opscode_erchef['umask']
0022
.opscode_erchef['validation_client_name']
chef-validator
.opscode_erchef['vip']
127.0.0.1
.The opscode-expander service is used to process data (pulled from the rabbitmq service’s message queue) so that it can be properly indexed by the opscode-solr4 service.
This configuration file has the following settings for opscode-expander
:
opscode_expander['consumer_id']
default
.opscode_expander['dir']
The working directory. The default value is the recommended value. Default value:
/var/opt/opscode/opscode-expander
opscode_expander['enable']
true
.opscode_expander['ha']
topology
is set to ha
, this setting defaults to true
. Default value: false
.opscode_expander['log_directory']
The directory in which log data is stored. The default value is the recommended value. Default value:
/var/log/opscode/opscode-expander
opscode_expander['log_rotation']
The log rotation policy for this service. Log files are rotated when they exceed file_maxbytes
. The maximum number of log files in the rotation is defined by num_to_keep
. Default value:
{ 'file_maxbytes' => 104857600, 'num_to_keep' => 10 }
opscode_expander['nodes']
2
.opscode_expander['reindexer_log_directory']
The directory in which opscode-expander-reindexer
logs files are located. Default value:
/var/log/opscode/opscode-expander-reindexer
The opscode-solr4 service is used to create the search indexes used for searching objects like nodes, data bags, and cookbooks. (This service ensures timely search results via the Chef server API; data that is used by the Chef platform is stored in PostgreSQL.)
This configuration file has the following settings for opscode-solr4
:
opscode_solr4['auto_soft_commit']
1000
.opscode_solr4['commit_interval']
60000
(every 60 seconds).opscode_solr4['data_dir']
The directory in which on-disk data is stored. The default value is the recommended value. Default value:
/var/opt/opscode/opscode-solr4/data
opscode_solr4['dir']
The working directory. The default value is the recommended value. Default value:
/var/opt/opscode/opscode-solr4
opscode_solr4['enable']
true
.opscode_solr4['ha']
topology
is set to ha
, this setting defaults to true
. Default value: false
.opscode_solr4['heap_size']
nil
, which is equivalent to 25% of the system memory or 1024 (MB, but this setting is specified as an integer number of MB in EC11), whichever is smaller.opscode_solr4['ip_address']
127.0.0.1
.opscode_solr4['java_opts']
JAVA_OPTS
environment variables to be set. (-XX:NewSize
is configured using the new_size
setting.) Default value: ' '
(empty).opscode_solr4['log_directory']
The directory in which log data is stored. The default value is the recommended value. Default value:
/var/log/opscode/opscode-solr4
opscode_solr4['log_rotation']
The log rotation policy for this service. Log files are rotated when they exceed file_maxbytes
. The maximum number of log files in the rotation is defined by num_to_keep
. Default value:
{ 'file_maxbytes' => 104857600, 'num_to_keep' => 10 }
opscode_solr4['max_commit_docs']
1000
(every 1000 documents).opscode_solr4['max_field_length']
100000
(increased from the Apache Solr default value of 10000
).opscode_solr4['max_merge_docs']
2147483647
.opscode_solr4['merge_factor']
15
.opscode_solr4['new_size']
-XX:NewSize
JAVA_OPTS
environment variable. Default value: nil
.opscode_solr4['poll_seconds']
20
.opscode_solr4['port']
8983
.opscode_solr4['ram_buffer_size']
100
.opscode_solr4['url']
'http://localhost:8983/solr'
.opscode_solr4['vip']
127.0.0.1
.The postgresql service is used to store node, object, and user data.
This configuration file has the following settings for postgresql
:
postgresql['checkpoint_completion_target']
0.5
, then a checkpoint attempts to finish before 50% of the next checkpoint is done. Default value: 0.5
.postgresql['checkpoint_segments']
3
.postgresql['checkpoint_timeout']
5min
.postgresql['checkpoint_warning']
30s
.postgresql['data_dir']
The directory in which on-disk data is stored. The default value is the recommended value. Default value:
/var/opt/opscode/postgresql/#{node['private_chef']['postgresql']['version']}/data
postgresql['db_superuser']
postgresql['external']
is set to true
. The PostgreSQL user name. This user must be granted either the CREATE ROLE
and CREATE DATABASE
permissions in PostgreSQL or be granted SUPERUSER
permission. This user must also have an entry in the host-based authentication configuration file used by PostgreSQL (traditionally named pg_hba.conf
). Default value: 'superuser_userid'
.postgresql['db_superuser_password']
postgresql['external']
is set to true
. The password for the user specified by postgresql['db_superuser']
. Default value: 'the password'
.postgresql['dir']
The working directory. The default value is the recommended value. Default value:
/var/opt/opscode/postgresql/#{node['private_chef']['postgresql']['version']}
postgresql['effective_cache_size']
postgresql['enable']
true
.postgresql['external']
true
to run PostgreSQL external to the Chef server. Must be set once only on a new installation of the Chef server before the first chef-server-ctl reconfigure
command is run. If this is set after a reconfigure or set to false
, any reconfigure of the Chef server will return an error. Default value: false
.postgresql['ha']
topology
is set to ha
, this setting defaults to true
. Default value: false
.postgresql['home']
/var/opt/opscode/postgresql
.postgresql['keepalives_count']
2
.postgresql['keepalives_idle']
60
.postgresql['keepalives_interval']
15
.postgresql['listen_address']
localhost
.postgresql['log_directory']
The directory in which log data is stored. The default value is the recommended value. Default value:
/var/log/opscode/postgresql/#{node['private_chef']['postgresql']['version']}
postgresql['log_min_duration_statement']
-1
(disabled, do not log any statements), 0
(log every statement), or an integer greater than zero. When the integer is greater than zero, this value is the amount of time (in milliseconds) that a query statement must have run before it is logged. Default value: -1
.postgresql['log_rotation']
The log rotation policy for this service. Log files are rotated when they exceed file_maxbytes
. The maximum number of log files in the rotation is defined by num_to_keep
. Default value:
{ 'file_maxbytes' => 104857600, 'num_to_keep' => 10 }
postgresql['max_connections']
350
.postgresql['md5_auth_cidr_addresses']
trust_auth_cidr_addresses
to encrypt passwords using MD5 hashes. Default value: [ '127.0.0.1/32', '::1/128' ]
.postgresql['port']
postgresql['external']
is set to true
. The port on which the service is to listen. The port used by PostgreSQL if that port is not 5432. Default value: 5432
.postgresql['shared_buffers']
The amount of memory that is dedicated to PostgreSQL for data caching. Default value:
#{(node['memory']['total'].to_i / 4) / (1024)}MB
postgresql['shell']
/bin/sh
.postgresql['shmall']
4194304
.postgresql['shmmax']
17179869184
.postgresql['sql_password']
snakepliskin
.postgresql['sql_ro_password']
shmunzeltazzen
.postgresql['sql_ro_user']
opscode_chef_ro
.postgresql['sql_user']
opscode_chef
.postgresql['trust_auth_cidr_addresses']
md5_auth_cidr_addresses
. Default value: '127.0.0.1/32', '::1/128'
.postgresql['user_path']
Default value:
/opt/opscode/embedded/bin:/opt/opscode/bin:$PATH
postgresql['username']
opscode-pgsql
.postgresql['version']
'9.2'
.postgresql['vip']
postgresql['external']
is set to true
. The virtual IP address. The host for this IP address must be online and reachable from the Chef server via the port specified by postgresql['port']
. Default value: 127.0.0.1
. Set this value to the IP address or hostname for the machine on which external PostgreSQL is located when postgresql['external']
is set to true
.postgresql['work_mem']
8MB
.The rabbitmq service is used to provide the message queue that is used by the Chef server to get search data to Apache Solr so that it can be indexed for search. When Chef Analytics is confiugred, the rabbitmq service is also used to send data from the Chef server to the Chef Analytics server.
This configuration file has the following settings for rabbitmq
:
rabbitmq['actions_exchange']
'actions'
.rabbitmq['actions_password']
actions_user
. Default value: 'changeme'
.rabbitmq['actions_user']
'actions'
.rabbitmq['actions_vhost']
'/analytics'
.rabbitmq['analytics_max_length']
10000
.rabbitmq['consumer_id']
'hotsauce'
.rabbitmq['data_dir']
'/var/opt/opscode/rabbitmq/db'
.rabbitmq['dir']
'/var/opt/opscode/rabbitmq'
.rabbitmq['drop_on_full_capacity']
true
.rabbitmq['enable']
true
.rabbitmq['ha']
topology
is set to ha
, this setting defaults to true
. Default value: false
.rabbitmq['jobs_password']
'workcomplete'
.rabbitmq['jobs_user']
'jobs'
.rabbitmq['jobs_vhost']
'/jobs'
.rabbitmq['log_directory']
'/var/log/opscode/rabbitmq'
.rabbitmq['log_rotation']
The log rotation policy for this service. Log files are rotated when they exceed file_maxbytes
. The maximum number of log files in the rotation is defined by num_to_keep
. Default value:
{ 'file_maxbytes' => 104857600, 'num_to_keep' => 10 }
rabbitmq['management_enabled']
true
.rabbitmq['management_password']
'chefrocks'
.rabbitmq['management_port']
15672
.rabbitmq['management_user']
'rabbitmgmt'
.rabbitmq['node_ip_address']
The bind IP address for RabbitMQ. Default value: '127.0.0.1'
.
Chef Analytics uses the same RabbitMQ service that is configured on the Chef server. When the Chef Analytics server is configured as a standalone server, the default settings for rabbitmq['node_ip_address']
and rabbitmq['vip']
must be updated. When the Chef Analytics server is configured as a standalone server, change this value to 0.0.0.0
.
rabbitmq['node_port']
'5672'
.rabbitmq['nodename']
'rabbit@localhost'
.rabbitmq['password']
'chefrocks'
.rabbitmq['prevent_erchef_startup_on_full_capacity']
false
.rabbitmq['queue_at_capacity_affects_overall_status']
_status
endpoint in the Chef server API will fail if the monitored queue is at capacity. Default value: false
.rabbitmq['queue_length_monitor_enabled']
true
.rabbitmq['queue_length_monitor_millis']
30000
.rabbitmq['queue_length_monitor_timeout_millis']
5000
.rabbitmq['queue_length_monitor_queue']
'alaska'
.rabbitmq['queue_length_monitor_vhost']
'/analytics'
.rabbitmq['rabbit_mgmt_http_cull_interval']
60
.rabbitmq['rabbit_mgmt_http_init_count']
25
.rabbitmq['rabbit_mgmt_http_max_age']
70
.rabbitmq['rabbit_mgmt_http_max_connection_duration']
70
.rabbitmq['rabbit_mgmt_http_max_count']
100
.rabbitmq['rabbit_mgmt_ibrowse_options']
'{connect_timeout, 10000}'
.rabbitmq['rabbit_mgmt_timeout']
30000
.rabbitmq['reindexer_vhost']
'/reindexer'
.rabbitmq['ssl_versions']
['tlsv1.2', 'tlsv1.1']
.rabbitmq['user']
'chef'
.rabbitmq['vhost']
'/chef'
.rabbitmq['vip']
The virtual IP address. Default value: '127.0.0.1'
.
Chef Analytics uses the same RabbitMQ service that is configured on the Chef server. When the Chef Analytics server is configured as a standalone server, the default settings for rabbitmq['node_ip_address']
and rabbitmq['vip']
must be updated. When the Chef Analytics server is configured as a standalone server, this value should be updated to be the backend VIP address for the Chef server.
Key-value store used in conjunction with Nginx to route requests and populate request data used by the Chef server.
This configuration file has the following settings for redis_lb
:
redis_lb['activerehashing']
'no'
.redis_lb['aof_rewrite_min_size']
'16mb'
.redis_lb['aof_rewrite_percent']
'50'
.redis_lb['appendfsync']
no
(don’t fsync, let operating system flush data), always
(fsync after every write to the append-only log file), and everysec
(fsync only once time per second). Default value: 'always'
.redis_lb['appendonly']
yes
to dump data to an append-only log file. Default value: 'no'
.redis_lb['bind']
'127.0.0.1'
.redis_lb['data_dir']
'/var/opt/opscode/redis_lb/data'
.redis_lb['databases']
'16'
.redis_lb['dir']
'/var/opt/opscode/redis_lb'
.redis_lb['enable']
true
.redis_lb['ha']
topology
is set to ha
, this setting defaults to true
. Default value: false
.redis_lb['keepalive']
'60'
.redis_lb['log_directory']
'/var/log/opscode/redis_lb'
.redis_lb['log_rotation']
The log rotation policy for this service. Log files are rotated when they exceed file_maxbytes
. The maximum number of log files in the rotation is defined by num_to_keep
. Default value:
{ 'file_maxbytes' => 104857600, 'num_to_keep' => 10 }
redis_lb['loglevel']
debug
, notice
, verbose
, and warning
. Default value: 'notice'
.redis_lb['maxmemory']
'8m'
.redis_lb['maxmemory_policy']
allkeys-lru
(remove keys, starting with those used least frequently), allkeys-random
(remove keys randomly), noeviction
(don’t expire, return an error on write operation), volatile-lru
(remove expired keys, starting with those used least frequently), volatile-random
(remove expired keys randomly), and volatile-ttl
(remove keys, starting with nearest expired time). Default value: 'noeviction'
.redis_lb['port']
'16379'
.redis_lb['save_frequency']
Set the save frequency. Pattern: { "seconds" => "keys", "seconds" => "keys", "seconds" => "keys" }
. Default value:
{ '900' => '1', '300' => '10', '60' => '1000' }
Which saves the database every 15 minutes if at least one key changes, every 5 minutes if at least 10 keys change, and every 60 seconds if 10000 keys change.
redis_lb['timeout']
'300'
.redis_lb['vip']
'127.0.0.1'
.This configuration file has the following settings for upgrades
:
upgrades['dir']
'/var/opt/opscode/upgrades'
.This configuration file has the following settings for user
:
user['home']
/opt/opscode/embedded
.user['shell']
/bin/sh
.user['username']
opscode
.
© Chef Software, Inc.
Licensed under the Creative Commons Attribution 3.0 Unported License.
The Chef™ Mark and Chef Logo are either registered trademarks/service marks or trademarks/servicemarks of Chef, in the United States and other countries and are used with Chef Inc's permission.
We are not affiliated with, endorsed or sponsored by Chef Inc.
https://docs-archive.chef.io/release/server_12-8/config_rb_server_optional_settings.html