Meta tags:
description= The server configuration file contains a list of all configuration
options that are available for the Chef Infra Server. Some of these
values should be modified for large-scale installations.;
Headings (most frequently used words):
tuning, server, customize, the, config, file, recommended, settings, optional, services, use, conditions, ssl, protocols, bookshelf, opscode, erchef, postgresql,
Text of the page (most frequently used words):
chef (176), the (111), #server (58), infra (50), and (46), overview (46), install (32), for (30), automate (30), builder (30), version (29), deployment (28), settings (25), aws (24), value (23), configure (23), about (22), with (20), habitat (20), postgresql (19), default (19), configuration (19), are (18), client (18), node (18), api (18), supermarket (18), upgrade (18), config (17), manage (17), tuning (16), this (16), management (16), nginx (16), packages (16), prem (16), services (14), file (14), backend (14), users (14), reference (14), use (13), community (13), service (13), used (12), setting (12), ctl (12), nodes (12), workstation (12), license (12), 360 (12), managed (12), ssl (11), when (11), end (11), set (11), that (10), compliance (10), platform (10), backup (10), restore (10), effortless (10), recovery (10), create (10), saas (10), started (10), opensearch (10), database (10), all (9), example (9), front (9), add (9), following (9), certificate (9), certificates (9), opscode (8), security (8), supported (8), high (8), update (8), data (8), cloud (8), resources (8), prerequisites (8), origin (8), disaster (8), system (8), requirements (8), desktop (8), guide (8), iam (8), page (7), modified (7), erchef (7), cluster (7), tlsv1 (7), using (7), not (6), feedback (6), should (6), connections (6), from (6), user (6), console (6), private (6), files (6), ipv6 (6), availability (6), cookbooks (6), audit (6), migrate (6), inspec (6), log (6), style (6), cookstyle (6), package (6), troubleshooting (6), logs (6), get (6), integrations (6), dashboard (6), applications (6), enterprise (6), policy (5), terms (5), licensing (5), bookshelf (5), optional (5), support (5), values (5), these (5), machines (5), runs (5), opscode_erchef (5), often (5), effort (5), search (5), etc (5), ssl_ciphers (5), progress (4), trademarks (4), your (4), non (4), run (4), then (4), number (4), max_connections (4), part (4), performance (4), increase (4), reconfigure (4), fqdn (4), ssl_protocols (4), list (4), key (4), back (4), frontend (4), send (4), downloads (4), uninstall (4), organizations (4), groups (4), roles (4), saml (4), ldap (4), resource (4), packs (4), profiles (4), local (4), download (4), apis (4), upgrades (4), monitor (4), quick (4), start (4), deprecations (4), cops (4), firewalls (4), ports (4), authentication (4), authorization (4), core (4), origins (4), profile (4), minio (4), single (4), cookbook (4), application (4), enrollment (4), setup (4), infrastructure (4), getting (4), migration (4), courier (4), tokens (4), jobs (4), app (4), integration (4), external (4), elasticsearch (4), amazon (4), a2ha (4), premises (4), platforms (4), edition (4), product (3), names (3), its (3), any (3), does (3), protocols (3), recommended (3), conditions (3), customize (3), table (3), contents (3), can (3), github (3), help (3), contains (3), only (3), added (3), ruby (3), which (3), 350 (3), what (3), increased (3), each (3), machine (3), also (3), results (3), read (3), view (3), during (3), information (3), true (3), ensure (3), necessary (3), note (3), tls (3), macos (3), windows (3), versions (3), rc4 (3), ssl_certificate_key (3), verify (3), ssl_certificate (3), docs (3), bootstrap (3), specific (3), available (3), large (3), scale (3), content (3), herein (2), software (2), corporation (2), subsidiaries (2), affiliates (2), other (2), see (2), rights (2), reserved (2), their (2), respective (2), owners (2), 2026 (2), how (2), improve (2), document (2), contact (2), apply (2), command (2), there (2), formula (2), reporting (2), always (2), allowed (2), tuned (2), more (2), running (2), db_pool_size (2), affects (2), actor (2), have (2), access (2), strict_search_result_acls (2), specify (2), has (2), acl (2), skip (2), after (2), out (2), failures (2), must (2), installations (2), releases (2), secure (2), later (2), psk (2), sslv2 (2), seed (2), camellia (2), anull (2), adh (2), enull (2), exp (2), medium (2), low (2), kedh (2), nil (2), communication (2), https (2), pki (2), name (2), man1 (2), com (2), ipv4 (2), equal (2), api_fqdn (2), here (2), role_name (2), case (2), servers (2), different (2), topic (2), environments (2), bags (2), clients (2), active (2), directory (2), legacy (2), azure (2), remediation (2), release (2), notes (2), share (2), scaffolding (2), variables (2), pattern (2), attributehelper (2), attributedefault (2), useplatformhelpers (2), unnecessaryplatformcasestatement (2), unnecessaryoscheck (2), trueclassfalseclassresourceproperties (2), simplifyplatformmajorversioncheck (2), overlycomplexsupportsdependsmetadata (2), negatingonlyif (2), includerecipewithparentheses (2), immediatenotificationtiming (2), filemode (2), defaultcopyrightcomments (2), copyrightcommentformat (2), commentsentencespacing (2), commentformat (2), chefwhaaat (2), attributekeys (2), invalidlicensestring (2), insecurecookbookurl (2), includeresourceexamples (2), includeresourcedescriptions (2), includepropertydescriptions (2), emptymetadatafield (2), defaultmetadatamaintainer (2), sharing (2), sshprivatekey (2), unlessdefinedrequire (2), requirenethttps (2), legacypowershelloutmethods (2), gemspecrequirerubygems (2), gemspeclicense (2), usecreateifmissing (2), unnecessarynameproperty (2), unnecessarydesiredstate (2), suggestsmetadata (2), stringpropertywithnildefault (2), sensitivepropertyinresource (2), resourcewithnothingaction (2), replacesmetadata (2), recipemetadata (2), providesmetadata (2), propertywithrequiredanddefault (2), propertysplatregex (2), ohaiattributetostring (2), namepropertyisrequired (2), multipleplatformchecks (2), longdescriptionmetadata (2), groupingmetadata (2), doublecompiletime (2), customresourcewithallowedactions (2), conflictsmetadata (2), attributemetadata (2), aptrepositorynotifiesaptupdate (2), aptrepositorydistributiondefault (2), redundantcode (2), zipfileresource (2), windowszipfileusage (2), windowsscresource (2), windowsregistryuac (2), whyrunsupportedtrue (2), useszypperrepo (2), userequirerelative (2), usemultipackageinstalls (2), usecheflanguagesystemdhelper (2), usecheflanguageenvhelpers (2), usecheflanguagecloudhelpers (2), usebuildessentialresource (2), unnecessarymixlibshelloutrequire (2), unnecessarydependschef15 (2), unnecessarydependschef14 (2), sysctlparamresource (2), simplifyaptppasetup (2), shellouttochocolatey (2), shellouthelper (2), sevenziparchiveresource (2), setorreturninresources (2), respondtoresourcename (2), respondtoprovides (2), respondtoinmetadata (2), respondtocompiletime (2), resourcenamefrominitialize (2), resourceforcingcompiletime (2), providesfrominitialize (2), propertywithnameattribute (2), powershellscriptexpandarchive (2), powershellinstallwindowsfeature (2), powershellinstallpackage (2), powershellguardinterpreter (2), osxconfigprofileresource (2), opensslx509resource (2), opensslrsakeyresource (2), noderolesinclude (2), nodeinitpackage (2), minitesthandlerusage (2), macosxuserdefaults (2), libarchivefileresource (2), legacyberksfilesource (2), includingwindowsdefaultrecipe (2), includingohaidefaultrecipe (2), includingmixinshelloutinresources (2), includingaptdefaultrecipe (2), ifprovidesdefaultaction (2), foodcriticcomments (2), executetzutil (2), executesysctl (2), executesleep (2), executescexe (2), executeaptupdate (2), emptyresourceinitializemethod (2), dslincludeinresource (2), dependsonzyppercookbook (2), dependsonwindowsfirewallcookbook (2), dependsontimezonelwrpcookbook (2), dependsonopensslcookbook (2), dependsonlocalecookbook (2), dependsonkernelmodulecookbook (2), dependsonchocolateycookbooks (2), dependsonchefvaultcookbook (2), definitions (2), defineschefspecmatchers (2), defaultactionfrominitialize (2), declareactionclass (2), databaghelpers (2), customresourcewithattributes (2), cronmanageresource (2), crondfileortemplate (2), conditionalusingtest (2), classevalactionclass (2), chefgemnokogiri (2), allowedactionsfrominitialize (2), actionmethodinresource (2), modernize (2), searchforenvironmentsorroles (2), dependschefvault (2), cookbookusessearch (2), cookbookusesroles (2), cookbookusespolicygroups (2), cookbookusesenvironments (2), cookbookusesdatabags (2), chefvaultused (2), berksfile (2), windowsversionhelpers (2), windowstaskchangeaction (2), windowspackageinstallertypestring (2), windowsfeatureservermanagercmd (2), verifypropertyusesfileexpansion (2), useyamldump (2), usesruncommandhelper (2), usesdeprecatedmixins (2), useschefresthelpers (2), userdeprecatedsupportsproperty (2), useinlineresourcesdefined (2), useautomaticresourcename (2), searchusespositionalparameters (2), rubyblockcreateaction (2), ruby27keywordargumentwarnings (2), resourcewithoutunifiedtrue (2), resourceusesupdatedmethod (2), resourceusesproviderbasemethod (2), resourceusesonlyresourcename (2), resourceusesdslnamemethod (2), resourceoverridesprovidesmethod (2), resourceinheritsfromcompatresource (2), requirerecipe (2), powershellcookbookhelpers (2), policyfilecommunitysource (2), poisearchiveusage (2), partialsearchhelperusage (2), partialsearchclassusage (2), nodesetwithoutlevel (2), nodesetunless (2), nodeset (2), nodemethodsinsteadofattributes (2), nodedeepfetch (2), namepropertywithdefaultvalue (2), macosuserdefaultsglobalproperty (2), logresourcenotifications (2), localedeprecatedlcallproperty (2), librarianchefspec (2), legacyyumcookbookrecipes (2), legacynotifysyntax (2), launchddeprecatedhashproperty (2), includingyumdnfcompatrecipe (2), includingxmlrubyrecipe (2), hwrpwithoutunifiedtrue (2), hwrpwithoutprovides (2), foodcritictesting (2), foodcriticfile (2), executerelativecreateswithoutcwd (2), executepathproperty (2), erlcallresource (2), epicfail (2), eolauditmodeusage (2), easyinstallresource (2), deprecatedyumrepositoryproperties (2), deprecatedyumrepositoryactions (2), deprecatedwindowsversioncheck (2), deprecatedsudoactions (2), deprecatedshelloutmethods (2), deprecatedplatformmethods (2), deprecatedchefspecplatform (2), dependsonomnibusupdatercookbook (2), dependsonchefreportingcookbook (2), dependsonchefnginxcookbook (2), delivery (2), cookbooksdependsonself (2), cookbookdependsonpoise (2), cookbookdependsonpartialsearch (2), cookbookdependsoncompatresource (2), chocolateypackageuninstallaction (2), chefwindowsplatformhelper (2), chefsugarhelpers (2), chefspeclegacyrunner (2), chefspeccoveragereport (2), chefshellout (2), chefrewind (2), chefhandlerusessupports (2), chefhandlerrecipe (2), cheffile (2), chefdkgenerators (2), tmppath (2), supportsmustbefloat (2), serviceresource (2), scopedfileexist (2), resourcewithnoneaction (2), resourcesetsnameproperty (2), resourcesetsinternalproperties (2), propertywithouttype (2), powershellscriptdeletefile (2), powershellfileexists (2), opensslpasswordhelpers (2), octalmodeasstring (2), notifiesactionnotsymbol (2), nodenormalunless (2), nodenormal (2), metadatamissingversion (2), metadatamissingname (2), metadatamalformeddepends (2), malformedplatformvalueforplatformhelper (2), macosuserdefaultsinvalidtype (2), lazyinresourceguard (2), lazyevalnodeattributedefaults (2), invalidversionmetadata (2), invalidplatformvalueforplatformhelper (2), invalidplatformvalueforplatformfamilyhelper (2), invalidplatformmetadata (2), invalidplatformincase (2), invalidplatformhelper (2), invalidplatformfamilyincase (2), invalidplatformfamilyhelper (2), invalidnotificationtiming (2), invalidnotificationresource (2), invaliddefaultaction (2), invalidcookbookname (2), incorrectlibraryinjection (2), emptyresourceguard (2), dnfpackageallowdowngrades (2), cookbookusesnodesave (2), conditionalrubyshellout (2), chefapplicationfatal (2), blockguardwithonlystring (2), correctness (2), v25 (2), v26 (2), failure (2), usage (2), tiered (2), installation (2), airgap (2), capacity (2), planning (2), plan (2), base (2), 2025 (2), refresh (2), strategy (2), account (2), membership (2), rbac (2), keys (2), rotate (2), certs (2), separate (2), artifactory (2), artifact (2), store (2), warm (2), spare (2), env (2), connect (2), windows_update_settings (2), windows_power_management (2), windows_password_policy (2), windows_ie_esc (2), windows_firewall (2), windows_disk_encryption (2), windows_desktop_winrm_settings (2), windows_desktop_screensaver (2), windows_defender_exclusion (2), windows_defender (2), windows_choco_installer (2), windows_automatic_logout (2), windows_app_management (2), windows_admin_control (2), rescue_account (2), macos_power_management (2), macos_password_policy (2), macos_firewall (2), macos_disk_encryption (2), macos_desktop_screensaver (2), macos_automatic_software_updates (2), macos_automatic_logout (2), macos_app_management (2), macos_admin_control (2), zero (2), touch (2), redirect (2), sso (2), opsworks (2), skills (2), administration (2), guides (2), enroll (2), clis (2), san (2), best (2), practices (2), feature (2), flags (2), cli (2), architecture (2), administrator (2), incident (2), servicenow (2), marketplace (2), scan (2), reports (2), eas (2), event (2), feed (2), teams (2), policies (2), actions (2), projects (2), credentials (2), lifecycle (2), feeds (2), notifications (2), cleanup (2), monitoring (2), centralize (2), report (2), ingestion (2), invalid (2), login (2), attempts (2), telemetry (2), session (2), timeout (2), disclosure (2), panel (2), banner (2), collection (2), topics (2), manager (2), bastion (2), new (2), sudo (2), password (2), rds (2), vpc (2), cidr (2), load (2), balancer (2), faqs (2), benchmarks (2), rotation (2), self (2), signed (2), custom (2), bootstrapping (2), commands (2), generation (2), remove (2), place (2), existing (2), efs (2), object (2), storage (2), filesystem (2), customer (2), airgapped (2), tutorial (2), shortcodes (2), matter (2), reuse (2), hugo (2), procedures (2), tables (2), headings (2), notices (2), markdown (2), lists (2), linking (2), formatting (2), tools (2), house (2), contribute (2), guidelines (2), contributions (2), commercial (2), script (2), accept (2), training (2), blog (2), main (2), certain, registered, one, countries, appropriate, markings, contained, inclusion, imply, endorsement, affiliation, sponsorship, between, copyright, last, february, cookie, privacy, trademark, site, map, thank, you, submit, fill, field, ask, still, stuck, edit, yes, was, helpful, built, into, processed, means, conditional, statements, within, 550, current, four, ons, installed, looks, like, new_value, current_value, determine, requires, above, adds, oc_bifrost, maximum, concurrent, than, two, depends, but, result, will, able, could, affect, returned, permission, warning, return, objects, determined, searches, may, because, enables, redundant, checks, configured, properly, been, applied, picks, false, amount, time, seconds, before, expire, timing, adjust, again, 900, 3600, s3_url_ttl, open, maintained, indicate, ran, try, increasing, persist, small, increments, virtual, address, vip, changes, made, reconfigured, larger, starting, defaults, enhanced, previous, defaulted, less, linux, unix, older, life, protocol, enabled, cipher, suites, establish, connection, favor, aes256, ecdhe, forward, drop, prefix, sha, md5, rsa, over, pem, copying, paths, those, optionally, reflect, desired, level, hardness, www, openssl, org, ciphers, html, info, notification_email, listens, communicate, configuring, sure, netmask, attribute, backend_vip, ip_version, uri, fqdns, lowercase, typically, sign, role, chefserver, statement, based, whether, exists, code, similar, general, many, cases, suggests, said, every, organization, please, don, hesitate, discuss, right, identified, particular, options, some, menu,
Text of the page (random words):
er api firewalls ports chef inspec version 7 1 version 7 0 version 6 8 version 5 24 version 5 23 resource packs chef workstation workstation v26 workstation v25 cookstyle about cookstyle cookstyle cops list cops chef correctness blockguardwithonlystring chefapplicationfatal conditionalrubyshellout cookbookusesnodesave dnfpackageallowdowngrades emptyresourceguard incorrectlibraryinjection invalidcookbookname invaliddefaultaction invalidnotificationresource invalidnotificationtiming invalidplatformfamilyhelper invalidplatformfamilyincase invalidplatformhelper invalidplatformincase invalidplatformmetadata invalidplatformvalueforplatformfamilyhelper invalidplatformvalueforplatformhelper invalidversionmetadata lazyevalnodeattributedefaults lazyinresourceguard macosuserdefaultsinvalidtype malformedplatformvalueforplatformhelper metadatamalformeddepends metadatamissingname metadatamissingversion nodenormal nodenormalunless notifiesactionnotsymbol octalmodeasstring opensslpasswordhelpers powershellfileexists powershellscriptdeletefile propertywithouttype resourcesetsinternalproperties resourcesetsnameproperty resourcewithnoneaction scopedfileexist serviceresource supportsmustbefloat tmppath chef deprecations chefdkgenerators cheffile chefhandlerrecipe chefhandlerusessupports chefrewind chefshellout chefspeccoveragereport chefspeclegacyrunner chefsugarhelpers chefwindowsplatformhelper chocolateypackageuninstallaction cookbookdependsoncompatresource cookbookdependsonpartialsearch cookbookdependsonpoise cookbooksdependsonself delivery dependsonchefnginxcookbook dependsonchefreportingcookbook dependsonomnibusupdatercookbook deprecatedchefspecplatform deprecatedplatformmethods deprecatedshelloutmethods deprecatedsudoactions deprecatedwindowsversioncheck deprecatedyumrepositoryactions deprecatedyumrepositoryproperties easyinstallresource eolauditmodeusage epicfail erlcallresource executepathproperty executerelativecreateswithoutcwd foodcriticfile foodcritictesting hwrpwithoutprovides hwrpwithoutunifiedtrue includingxmlrubyrecipe includingyumdnfcompatrecipe launchddeprecatedhashproperty legacynotifysyntax legacyyumcookbookrecipes librarianchefspec localedeprecatedlcallproperty logresourcenotifications macosuserdefaultsglobalproperty namepropertywithdefaultvalue nodedeepfetch nodemethodsinsteadofattributes nodeset nodesetunless nodesetwithoutlevel partialsearchclassusage partialsearchhelperusage poisearchiveusage policyfilecommunitysource powershellcookbookhelpers requirerecipe resourceinheritsfromcompatresource resourceoverridesprovidesmethod resourceusesdslnamemethod resourceusesonlyresourcename resourceusesproviderbasemethod resourceusesupdatedmethod resourcewithoutunifiedtrue ruby27keywordargumentwarnings rubyblockcreateaction searchusespositionalparameters useautomaticresourcename useinlineresourcesdefined userdeprecatedsupportsproperty useschefresthelpers usesdeprecatedmixins usesruncommandhelper useyamldump verifypropertyusesfileexpansion windowsfeatureservermanagercmd windowspackageinstallertypestring windowstaskchangeaction windowsversionhelpers chef effortless berksfile chefvaultused cookbookusesdatabags cookbookusesenvironments cookbookusespolicygroups cookbookusesroles cookbookusessearch dependschefvault searchforenvironmentsorroles chef modernize actionmethodinresource allowedactionsfrominitialize chefgemnokogiri classevalactionclass conditionalusingtest crondfileortemplate cronmanageresource customresourcewithattributes databaghelpers declareactionclass defaultactionfrominitialize defineschefspecmatchers definitions dependsonchefvaultcookbook dependsonchocolateycookbooks dependsonkernelmodulecookbook dependsonlocalecookbook dependsonopensslcookbook dependsontimezonelwrpcookbook dependsonwindowsfirewallcookbook dependsonzyppercookbook dslincludeinresource emptyresourceinitializemethod executeaptupdate executescexe executesleep executesysctl executetzutil foodcriticcomments ifprovidesdefaultaction includingaptdefaultrecipe includingmixinshelloutinresources includingohaidefaultrecipe includingwindowsdefaultrecipe legacyberksfilesource libarchivefileresource macosxuserdefaults minitesthandlerusage nodeinitpackage noderolesinclude opensslrsakeyresource opensslx509resource osxconfigprofileresource powershellguardinterpreter powershellinstallpackage powershellinstallwindowsfeature powershellscriptexpandarchive propertywithnameattribute providesfrominitialize resourceforcingcompiletime resourcenamefrominitialize respondtocompiletime respondtoinmetadata respondtoprovides respondtoresourcename setorreturninresources sevenziparchiveresource shellouthelper shellouttochocolatey simplifyaptppasetup sysctlparamresource unnecessarydependschef14 unnecessarydependschef15 unnecessarymixlibshelloutrequire usebuildessentialresource usecheflanguagecloudhelpers usecheflanguageenvhelpers usecheflanguagesystemdhelper usemultipackageinstalls userequirerelative useszypperrepo whyrunsupportedtrue windowsregistryuac windowsscresource windowszipfileusage zipfileresource chef redundantcode aptrepositorydistributiondefault aptrepositorynotifiesaptupdate attributemetadata conflictsmetadata customresourcewithallowedactions doublecompiletime groupingmetadata longdescriptionmetadata multipleplatformchecks namepropertyisrequired ohaiattributetostring propertysplatregex propertywithrequiredanddefault providesmetadata recipemetadata replacesmetadata resourcewithnothingaction sensitivepropertyinresource stringpropertywithnildefault suggestsmetadata unnecessarydesiredstate unnecessarynameproperty usecreateifmissing chef ruby gemspeclicense gemspecrequirerubygems legacypowershelloutmethods requirenethttps unlessdefinedrequire chef security sshprivatekey chef sharing defaultmetadatamaintainer emptymetadatafield includepropertydescriptions includeresourcedescriptions includeresourceexamples insecurecookbookurl invalidlicensestring chef style attributekeys chefwhaaat commentformat commentsentencespacing copyrightcommentformat defaultcopyrightcomments filemode immediatenotificationtiming includerecipewithparentheses negatingonlyif overlycomplexsupportsdependsmetadata simplifyplatformmajorversioncheck trueclassfalseclassresourceproperties unnecessaryoscheck unnecessaryplatformcasestatement useplatformhelpers inspec deprecations attributedefault attributehelper effortless pattern effortless overview quick start effortless audit effortless config variables and config what is scaffolding supermarket about supermarket share cookbooks private supermarket about private supermarket install configure backup and restore monitor log files upgrades reference supermarket ctl supermarket api release notes chef 360 platform chef automate chef backend chef download apis chef habitat chef infra client chef infra server chef inspec chef local license service chef manage chef migrate chef supermarket chef workstation chef compliance chef compliance audit profiles chef compliance remediation chef cloud resource packs aws cloud resources azure cloud resources legacy chef manage about the management console uninstall manage rb chef manage ctl active directory ldap configure saml clients cookbooks data bags environments nodes roles organizations groups users uninstall available on github downloads send feedback support server tuning table of contents the server configuration file contains a list of all configuration options that are available for the chef infra server some of these values should be modified for large scale installations note this topic contains general information about how settings can be tuned in many cases this topic suggests specific values to be used for tuning that said every organization and configuration is different so please don t hesitate to contact chef support to discuss your tuning effort so as to help ensure the right value is identified for any particular setting customize the config file the etc opscode chef server rb file contains all of the non default configuration settings used by the chef infra server the default settings are built into the chef infra server configuration and should only be added to the chef server rb file to apply non default values these configuration settings are processed when the chef server ctl reconfigure command is run the chef server rb file is a ruby file which means that conditional statements can be used within it use conditions use a case statement to apply different values based on whether the setting exists on the front end or back end servers add code to the server configuration file similar to the following role_name chefserver servers node fqdn role case role_name when backend backend specific configuration here when frontend frontend specific configuration here end recommended settings the following settings are typically added to the server configuration file no equal sign is necessary to set the value api_fqdn the fqdn for the chef infra server this setting is not in the server configuration file by default when added its value should be equal to the fqdn for the service uri used by the chef infra server fqdns must always be in lowercase for example api_fqdn chef example com bootstrap default value true ip_version use to set the ip version ipv4 or ipv6 when set to ipv6 the api listens on ipv6 and front end and back end services communicate using ipv6 when a high availability configuration is used when configuring for ipv6 in a high availability configuration be sure to set the netmask on the ipv6 backend_vip attribute default value ipv4 notification_email default value info example com ssl protocols the following settings are often modified from the default as part of the tuning effort for the nginx service and to configure the chef infra server to use ssl certificates note see https www openssl org docs man1 0 2 man1 ciphers html for more information about the values used with the nginx ssl_ciphers and nginx ssl_protocols settings after copying ssl certificate files to the chef infra server update the nginx ssl_certificate and nginx ssl_certificate_key settings to specify the paths to those files and then optionally update the nginx ssl_ciphers and nginx ssl_protocols settings to reflect the desired level of hardness for the chef infra server for example nginx ssl_certificate etc pki tls private name of pem nginx ssl_certificate_key etc pki tls private name of key nginx ssl_ciphers high medium low kedh anull adh enull exp sslv2 seed camellia psk nginx ssl_protocols tlsv1 2 nginx ssl_certificate the ssl certificate used to verify communication over https default value nil nginx ssl_certificate_key the certificate key used for ssl communication default value nil nginx ssl_ciphers the list of supported cipher suites that are used to establish a secure connection to favor aes256 with ecdhe forward security drop the rc4 sha rc4 md5 rc4 rsa prefix for example nginx ssl_ciphers high medium low kedh anull adh enull exp sslv2 seed camellia psk nginx ssl_protocols the ssl protocol versions that are enabled for the chef infra server api starting with chef infra server 14 3 this value defaults to tlsv1 2 for enhanced security previous releases defaulted to tlsv1 tlsv1 1 tlsv1 2 which allowed for less secure ssl connections tls 1 2 is supported on chef infra client 10 16 4 and later on linux unix and macos and on chef infra client 12 8 and later on windows if it is necessary to support these older end of life chef infra client releases set this value to tlsv1 1 tlsv1 2 optional services tuning the following settings are often used to for performance tuning of the chef infra server in larger installations note when changes are made to the chef server rb file the chef infra server must be reconfigured by running the following command chef server ctl reconfigure bookshelf the following setting is often modified from the default as part of the tuning effort for the bookshelf service bookshelf vip the virtual ip address default value node fqdn opscode erchef the following settings are often modified from the default as part of the tuning effort for the opscode erchef service opscode_erchef db_pool_size the number of open connections to postgresql that are maintained by the service if failures indicate that the opscode erchef service ran out of connections try increasing the postgresql max_connections setting if failures persist then increase this value in small increments and also increase the value for postgresql max_connections default value 20 opscode_erchef s3_url_ttl the amount of time in seconds before connections to the server expire if chef infra client runs are timing out increase this setting to 3600 and then adjust again if necessary default value 900 opscode_erchef strict_search_result_acls use to specify that search results only return objects to which an actor user client etc has read access as determined by acl settings this affects all searches when true the performance of the chef management console may increase because it enables the chef management console to skip redundant acl checks to ensure the chef management console is configured properly after this setting has been applied with a chef server ctl reconfigure run chef manage ctl reconfigure to ensure the chef management console also picks up the setting default value false warning when true opscode_erchef strict_search_result_acls affects all search results and any actor user client etc that does not have read access to a search result will not be able to view it for example this could affect search results returned during a chef infra client runs if a chef infra client does not have permission to read the information postgresql the following setting is often modified from the default as part of the tuning effort for the postgresql service postgresql max_connections the maximum number of allowed concurrent connections this value should only be tuned when the opscode_erchef db_pool_size value used by the opscode erchef service is modified default value 350 if there are more than two front end machines in a cluster the postgresql max_connections setting should be increased the increased value depends on the number of machines in the front end but also the number of services that are running on each of these machines each front end machine always runs the oc_bifrost and opscode erchef services the reporting add on adds the reporting service each of these services requires 25 connections above the default value use the following formula to help determine what the increased value should be new_value current_value of front end machines 2 25 of services for example if the current value is 350 there are four front end machines and all add ons are installed then the formula looks like 550 350 4 2 25 4 table of contents server tuning customize the config file use conditions recommended settings ssl protocols optional services tuning bookshelf opscode erchef postgresql was this page helpful yes no help us improve this document edit this page on github still s...
|
