Meta tags:
description= The server configuration file contains a list of all configuration
options that are available for the Chef Infra Server. Some of these
values should be modified for large-scale installations.;
Headings (most frequently used words):
tuning, server, customize, the, config, file, recommended, settings, optional, services, use, conditions, ssl, protocols, bookshelf, opscode, erchef, postgresql,
Text of the page (most frequently used words):
chef (176), the (111), #server (58), infra (50), and (46), overview (46), install (32), for (30), automate (30), builder (30), version (29), deployment (28), settings (25), aws (24), value (23), configure (23), about (22), with (20), habitat (20), postgresql (19), default (19), configuration (19), are (18), client (18), node (18), api (18), supermarket (18), upgrade (18), config (17), manage (17), tuning (16), this (16), management (16), nginx (16), packages (16), prem (16), services (14), file (14), backend (14), users (14), reference (14), use (13), community (13), service (13), used (12), setting (12), ctl (12), nodes (12), workstation (12), license (12), 360 (12), managed (12), ssl (11), when (11), end (11), set (11), that (10), compliance (10), platform (10), backup (10), restore (10), effortless (10), recovery (10), create (10), saas (10), started (10), opensearch (10), database (10), all (9), example (9), front (9), add (9), following (9), certificate (9), certificates (9), opscode (8), security (8), supported (8), high (8), update (8), data (8), cloud (8), resources (8), prerequisites (8), origin (8), disaster (8), system (8), requirements (8), desktop (8), guide (8), iam (8), page (7), modified (7), erchef (7), cluster (7), tlsv1 (7), using (7), not (6), feedback (6), should (6), connections (6), from (6), user (6), console (6), private (6), files (6), ipv6 (6), availability (6), cookbooks (6), audit (6), migrate (6), inspec (6), log (6), style (6), cookstyle (6), package (6), troubleshooting (6), logs (6), get (6), integrations (6), dashboard (6), applications (6), enterprise (6), policy (5), terms (5), licensing (5), bookshelf (5), optional (5), support (5), values (5), these (5), machines (5), runs (5), opscode_erchef (5), often (5), effort (5), search (5), etc (5), ssl_ciphers (5), progress (4), trademarks (4), your (4), non (4), run (4), then (4), number (4), max_connections (4), part (4), performance (4), increase (4), reconfigure (4), fqdn (4), ssl_protocols (4), list (4), key (4), back (4), frontend (4), send (4), downloads (4), uninstall (4), organizations (4), groups (4), roles (4), saml (4), ldap (4), resource (4), packs (4), profiles (4), local (4), download (4), apis (4), upgrades (4), monitor (4), quick (4), start (4), deprecations (4), cops (4), firewalls (4), ports (4), authentication (4), authorization (4), core (4), origins (4), profile (4), minio (4), single (4), cookbook (4), application (4), enrollment (4), setup (4), infrastructure (4), getting (4), migration (4), courier (4), tokens (4), jobs (4), app (4), integration (4), external (4), elasticsearch (4), amazon (4), a2ha (4), premises (4), platforms (4), edition (4), product (3), names (3), its (3), any (3), does (3), protocols (3), recommended (3), conditions (3), customize (3), table (3), contents (3), can (3), github (3), help (3), contains (3), only (3), added (3), ruby (3), which (3), 350 (3), what (3), increased (3), each (3), machine (3), also (3), results (3), read (3), view (3), during (3), information (3), true (3), ensure (3), necessary (3), note (3), tls (3), macos (3), windows (3), versions (3), rc4 (3), ssl_certificate_key (3), verify (3), ssl_certificate (3), docs (3), bootstrap (3), specific (3), available (3), large (3), scale (3), content (3), herein (2), software (2), corporation (2), subsidiaries (2), affiliates (2), other (2), see (2), rights (2), reserved (2), their (2), respective (2), owners (2), 2026 (2), how (2), improve (2), document (2), contact (2), apply (2), command (2), there (2), formula (2), reporting (2), always (2), allowed (2), tuned (2), more (2), running (2), db_pool_size (2), affects (2), actor (2), have (2), access (2), strict_search_result_acls (2), specify (2), has (2), acl (2), skip (2), after (2), out (2), failures (2), must (2), installations (2), releases (2), secure (2), later (2), psk (2), sslv2 (2), seed (2), camellia (2), anull (2), adh (2), enull (2), exp (2), medium (2), low (2), kedh (2), nil (2), communication (2), https (2), pki (2), name (2), man1 (2), com (2), ipv4 (2), equal (2), api_fqdn (2), here (2), role_name (2), case (2), servers (2), different (2), topic (2), environments (2), bags (2), clients (2), active (2), directory (2), legacy (2), azure (2), remediation (2), release (2), notes (2), share (2), scaffolding (2), variables (2), pattern (2), attributehelper (2), attributedefault (2), useplatformhelpers (2), unnecessaryplatformcasestatement (2), unnecessaryoscheck (2), trueclassfalseclassresourceproperties (2), simplifyplatformmajorversioncheck (2), overlycomplexsupportsdependsmetadata (2), negatingonlyif (2), includerecipewithparentheses (2), immediatenotificationtiming (2), filemode (2), defaultcopyrightcomments (2), copyrightcommentformat (2), commentsentencespacing (2), commentformat (2), chefwhaaat (2), attributekeys (2), invalidlicensestring (2), insecurecookbookurl (2), includeresourceexamples (2), includeresourcedescriptions (2), includepropertydescriptions (2), emptymetadatafield (2), defaultmetadatamaintainer (2), sharing (2), sshprivatekey (2), unlessdefinedrequire (2), requirenethttps (2), legacypowershelloutmethods (2), gemspecrequirerubygems (2), gemspeclicense (2), usecreateifmissing (2), unnecessarynameproperty (2), unnecessarydesiredstate (2), suggestsmetadata (2), stringpropertywithnildefault (2), sensitivepropertyinresource (2), resourcewithnothingaction (2), replacesmetadata (2), recipemetadata (2), providesmetadata (2), propertywithrequiredanddefault (2), propertysplatregex (2), ohaiattributetostring (2), namepropertyisrequired (2), multipleplatformchecks (2), longdescriptionmetadata (2), groupingmetadata (2), doublecompiletime (2), customresourcewithallowedactions (2), conflictsmetadata (2), attributemetadata (2), aptrepositorynotifiesaptupdate (2), aptrepositorydistributiondefault (2), redundantcode (2), zipfileresource (2), windowszipfileusage (2), windowsscresource (2), windowsregistryuac (2), whyrunsupportedtrue (2), useszypperrepo (2), userequirerelative (2), usemultipackageinstalls (2), usecheflanguagesystemdhelper (2), usecheflanguageenvhelpers (2), usecheflanguagecloudhelpers (2), usebuildessentialresource (2), unnecessarymixlibshelloutrequire (2), unnecessarydependschef15 (2), unnecessarydependschef14 (2), sysctlparamresource (2), simplifyaptppasetup (2), shellouttochocolatey (2), shellouthelper (2), sevenziparchiveresource (2), setorreturninresources (2), respondtoresourcename (2), respondtoprovides (2), respondtoinmetadata (2), respondtocompiletime (2), resourcenamefrominitialize (2), resourceforcingcompiletime (2), providesfrominitialize (2), propertywithnameattribute (2), powershellscriptexpandarchive (2), powershellinstallwindowsfeature (2), powershellinstallpackage (2), powershellguardinterpreter (2), osxconfigprofileresource (2), opensslx509resource (2), opensslrsakeyresource (2), noderolesinclude (2), nodeinitpackage (2), minitesthandlerusage (2), macosxuserdefaults (2), libarchivefileresource (2), legacyberksfilesource (2), includingwindowsdefaultrecipe (2), includingohaidefaultrecipe (2), includingmixinshelloutinresources (2), includingaptdefaultrecipe (2), ifprovidesdefaultaction (2), foodcriticcomments (2), executetzutil (2), executesysctl (2), executesleep (2), executescexe (2), executeaptupdate (2), emptyresourceinitializemethod (2), dslincludeinresource (2), dependsonzyppercookbook (2), dependsonwindowsfirewallcookbook (2), dependsontimezonelwrpcookbook (2), dependsonopensslcookbook (2), dependsonlocalecookbook (2), dependsonkernelmodulecookbook (2), dependsonchocolateycookbooks (2), dependsonchefvaultcookbook (2), definitions (2), defineschefspecmatchers (2), defaultactionfrominitialize (2), declareactionclass (2), databaghelpers (2), customresourcewithattributes (2), cronmanageresource (2), crondfileortemplate (2), conditionalusingtest (2), classevalactionclass (2), chefgemnokogiri (2), allowedactionsfrominitialize (2), actionmethodinresource (2), modernize (2), searchforenvironmentsorroles (2), dependschefvault (2), cookbookusessearch (2), cookbookusesroles (2), cookbookusespolicygroups (2), cookbookusesenvironments (2), cookbookusesdatabags (2), chefvaultused (2), berksfile (2), windowsversionhelpers (2), windowstaskchangeaction (2), windowspackageinstallertypestring (2), windowsfeatureservermanagercmd (2), verifypropertyusesfileexpansion (2), useyamldump (2), usesruncommandhelper (2), usesdeprecatedmixins (2), useschefresthelpers (2), userdeprecatedsupportsproperty (2), useinlineresourcesdefined (2), useautomaticresourcename (2), searchusespositionalparameters (2), rubyblockcreateaction (2), ruby27keywordargumentwarnings (2), resourcewithoutunifiedtrue (2), resourceusesupdatedmethod (2), resourceusesproviderbasemethod (2), resourceusesonlyresourcename (2), resourceusesdslnamemethod (2), resourceoverridesprovidesmethod (2), resourceinheritsfromcompatresource (2), requirerecipe (2), powershellcookbookhelpers (2), policyfilecommunitysource (2), poisearchiveusage (2), partialsearchhelperusage (2), partialsearchclassusage (2), nodesetwithoutlevel (2), nodesetunless (2), nodeset (2), nodemethodsinsteadofattributes (2), nodedeepfetch (2), namepropertywithdefaultvalue (2), macosuserdefaultsglobalproperty (2), logresourcenotifications (2), localedeprecatedlcallproperty (2), librarianchefspec (2), legacyyumcookbookrecipes (2), legacynotifysyntax (2), launchddeprecatedhashproperty (2), includingyumdnfcompatrecipe (2), includingxmlrubyrecipe (2), hwrpwithoutunifiedtrue (2), hwrpwithoutprovides (2), foodcritictesting (2), foodcriticfile (2), executerelativecreateswithoutcwd (2), executepathproperty (2), erlcallresource (2), epicfail (2), eolauditmodeusage (2), easyinstallresource (2), deprecatedyumrepositoryproperties (2), deprecatedyumrepositoryactions (2), deprecatedwindowsversioncheck (2), deprecatedsudoactions (2), deprecatedshelloutmethods (2), deprecatedplatformmethods (2), deprecatedchefspecplatform (2), dependsonomnibusupdatercookbook (2), dependsonchefreportingcookbook (2), dependsonchefnginxcookbook (2), delivery (2), cookbooksdependsonself (2), cookbookdependsonpoise (2), cookbookdependsonpartialsearch (2), cookbookdependsoncompatresource (2), chocolateypackageuninstallaction (2), chefwindowsplatformhelper (2), chefsugarhelpers (2), chefspeclegacyrunner (2), chefspeccoveragereport (2), chefshellout (2), chefrewind (2), chefhandlerusessupports (2), chefhandlerrecipe (2), cheffile (2), chefdkgenerators (2), tmppath (2), supportsmustbefloat (2), serviceresource (2), scopedfileexist (2), resourcewithnoneaction (2), resourcesetsnameproperty (2), resourcesetsinternalproperties (2), propertywithouttype (2), powershellscriptdeletefile (2), powershellfileexists (2), opensslpasswordhelpers (2), octalmodeasstring (2), notifiesactionnotsymbol (2), nodenormalunless (2), nodenormal (2), metadatamissingversion (2), metadatamissingname (2), metadatamalformeddepends (2), malformedplatformvalueforplatformhelper (2), macosuserdefaultsinvalidtype (2), lazyinresourceguard (2), lazyevalnodeattributedefaults (2), invalidversionmetadata (2), invalidplatformvalueforplatformhelper (2), invalidplatformvalueforplatformfamilyhelper (2), invalidplatformmetadata (2), invalidplatformincase (2), invalidplatformhelper (2), invalidplatformfamilyincase (2), invalidplatformfamilyhelper (2), invalidnotificationtiming (2), invalidnotificationresource (2), invaliddefaultaction (2), invalidcookbookname (2), incorrectlibraryinjection (2), emptyresourceguard (2), dnfpackageallowdowngrades (2), cookbookusesnodesave (2), conditionalrubyshellout (2), chefapplicationfatal (2), blockguardwithonlystring (2), correctness (2), v25 (2), v26 (2), failure (2), usage (2), tiered (2), installation (2), airgap (2), capacity (2), planning (2), plan (2), base (2), 2025 (2), refresh (2), strategy (2), account (2), membership (2), rbac (2), keys (2), rotate (2), certs (2), separate (2), artifactory (2), artifact (2), store (2), warm (2), spare (2), env (2), connect (2), windows_update_settings (2), windows_power_management (2), windows_password_policy (2), windows_ie_esc (2), windows_firewall (2), windows_disk_encryption (2), windows_desktop_winrm_settings (2), windows_desktop_screensaver (2), windows_defender_exclusion (2), windows_defender (2), windows_choco_installer (2), windows_automatic_logout (2), windows_app_management (2), windows_admin_control (2), rescue_account (2), macos_power_management (2), macos_password_policy (2), macos_firewall (2), macos_disk_encryption (2), macos_desktop_screensaver (2), macos_automatic_software_updates (2), macos_automatic_logout (2), macos_app_management (2), macos_admin_control (2), zero (2), touch (2), redirect (2), sso (2), opsworks (2), skills (2), administration (2), guides (2), enroll (2), clis (2), san (2), best (2), practices (2), feature (2), flags (2), cli (2), architecture (2), administrator (2), incident (2), servicenow (2), marketplace (2), scan (2), reports (2), eas (2), event (2), feed (2), teams (2), policies (2), actions (2), projects (2), credentials (2), lifecycle (2), feeds (2), notifications (2), cleanup (2), monitoring (2), centralize (2), report (2), ingestion (2), invalid (2), login (2), attempts (2), telemetry (2), session (2), timeout (2), disclosure (2), panel (2), banner (2), collection (2), topics (2), manager (2), bastion (2), new (2), sudo (2), password (2), rds (2), vpc (2), cidr (2), load (2), balancer (2), faqs (2), benchmarks (2), rotation (2), self (2), signed (2), custom (2), bootstrapping (2), commands (2), generation (2), remove (2), place (2), existing (2), efs (2), object (2), storage (2), filesystem (2), customer (2), airgapped (2), tutorial (2), shortcodes (2), matter (2), reuse (2), hugo (2), procedures (2), tables (2), headings (2), notices (2), markdown (2), lists (2), linking (2), formatting (2), tools (2), house (2), contribute (2), guidelines (2), contributions (2), commercial (2), script (2), accept (2), training (2), blog (2), main (2), certain, registered, one, countries, appropriate, markings, contained, inclusion, imply, endorsement, affiliation, sponsorship, between, copyright, last, february, cookie, privacy, trademark, site, map, thank, you, submit, fill, field, ask, still, stuck, edit, yes, was, helpful, built, into, processed, means, conditional, statements, within, 550, current, four, ons, installed, looks, like, new_value, current_value, determine, requires, above, adds, oc_bifrost, maximum, concurrent, than, two, depends, but, result, will, able, could, affect, returned, permission, warning, return, objects, determined, searches, may, because, enables, redundant, checks, configured, properly, been, applied, picks, false, amount, time, seconds, before, expire, timing, adjust, again, 900, 3600, s3_url_ttl, open, maintained, indicate, ran, try, increasing, persist, small, increments, virtual, address, vip, changes, made, reconfigured, larger, starting, defaults, enhanced, previous, defaulted, less, linux, unix, older, life, protocol, enabled, cipher, suites, establish, connection, favor, aes256, ecdhe, forward, drop, prefix, sha, md5, rsa, over, pem, copying, paths, those, optionally, reflect, desired, level, hardness, www, openssl, org, ciphers, html, info, notification_email, listens, communicate, configuring, sure, netmask, attribute, backend_vip, ip_version, uri, fqdns, lowercase, typically, sign, role, chefserver, statement, based, whether, exists, code, similar, general, many, cases, suggests, said, every, organization, please, don, hesitate, discuss, right, identified, particular, options, some, menu,
Text of the page (random words):
management centralize logs audit logs in s3 minio migrate monitoring restore managed services package cleanup elasticsearch configure elasticsearch upgrade to opensearch opensearch configure opensearch postgresql configure postgresql upgrade external postgresql settings notifications data feeds data lifecycle node integrations node credentials projects user profile users authentication ldap saml authorization iam overview iam users guide iam actions api tokens policies roles teams users event feed applications chef eas setting up the applications dashboard applications dashboard desktop dashboard troubleshooting compliance reports scan jobs profiles nodes infrastructure client runs chef infra server integrations aws marketplace servicenow integration app incident app administrator reference reference architecture chef automate api automate cli feature flags security best practices upgrade upgrade upgrade to 3 x upgrade to 4 x update non san certificates for 4 7 52 version chef cloud chef 360 saas overview system requirements get started overview set up chef 360 saas install clis node management settings enroll nodes run courier jobs user guides create and use tokens with the chef 360 platform apis chef 360 platform system administration chef courier chef node management update skills chef saas overview get started aws opsworks migration configure sso redirect nodes chef desktop about chef desktop getting started requirements infrastructure overview install quick start guide install workstation automate server cookbook setup set up policy set up nodes zero touch deployment macos enrollment application management windows enrollment application management chef desktop cookbook reference resources all resources single page macos_admin_control macos_app_management macos_automatic_logout macos_automatic_software_updates macos_desktop_screensaver macos_disk_encryption macos_firewall macos_password_policy macos_power_management rescue_account windows_admin_control windows_app_management windows_automatic_logout windows_choco_installer windows_defender windows_defender_exclusion windows_desktop_screensaver windows_desktop_winrm_settings windows_disk_encryption windows_firewall windows_ie_esc windows_password_policy windows_power_management windows_update_settings chef habitat habitat v 2 1 habitat v 2 0 habitat v 1 6 habitat builder about habitat builder on prem builder about on prem builder install overview system requirements install builder connect your workstation to builder configure overview example builder env config file configure disaster recovery or warm spare use artifactory as a package artifact store configure builder logs scale builder frontend separate backend services manage overview minio postgresql rotate ssl certs upgrade builder origins overview create an origin origin keys origin membership and rbac packages overview bootstrap core packages update packages troubleshooting saas builder about habitat saas builder create an account builder profile origins origin packages builder api supported packages habitat package refresh strategy core base 2025 packages chef infra client chef infra client 19 chef infra client 18 chef infra server overview infra server overview services plan chef infra server prerequisites capacity planning install install chef infra server install high availability airgap tiered installation upgrades upgrade ha cluster license usage configure chef server rb settings chef infra server optional settings chef backend rb settings server firewalls and ports security manage backup and restore backend failure recovery monitor tuning log files users authentication and authorization organizations groups server users reference chef server ctl chef backend ctl chef infra server api firewalls ports chef inspec version 7 1 version 7 0 version 6 8 version 5 24 version 5 23 resource packs chef workstation workstation v26 workstation v25 cookstyle about cookstyle cookstyle cops list cops chef correctness blockguardwithonlystring chefapplicationfatal conditionalrubyshellout cookbookusesnodesave dnfpackageallowdowngrades emptyresourceguard incorrectlibraryinjection invalidcookbookname invaliddefaultaction invalidnotificationresource invalidnotificationtiming invalidplatformfamilyhelper invalidplatformfamilyincase invalidplatformhelper invalidplatformincase invalidplatformmetadata invalidplatformvalueforplatformfamilyhelper invalidplatformvalueforplatformhelper invalidversionmetadata lazyevalnodeattributedefaults lazyinresourceguard macosuserdefaultsinvalidtype malformedplatformvalueforplatformhelper metadatamalformeddepends metadatamissingname metadatamissingversion nodenormal nodenormalunless notifiesactionnotsymbol octalmodeasstring opensslpasswordhelpers powershellfileexists powershellscriptdeletefile propertywithouttype resourcesetsinternalproperties resourcesetsnameproperty resourcewithnoneaction scopedfileexist serviceresource supportsmustbefloat tmppath chef deprecations chefdkgenerators cheffile chefhandlerrecipe chefhandlerusessupports chefrewind chefshellout chefspeccoveragereport chefspeclegacyrunner chefsugarhelpers chefwindowsplatformhelper chocolateypackageuninstallaction cookbookdependsoncompatresource cookbookdependsonpartialsearch cookbookdependsonpoise cookbooksdependsonself delivery dependsonchefnginxcookbook dependsonchefreportingcookbook dependsonomnibusupdatercookbook deprecatedchefspecplatform deprecatedplatformmethods deprecatedshelloutmethods deprecatedsudoactions deprecatedwindowsversioncheck deprecatedyumrepositoryactions deprecatedyumrepositoryproperties easyinstallresource eolauditmodeusage epicfail erlcallresource executepathproperty executerelativecreateswithoutcwd foodcriticfile foodcritictesting hwrpwithoutprovides hwrpwithoutunifiedtrue includingxmlrubyrecipe includingyumdnfcompatrecipe launchddeprecatedhashproperty legacynotifysyntax legacyyumcookbookrecipes librarianchefspec localedeprecatedlcallproperty logresourcenotifications macosuserdefaultsglobalproperty namepropertywithdefaultvalue nodedeepfetch nodemethodsinsteadofattributes nodeset nodesetunless nodesetwithoutlevel partialsearchclassusage partialsearchhelperusage poisearchiveusage policyfilecommunitysource powershellcookbookhelpers requirerecipe resourceinheritsfromcompatresource resourceoverridesprovidesmethod resourceusesdslnamemethod resourceusesonlyresourcename resourceusesproviderbasemethod resourceusesupdatedmethod resourcewithoutunifiedtrue ruby27keywordargumentwarnings rubyblockcreateaction searchusespositionalparameters useautomaticresourcename useinlineresourcesdefined userdeprecatedsupportsproperty useschefresthelpers usesdeprecatedmixins usesruncommandhelper useyamldump verifypropertyusesfileexpansion windowsfeatureservermanagercmd windowspackageinstallertypestring windowstaskchangeaction windowsversionhelpers chef effortless berksfile chefvaultused cookbookusesdatabags cookbookusesenvironments cookbookusespolicygroups cookbookusesroles cookbookusessearch dependschefvault searchforenvironmentsorroles chef modernize actionmethodinresource allowedactionsfrominitialize chefgemnokogiri classevalactionclass conditionalusingtest crondfileortemplate cronmanageresource customresourcewithattributes databaghelpers declareactionclass defaultactionfrominitialize defineschefspecmatchers definitions dependsonchefvaultcookbook dependsonchocolateycookbooks dependsonkernelmodulecookbook dependsonlocalecookbook dependsonopensslcookbook dependsontimezonelwrpcookbook dependsonwindowsfirewallcookbook dependsonzyppercookbook dslincludeinresource emptyresourceinitializemethod executeaptupdate executescexe executesleep executesysctl executetzutil foodcriticcomments ifprovidesdefaultaction includingaptdefaultrecipe includingmixinshelloutinresources includingohaidefaultrecipe includingwindowsdefaultrecipe legacyberksfilesource libarchivefileresource macosxuserdefaults minitesthandlerusage nodeinitpackage noderolesinclude opensslrsakeyresource opensslx509resource osxconfigprofileresource powershellguardinterpreter powershellinstallpackage powershellinstallwindowsfeature powershellscriptexpandarchive propertywithnameattribute providesfrominitialize resourceforcingcompiletime resourcenamefrominitialize respondtocompiletime respondtoinmetadata respondtoprovides respondtoresourcename setorreturninresources sevenziparchiveresource shellouthelper shellouttochocolatey simplifyaptppasetup sysctlparamresource unnecessarydependschef14 unnecessarydependschef15 unnecessarymixlibshelloutrequire usebuildessentialresource usecheflanguagecloudhelpers usecheflanguageenvhelpers usecheflanguagesystemdhelper usemultipackageinstalls userequirerelative useszypperrepo whyrunsupportedtrue windowsregistryuac windowsscresource windowszipfileusage zipfileresource chef redundantcode aptrepositorydistributiondefault aptrepositorynotifiesaptupdate attributemetadata conflictsmetadata customresourcewithallowedactions doublecompiletime groupingmetadata longdescriptionmetadata multipleplatformchecks namepropertyisrequired ohaiattributetostring propertysplatregex propertywithrequiredanddefault providesmetadata recipemetadata replacesmetadata resourcewithnothingaction sensitivepropertyinresource stringpropertywithnildefault suggestsmetadata unnecessarydesiredstate unnecessarynameproperty usecreateifmissing chef ruby gemspeclicense gemspecrequirerubygems legacypowershelloutmethods requirenethttps unlessdefinedrequire chef security sshprivatekey chef sharing defaultmetadatamaintainer emptymetadatafield includepropertydescriptions includeresourcedescriptions includeresourceexamples insecurecookbookurl invalidlicensestring chef style attributekeys chefwhaaat commentformat commentsentencespacing copyrightcommentformat defaultcopyrightcomments filemode immediatenotificationtiming includerecipewithparentheses negatingonlyif overlycomplexsupportsdependsmetadata simplifyplatformmajorversioncheck trueclassfalseclassresourceproperties unnecessaryoscheck unnecessaryplatformcasestatement useplatformhelpers inspec deprecations attributedefault attributehelper effortless pattern effortless overview quick start effortless audit effortless config variables and config what is scaffolding supermarket about supermarket share cookbooks private supermarket about private supermarket install configure backup and restore monitor log files upgrades reference supermarket ctl supermarket api release notes chef 360 platform chef automate chef backend chef download apis chef habitat chef infra client chef infra server chef inspec chef local license service chef manage chef migrate chef supermarket chef workstation chef compliance chef compliance audit profiles chef compliance remediation chef cloud resource packs aws cloud resources azure cloud resources legacy chef manage about the management console uninstall manage rb chef manage ctl active directory ldap configure saml clients cookbooks data bags environments nodes roles organizations groups users uninstall available on github downloads send feedback support server tuning table of contents the server configuration file contains a list of all configuration options that are available for the chef infra server some of these values should be modified for large scale installations note this topic contains general information about how settings can be tuned in many cases this topic suggests specific values to be used for tuning that said every organization and configuration is different so please don t hesitate to contact chef support to discuss your tuning effort so as to help ensure the right value is identified for any particular setting customize the config file the etc opscode chef server rb file contains all of the non default configuration settings used by the chef infra server the default settings are built into the chef infra server configuration and should only be added to the chef server rb file to apply non default values these configuration settings are processed when the chef server ctl reconfigure command is run the chef server rb file is a ruby file which means that conditional statements can be used within it use conditions use a case statement to apply different values based on whether the setting exists on the front end or back end servers add code to the server configuration file similar to the following role_name chefserver servers node fqdn role case role_name when backend backend specific configuration here when frontend frontend specific configuration here end recommended settings the following settings are typically added to the server configuration file no equal sign is necessary to set the value api_fqdn the fqdn for the chef infra server this setting is not in the server configuration file by default when added its value should be equal to the fqdn for the service uri used by the chef infra server fqdns must always be in lowercase for example api_fqdn chef example com bootstrap default value true ip_version use to set the ip version ipv4 or ipv6 when set to ipv6 the api listens on ipv6 and front end and back end services communicate using ipv6 when a high availability configuration is used when configuring for ipv6 in a high availability configuration be sure to set the netmask on the ipv6 backend_vip attribute default value ipv4 notification_email default value info example com ssl protocols the following settings are often modified from the default as part of the tuning effort for the nginx service and to configure the chef infra server to use ssl certificates note see https www openssl org docs man1 0 2 man1 ciphers html for more information about the values used with the nginx ssl_ciphers and nginx ssl_protocols settings after copying ssl certificate files to the chef infra server update the nginx ssl_certificate and nginx ssl_certificate_key settings to specify the paths to those files and then optionally update the nginx ssl_ciphers and nginx ssl_protocols settings to reflect the desired level of hardness for the chef infra server for example nginx ssl_certificate etc pki tls private name of pem nginx ssl_certificate_key etc pki tls private name of key nginx ssl_ciphers high medium low kedh anull adh enull exp sslv2 seed camellia psk nginx ssl_protocols tlsv1 2 nginx ssl_certificate the ssl certificate used to verify communication over https default value nil nginx ssl_certificate_key the certificate key used for ssl communication default value nil nginx ssl_ciphers the list of supported cipher suites that are used to establish a secure connection to favor aes256 with ecdhe forward security drop the rc4 sha rc4 md5 rc4 rsa prefix for example nginx ssl_ciphers high medium low kedh anull adh enull exp sslv2 seed camellia psk nginx ssl_protocols the ssl protocol versions that are enabled for the chef infra server api starting with chef infra server 14 3 this value defaults to tlsv1 2 for enhanced security previous releases defaulted to tlsv1 tlsv1 1 tlsv1 2 which allowed for less secure ssl connections tls...
|
