From 0fa31cb5c7163ab47280fcad33c795a8e379fcc4 Mon Sep 17 00:00:00 2001 From: "chef-expeditor[bot]" <49165653+chef-expeditor[bot]@users.noreply.github.com> Date: Wed, 10 Jan 2024 13:15:47 -0500 Subject: [PATCH] Bump Hugo module chef-server to 15.9.20. (#4228) This pull request was triggered automatically via Expeditor. This change falls under the obvious fix policy so no Developer Certificate of Origin (DCO) sign-off is required. Co-authored-by: Chef Expeditor --- .../chef/chef-server/docs-chef-io/config.toml | 2 - .../content/server/config_rb_server.md | 358 +- .../config_rb_server_optional_settings.md | 3264 ++++++++++++++++- ...onfig_ocid_application_hash_supermarket.md | 3 +- .../reusable/md/config_rb_server_summary.md | 2 +- ...notes_config_rb_server_must_reconfigure.md | 3 +- .../md}/notes_server_aws_cookbook_storage.md | 0 .../md/server_rbac_permissions_object.md | 38 +- .../reusable/md/server_services_bifrost.md | 2 +- .../reusable/md/server_services_bookshelf.md | 2 +- .../reusable/md/server_services_erchef.md | 2 +- .../md}/server_services_expander.md | 0 .../reusable/md/server_services_oc_id.md | 2 +- .../reusable/md/server_services_postgresql.md | 2 +- .../reusable/md/server_services_redis.md | 2 +- .../md}/server_services_solr4.md | 0 .../md}/server_tuning_expander.md | 4 +- .../server/reusable/md/server_tuning_nginx.md | 68 +- .../md}/settings_strict_search_result_acls.md | 13 +- .../content/server/v13_2/config_rb_server.md | 106 - .../config_rb_server_optional_settings.md | 2230 ----------- .../content/server/v13_2/index.md | 3 - .../reusable_text/config_add_condition.md | 13 - .../config_rb_server_settings_ldap.md | 166 - .../reusable_text/config_rb_server_summary.md | 8 - ...notes_config_rb_server_must_reconfigure.md | 5 - .../reusable_text/server_services_bifrost.md | 2 - .../server_services_bookshelf.md | 4 - .../reusable_text/server_services_erchef.md | 11 - .../reusable_text/server_services_expander.md | 3 - .../reusable_text/server_services_oc_id.md | 6 - .../server_services_postgresql.md | 1 - .../reusable_text/server_services_rabbitmq.md | 3 - .../reusable_text/server_services_redis.md | 2 - .../reusable_text/server_services_solr4.md | 4 - .../reusable_text/server_tuning_bookshelf.md | 6 - .../reusable_text/server_tuning_erchef.md | 22 - .../reusable_text/server_tuning_general.md | 26 - .../reusable_text/server_tuning_nginx.md | 63 - .../reusable_text/server_tuning_postgresql.md | 34 - .../v13_2/reusable_text/server_tuning_solr.md | 3 - .../server_tuning_solr_available_memory.md | 27 - .../server_tuning_solr_large_node_sizes.md | 59 - .../server_tuning_solr_update_frequency.md | 24 - .../settings_strict_search_result_acls.md | 28 - .../content/server/v14/config_rb_server.md | 86 - .../v14/config_rb_server_optional_settings.md | 1997 ---------- .../docs-chef-io/content/server/v14/index.md | 3 - .../v14/reusable_text/config_add_condition.md | 13 - .../config_rb_server_settings_ldap.md | 197 - .../reusable_text/config_rb_server_summary.md | 8 - ...notes_config_rb_server_must_reconfigure.md | 5 - .../notes_server_aws_cookbook_storage.md | 3 - .../reusable_text/server_services_bifrost.md | 2 - .../server_services_bookshelf.md | 4 - .../reusable_text/server_services_erchef.md | 11 - .../reusable_text/server_services_oc_id.md | 6 - .../server_services_postgresql.md | 1 - .../reusable_text/server_services_rabbitmq.md | 3 - .../reusable_text/server_services_redis.md | 2 - .../reusable_text/server_tuning_bookshelf.md | 6 - .../v14/reusable_text/server_tuning_erchef.md | 22 - .../reusable_text/server_tuning_expander.md | 12 - .../reusable_text/server_tuning_general.md | 27 - .../v14/reusable_text/server_tuning_nginx.md | 65 - .../reusable_text/server_tuning_postgresql.md | 34 - .../v14/reusable_text/server_tuning_solr.md | 3 - .../server_tuning_solr_available_memory.md | 27 - .../server_tuning_solr_large_node_sizes.md | 59 - .../server_tuning_solr_update_frequency.md | 24 - _vendor/modules.txt | 2 +- go.mod | 2 +- go.sum | 4 +- 73 files changed, 3675 insertions(+), 5579 deletions(-) rename _vendor/github.com/chef/chef-server/docs-chef-io/content/server/{v13_2/reusable_text => reusable/md}/notes_server_aws_cookbook_storage.md (100%) rename _vendor/github.com/chef/chef-server/docs-chef-io/content/server/{v14/reusable_text => reusable/md}/server_services_expander.md (100%) rename _vendor/github.com/chef/chef-server/docs-chef-io/content/server/{v14/reusable_text => reusable/md}/server_services_solr4.md (100%) rename _vendor/github.com/chef/chef-server/docs-chef-io/content/server/{v13_2/reusable_text => reusable/md}/server_tuning_expander.md (91%) rename _vendor/github.com/chef/chef-server/docs-chef-io/content/server/{v14/reusable_text => reusable/md}/settings_strict_search_result_acls.md (79%) delete mode 100644 _vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/config_rb_server.md delete mode 100644 _vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/config_rb_server_optional_settings.md delete mode 100644 _vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/index.md delete mode 100644 _vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/config_add_condition.md delete mode 100644 _vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/config_rb_server_settings_ldap.md delete mode 100644 _vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/config_rb_server_summary.md delete mode 100644 _vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/notes_config_rb_server_must_reconfigure.md delete mode 100644 _vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_services_bifrost.md delete mode 100644 _vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_services_bookshelf.md delete mode 100644 _vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_services_erchef.md delete mode 100644 _vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_services_expander.md delete mode 100644 _vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_services_oc_id.md delete mode 100644 _vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_services_postgresql.md delete mode 100644 _vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_services_rabbitmq.md delete mode 100644 _vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_services_redis.md delete mode 100644 _vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_services_solr4.md delete mode 100644 _vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_tuning_bookshelf.md delete mode 100644 _vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_tuning_erchef.md delete mode 100644 _vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_tuning_general.md delete mode 100644 _vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_tuning_nginx.md delete mode 100644 _vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_tuning_postgresql.md delete mode 100644 _vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_tuning_solr.md delete mode 100644 _vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_tuning_solr_available_memory.md delete mode 100644 _vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_tuning_solr_large_node_sizes.md delete mode 100644 _vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_tuning_solr_update_frequency.md delete mode 100644 _vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/settings_strict_search_result_acls.md delete mode 100644 _vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/config_rb_server.md delete mode 100644 _vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/config_rb_server_optional_settings.md delete mode 100644 _vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/index.md delete mode 100644 _vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/config_add_condition.md delete mode 100644 _vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/config_rb_server_settings_ldap.md delete mode 100644 _vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/config_rb_server_summary.md delete mode 100644 _vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/notes_config_rb_server_must_reconfigure.md delete mode 100644 _vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/notes_server_aws_cookbook_storage.md delete mode 100644 _vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_services_bifrost.md delete mode 100644 _vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_services_bookshelf.md delete mode 100644 _vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_services_erchef.md delete mode 100644 _vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_services_oc_id.md delete mode 100644 _vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_services_postgresql.md delete mode 100644 _vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_services_rabbitmq.md delete mode 100644 _vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_services_redis.md delete mode 100644 _vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_tuning_bookshelf.md delete mode 100644 _vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_tuning_erchef.md delete mode 100644 _vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_tuning_expander.md delete mode 100644 _vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_tuning_general.md delete mode 100644 _vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_tuning_nginx.md delete mode 100644 _vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_tuning_postgresql.md delete mode 100644 _vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_tuning_solr.md delete mode 100644 _vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_tuning_solr_available_memory.md delete mode 100644 _vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_tuning_solr_large_node_sizes.md delete mode 100644 _vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_tuning_solr_update_frequency.md diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/config.toml b/_vendor/github.com/chef/chef-server/docs-chef-io/config.toml index 8dc668da56..e1bfa7908b 100644 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/config.toml +++ b/_vendor/github.com/chef/chef-server/docs-chef-io/config.toml @@ -1,4 +1,2 @@ [params.chef-server] -versions = ["13_2", "14"] gh_path = "https://github.com/chef/chef-server/blob/main/docs-chef-io/content/" -vendor_content_path = "_vendor/github.com/chef/chef-server/docs-chef-io/content/" diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/config_rb_server.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/config_rb_server.md index 12626c5c25..474a679ac4 100644 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/config_rb_server.md +++ b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/config_rb_server.md @@ -1,11 +1,8 @@ +++ title = "chef-server.rb Settings" draft = false - gh_repo = "chef-server" -version_docs_product = "chef-server" - aliases = ["/config_rb_server.html", "/config_rb_server_14/", "/config_rb_server/"] [menu] @@ -15,3 +12,358 @@ aliases = ["/config_rb_server.html", "/config_rb_server_14/", "/config_rb_server parent = "server/configure" weight = 10 +++ + +{{< readfile file="content/server/reusable/md/config_rb_server_summary.md" >}} + +## Use Conditions + +Use a `case` statement to apply different values based on whether the setting exists on the front-end or back-end servers. +Add code to the server configuration file similar to the following: + +```ruby +role_name = ChefServer['servers'][node['fqdn']]['role'] +case role_name +when 'backend' + # backend-specific configuration here +when 'frontend' + # frontend-specific configuration here +end +``` + +## Recommended Settings + +The following settings are typically added to the server configuration +file (no equal sign is necessary to set the value): + +`api_fqdn` + +: The FQDN for the Chef Infra Server. This setting is not in the + server configuration file by default. When added, its value should + be equal to the FQDN for the service URI used by the Chef Infra + Server. FQDNs must always be in lowercase. + For example: `api_fqdn "chef.example.com"`. + +`bootstrap` + +: Default value: `true`. + +`ip_version` + +: Use to set the IP version: `"ipv4"` or `"ipv6"`. When set to + `"ipv6"`, the API listens on IPv6 and front end and back end + services communicate via IPv6 when a high availability configuration + is used. When configuring for IPv6 in a high availability + configuration, be sure to set the netmask on the IPv6 `backend_vip` + attribute. + + Default value: `"ipv4"`. + +`notification_email` + +: Default value: `info@example.com`. + +### NGINX SSL Protocols + +{{< readfile file="content/server/reusable/md/server_tuning_nginx.md" >}} + +## Optional Settings + +The following settings are often used for performance tuning of the Chef +Infra Server in larger installations. + +{{< note >}} + +{{< readfile file="content/server/reusable/md/notes_config_rb_server_must_reconfigure.md" >}} + +{{< /note >}} + +{{< note >}} + +Review the full list of [optional settings]({{< relref "/server/config_rb_server_optional_settings" >}}) that can be added to the `chef-server.rb` file. +Many of these optional settings should not be added without first consulting with Chef support. + +{{< /note >}} + +### bookshelf + +The following setting is often modified from the default as part of the +tuning effort for the **bookshelf** service: + +`bookshelf['vip']` + +: The virtual IP address. + + Default value: `node['fqdn']`. + + +{{< warning >}} + +{{< readfile file="content/server/reusable/md/notes_server_aws_cookbook_storage.md" >}} + +{{< /warning >}} + +### opscode-account + +The following setting is often modified from the default as part of the +tuning effort for the **opscode-account** service: + +`opscode_account['worker_processes']` + +: The number of allowed worker processes. This value should be + increased if requests made to the **opscode-account** service are + timing out, but only if the front-end machines have available CPU + and RAM. + + Default value: `4`. + +### opscode-erchef + +The following settings are often modified from the default as part of +the tuning effort for the **opscode-erchef** service: + +`opscode_erchef['db_pool_size']` + +: The number of open connections to PostgreSQL that are maintained by + the service. If failures indicate that the **opscode-erchef** + service ran out of connections, try increasing the + `postgresql['max_connections']` setting. If failures persist, then + increase this value (in small increments) and also increase the + value for `postgresql['max_connections']`. + + Default value: `20`. + +`opscode_erchef['s3_url_ttl']` + +: The amount of time (in seconds) before connections to the server + expire. If Chef Infra Client runs are timing out, increase this + setting to `3600`, and then adjust again if necessary. + + Default value: `900`. + +`opscode_erchef['strict_search_result_acls']` + +: {{< readfile file="content/server/reusable/md/settings_strict_search_result_acls.md" >}} + +#### Data Collector + +The following settings are often modified from the default as part of +the tuning effort for the **data_collector** **opscode-erchef** +application: + +`data_collector['http_max_count']` + +: The maximum worker count for the HTTP connection pool that is used + by the data collector. If failures indicate that **opscode-erchef** + application has run out of HTTP connections for the + **data_collector** then increase this value. + + Default value: `100`. + +### opscode-expander + +The following setting is often modified from the default as part of the +tuning effort for the **opscode-expander** service: + +`opscode_expander['nodes']` + +: **Setting EOL in Chef Infra Server 14.** + + The number of allowed worker processes. The **opscode-expander** + service runs on the back-end and feeds data to the **opscode-solr** + service, which creates and maintains search data used by the Chef + Infra Server. Additional memory may be required by these worker + processes depending on the frequency and volume of Chef Infra Client + runs across the organization, but only if the back-end machines have + available CPU and RAM. + + Default value: `2`. + +### opscode-solr4 + +The following sections describe ways of tuning the **opscode-solr4** +service to improve performance around large node sizes, available +memory, and update frequencies. + +#### Available Memory + +Use the following configuration setting to help ensure that Apache Solr +does not run out of memory: + +`opscode_solr4['heap_size']` + +: **Setting EOL in Chef Infra Server 14.** + + The amount of memory (in MBs) available to Apache Solr. If there is + not enough memory available, search queries made by nodes to Apache + Solr may fail. The amount of memory that must be available also + depends on the number of nodes in the organization, the frequency of + search queries, and other characteristics that are unique to each + organization. In general, as the number of nodes increases, so does + the amount of memory. + + If Apache Solr is running out of memory, the + `/var/log/opscode/opscode-solr4/current` log file will contain a message + similar to: + + ```bash + SEVERE: java.lang.OutOfMemoryError: Java heap space + ``` + + The default value for `opscode_solr4['heap_size']` should work for many + organizations, especially those with fewer than 25 nodes. For + organizations with more than 25 nodes, set this value to 25% of system + memory or `1024`, whichever is smaller. For very large configurations, + increase this value to 25% of system memory or `4096`, whichever is + smaller. This value should not exceed `8192`. + + +#### Large Node Sizes + +The maximum field length setting for Apache Solr should be greater than +any expected node object file sizes in order for them to be successfully +added to the search index. If a node object file is greater than the +maximum field length, the node object will be indexed up to the maximum, +but the part of the file past that limit will not be indexed. If this +occurs, it will seem as if nodes disappear from the search index. + +To ensure that large node file sizes are indexed properly, verify the +`nginx['client_max_body_size']` and `opscode_erchef['max_request_size']` settings. + +To ensure that `nginx['client_max_body_size']` and `opscode_erchef['max_request_size']` are not part of the reasons for incomplete indexing, +set `opscode_solr4['max_field_length']` setting so that its value is greater than the expected node file sizes. + +`nginx['client_max_body_size']` + +: **Setting EOL in Chef Infra Server 14.** + + The maximum accepted body size for a client request, as indicated by + the `Content-Length` request header. When the maximum accepted body + size is greater than this value, a `413 Request Entity Too Large` + error is returned. + + Default value: `250m`. + +`opscode_erchef['max_request_size']` + +: **Setting EOL in Chef Infra Server 14.** + + When the request body size is greater than this value, a `413 Request Entity Too Large` error is returned. + + Default value: `2000000`. + +`opscode_solr4['max_field_length']` + +: **Setting EOL in Chef Infra Server 14.** + + The maximum field length (in number of tokens/terms). If a field + length exceeds this value, Apache Solr may not be able to complete + building the index. Default value: `100000` (increased from the + Apache Solr default value of `10000`). + + Use the `wc` command to get the byte count of a large node object file. + For example: + + ```bash + wc -c NODE_NAME.json + ``` + + and then ensure there is a buffer beyond that value. For example, verify + the size of the largest node object file: + + ```bash + wc -c nodebsp2016.json + ``` + + which returns `154516`. Update the `opscode_solr4['max_field_length']` + setting to have a value greater than the returned value. For example: + `180000`. + + If you don't have a node object file available then you can get an + approximate size of the node data by running the following command on a + node. + + ```bash + ohai | wc -c + ``` + +#### Update Frequency + +At the end of every Chef Infra Client run, the node object is saved to +the Chef Infra Server. From the Chef Infra Server, each node object is +then added to the `SOLR` search index. This process is asynchronous. By +default, node objects are committed to the search index every 60 seconds +or per 1000 node objects, whichever occurs first. + +When data is committed to the Apache Solr index, all incoming updates +are blocked. If the duration between updates is too short, it is +possible for the rate at which updates are asked to occur to be faster +than the rate at which objects can be actually committed. + +Use the `opscode_solr4['commit_interval']` and `opscode_solr4['max_commit_docs']` settings to improve the indexing +performance of node objects: + +`opscode_solr4['commit_interval']` + +: **Setting EOL in Chef Infra Server 14.** + + The frequency (in seconds) at which node objects are added to the + Apache Solr search index. + + Default value: `60000` (every 60 seconds). + +`opscode_solr4['max_commit_docs']` + +: **Setting EOL in Chef Infra Server 14.** + + The frequency (in documents) at which node objects are added to the + Apache Solr search index. + + Default value: `1000` (every 1000 documents). + +### postgresql + +The following setting is often modified from the default as part of the tuning effort for the **postgresql** service: + +`postgresql['max_connections']` + +: The maximum number of allowed concurrent connections. This value should only be tuned when the `opscode_erchef['db_pool_size']` value used by the **opscode-erchef** service is modified. Default value: `350`. + If there are more than two front end machines in a cluster, the + `postgresql['max_connections']` setting should be increased. The + increased value depends on the number of machines in the front end, + but also the number of services that are running on each of these + machines. + + - Each front end machine always runs the **oc_bifrost** and + **opscode-erchef** services. + - The Reporting add-on adds the **reporting** service. + + Each of these services requires 25 connections, above the default + value. + + Use the following formula to help determine what the increased value + should be: + + ```ruby + new_value = current_value + [ + (# of front end machines - 2) * (25 * # of services) + ] + ``` + + For example, if the current value is 350, there are four front end + machines, and all add-ons are installed, then the formula looks + like: + + ```ruby + 550 = 350 + [(4 - 2) * (25 * 4)] + ``` + +`postgresql['sslmode']` + +: SSL encryption mode between the Chef Infra Server and PostgreSQL. + + Possible values: + + - `'disable'` + - `'require'` + + Default value: `'disable'`. diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/config_rb_server_optional_settings.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/config_rb_server_optional_settings.md index dcd4c74b2b..fa1370287e 100644 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/config_rb_server_optional_settings.md +++ b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/config_rb_server_optional_settings.md @@ -1,13 +1,8 @@ +++ title = "chef-server.rb Optional Settings" draft = false - gh_repo = "chef-server" -aliases = ["/config_rb_server_optional_settings.html", "/config_rb_server_optional_settings_14/", "/config_rb_optional_settings/", "/config_rb_server_optional_settings/"] - -version_docs_product = "chef-server" - [menu] [menu.server] title = "Chef Infra Server Optional Settings" @@ -15,3 +10,3262 @@ version_docs_product = "chef-server" parent = "server/configure" weight = 20 +++ + +{{< readfile file="content/server/reusable/md/config_rb_server_summary.md" >}} + +## Settings + +The following sections describe the various settings that are available +in the chef-server.rb file. + +{{< note >}} +{{< readfile file="content/server/reusable/md/notes_config_rb_server_must_reconfigure.md" >}} +{{< /note >}} + +### General + +This configuration file has the following general settings: + +`addons['install']` + +: Default value: `false`. + +`addons['path']` + +: Default value: `nil`. + +`addons['packages']` + +: Default value: `%w{chef-manage}` + +`api_version` + +: The version of the Chef Infra Server. + + Default value: `'12.0.0'`. + +`default_orgname` + +: The `ORG_NAME` part of the `/organizations` endpoint in Chef Infra + Server. + +`flavor` + +: Default value: `'cs'`. + + Setting new in Chef Infra Server 14. + +`fips` + +: Set to `true` to run the server in FIPS compliance mode. Set to + `false` to force the server to run without FIPS compliance mode. + + Default value: The value in the kernel configuration. + + {{< note >}} + + Chef Infra Server versions earlier than 14.5 configured with `nginx['enable_non_ssl'] = false` and `fips = true` require `export CSC_LB_URL=https://127.0.0.1` to run the command `chef-server-ctl reindex ` + + {{< /note >}} + +`insecure_addon_compat` + +: Set to `true` to keep Chef Infra Server compatible with older add-on + versions by rendering secrets and credentials to + `/etc/opscode/chef-server-running.json` and other files in + `/etc/opscode/`. When set to `false`, secrets are **only** written + to `/etc/opscode/private-chef-secrets.json` and **not** to any other + files. + + Default value: `true`. + + See [Add-on Compatibility]({{< relref "/server/server_security#add-on-compatibility" >}}) for the + minimum add-on versions supporting `insecure_addon_compat false`. + +`install_path` + +: The directory in which the Chef Infra Server is installed. + + Default value: `'/opt/opscode'`. + +`from_email` + +: The email address from which invitations to the Chef management + console are sent. + + Default value: `'"Opscode" '`. + +`license['nodes']` + +: The number of licensed nodes. + + Default value: `25`. + +`license['upgrade_url']` + +: The URL to visit for more information about how to update the number + of nodes licensed for an organization. + + Default value: `'https://www.chef.io/pricing'`. + +`notification_email` + +: The email addressed to which email notifications are sent. + + Default value: `'pc-default@chef.io'`. + +`role` + +: The configuration type of the Chef Infra Server. + + Possible values: `backend`, `frontend`, or `standalone`. + + Default value: `'standalone'`. + +`topology` + +: The topology of the Chef Infra Server. + + Possible values: `manual`, `standalone`, and `tier`. + + Default value: `'standalone'`. + +### bookshelf + +{{< readfile file="content/server/reusable/md/server_services_bookshelf.md" >}} + +{{< note >}} +{{< readfile file="content/server/reusable/md/notes_server_aws_cookbook_storage.md" >}} +{{< /note >}} + +This configuration file has the following settings for `bookshelf`: + +`bookshelf['access_key_id']` + +: Deprecated. Use `chef-server-ctl set-secret bookshelf access_key_id` from + the [Secrets Management]({{< relref "/server/ctl_chef_server#secrets-management" >}}) + commands. + + The access key identifier. This may point at an external storage + location, such as Amazon EC2. See [AWS external bookshelf + settings]({{< relref "/server#aws-settings" >}}) for more information on configuring external bookshelf. + + Default value: **generated**. + +`bookshelf['data_dir']` + +: The directory in which on-disk data is stored. The default value is + the recommended value. + + Default value: `/var/opt/opscode/bookshelf/data`. + +`bookshelf['dir']` + +: The working directory. The default value is the recommended value. + + Default value: `/var/opt/opscode/bookshelf`. + +`bookshelf['enable']` + +: Enable a service. + + Default value: `true`. + +`bookshelf['enable_request_logging']` + +: Use to configure request logging for the bookshelf service. + + Default value: `false`. + +`bookshelf['external_url']` + +: The base URL to which the service is to return links to API + resources. Use `:host_header` to ensure the URL is derived from the + host header of the incoming HTTP request. + + Default value: `:host_header`. + +`bookshelf['listen']` + +: The IP address on which the service is to listen. + + Default value: `127.0.0.1`. + +`bookshelf['log_directory']` + +: The directory in which log data is stored. The default value is the + recommended value. + + Default value: `/var/log/opscode/bookshelf`. + +`bookshelf['log_rotation']` + +: The log rotation policy for this service. Log files are rotated when + they exceed `file_maxbytes`. The maximum number of log files in the + rotation is defined by `num_to_keep`. + + Default value: `{ 'file_maxbytes' => 104857600, 'num_to_keep' => 10 }` + +`bookshelf['port']` + +: The port on which the service is to listen. + + Default value: `4321`. + +`bookshelf['secret_access_key']` + +: Deprecated. Use `chef-server-ctl set-secret bookshelf secret_access_key` + from the [Secrets Management]({{< relref "/server/ctl_chef_server#secrets-management" >}}) + commands. + + The secret key. This may point at an external storage location, such + as Amazon EC2. See [AWS external bookshelf + settings]({{< relref "/server#aws-settings" >}}) for + more information on configuring external bookshelf. + + Default value: **generated**. + +`bookshelf['storage_type']` + +: Determines where cookbooks are stored. + + Default value: `:filesystem`. + + In instances that require cookbooks to be stored within a SQL + backend, such as in a high availability setup, you must set + `storage_type` to `:sql`: + + ```ruby + bookshelf['storage_type'] = :sql + ``` + +`bookshelf['stream_download']` + +: Enable stream downloading of cookbooks. This setting (when `true`) + typically results in improved cookbook download performance, + especially with the memory usage of the **bookshelf** service and + the behavior of load balancers and proxies in-between Chef Infra + Client and the Chef Infra Server. + + Default value: `true`. + +`bookshelf['sql_connection_user']` + +: The PostgreSQL user name in `'username@hostname'` format (e.g. + `'bookshelf@my_postgresql.postgres.database.azure.com'`), where + `username` would normally equal the value of `bookshelf['sql_user']` + (default: `'bookshelf'`). This setting is **required** in an + external Azure PostgreSQL database-as-a-service configuration. If + set to `nil`, Chef Infra Server assumes that the database is not on + Azure and the PostgreSQL connection will be made using the value + specified in `bookshelf['sql_user']`. + + Default value: `nil`. + +`bookshelf['vip']` + +: The virtual IP address. This may point at an external storage + location, such as Amazon EC2. See [AWS external bookshelf + settings]({{< relref "/server#aws-settings" >}}) for + more information on configuring external bookshelf. + + Default value: `127.0.0.1`. + +### bootstrap + +This configuration file has the following settings for `bootstrap`: + +`bootstrap['enable']` + +: Indicates whether an attempt to bootstrap the Chef Infra Server is + made. Generally only enabled on systems that have bootstrap enabled + via a `server` entry. + + Default value: `true`. + +### compliance forwarding + +The configuration file has the following settings for forwarding +`compliance` requests using the Chef Infra Server authentication system. + +`profiles['root_url']` + +: If set, any properly signed requests arriving at + `/organizations/ORGNAME/owners/OWNER/compliance` will be forwarded + to this URL. This is expected to be a fully qualified resource, e.g. + `http://compliance.example.org/owners/OWNER/compliance`. + +### dark_launch + +This configuration file has the following settings for `dark_launch`: + +`dark_launch['actions']` + +: Enable Chef actions. + + Default value: `true`. + +`dark_launch['add_type_and_bag_to_items']` + +: Default value: `true`. + +`dark_launch['new_theme']` + +: Default value: `true`. + +`dark_launch['private-chef']` + +: Default value: `true`. + +`dark_launch['quick_start']` + +: Default value: `false`. + +`dark_launch['reporting']` + +: Enable Reporting, which performs data collection during a Chef Infra + Client run. + + Default value: `true`. + +`dark_launch['sql_users']` + +: Default value: `true`. + +### data_collector + +This configuration file has the following settings for `data_collector`: + +`data_collector['root_url']` + +: The fully qualified URL to the data collector server API. When + present, it will enable the data collector in **opscode-erchef**. + This also enables Chef Infra Server authenticated forwarding any properly + signed requests arriving at `/organizations/ORGNAME/data-collector` + to this URL with the data collector token appended. This is also + target for requests authenticated and forwarded by the + `/organizations/ORGNAME/data-collector` endpoint. For the forwarding + to work correctly the `data_collector['token']` field must also be + set. For example, if the data collector in Chef Automate is being + used, the URI would look like: + `http://my_automate_server.example.org/data-collector/v0/`. + +`data_collector['proxy']` + +: If set to `true`, Chef Infra Server will proxy all requests sent to + `/data-collector` to the configured Chef Automate + `data_collector['root_url']`. Note that *this route* does not check + the request signature and add the right data_collector token, but + just proxies the Chef Automate endpoint **as-is**. + + Default value: `nil`. + +`data_collector['token']` + +: Deprecated. Use `chef-server-ctl set-secret data_collector token` from + the [Secrets Management]({{< relref "/server/ctl_chef_server#secrets-management" >}}) + commands. + + Legacy configuration for shared data collector security token. When + configured, the token will be passed as an HTTP header named + `x-data-collector-token` which the server can choose to accept or + reject. + +`data_collector['timeout']` + +: The amount of time (in milliseconds) before a request to the data + collector API times out. + + Default value: `30000`. + +`data_collector['http_init_count']` + +: The initial worker count for the HTTP connection pool that is used + by the data collector. + + Default value: `25`. + +`data_collector['http_max_count']` + +: The maximum worker count for the HTTP connection pool that is used + by the data collector. + + Default value: `100`. + +`data_collector['http_max_age']` + +: The maximum connection worker age (in seconds) for the HTTP + connection pool that is used by the data collector. + + Default value: `{70, sec}`. + +`data_collector['http_cull_interval']` + +: The maximum cull interval (in minutes) for the HTTP connection pool + that is used by the data collector. + + Default value: `{1, min}`. + +`data_collector['http_max_connection_duration']` + +: The maximum connection duration (in seconds) for the HTTP connection + pool that is used by the data collector. + + Default value: `"{70, sec}"`. + +`data_collector['ibrowse_options']` + +: An array of comma-separated key-value pairs of ibrowse options for + the HTTP connection pool that is used by the data collector. + + Default value: `[{connect_timeout, 10000}]`. + +`data_collector['health_check']` + +: A boolean that controls whether the data collector health is + included in the overall health at the `_status` endpoint. When set + to `true`, Chef Infra Server will report that healthy front end Chef + HA cluster members have failed when the `data_collector['root_url']` + cannot be reached. As a result, the load balancer + will remove those members from the load balancer pool. + + Default value: `true`. + +### estatsd + +This configuration file has the following settings for `estatsd`: + +`estatsd['dir']` + +: The working directory. The default value is the recommended value. + + Default value: `'/var/opt/opscode/estatsd'`. + +`estatsd['enable']` + +: Enable a service. + + Default value: `true`. + +`estatsd['log_directory']` + +: The directory in which log data is stored. The default value is the + recommended value. + + Default value: `'/var/log/opscode/estatsd'`. + +`estatsd['port']` + +: The port on which the service is to listen. + + Default value: `9466`. + +`estatsd['protocol']` + +: Use to send application statistics with StatsD protocol formatting. + Set this value to `statsd` to apply StatsD protocol formatting. + +`estatsd['vip']` + +: The virtual IP address. + + Default value: `'127.0.0.1'`. + +### jetty + +This configuration file has the following settings for `jetty`: + +`jetty['enable']` + +: **Setting EOL in Chef Infra Server 14.** + + Enable a service. This value should not be modified. + + Default value: `'false'` + +`jetty['log_directory']` + +: **Setting EOL in Chef Infra Server 14.** + + The directory in which log data is stored. The default value is the + recommended value. + + Default value: `'/var/opt/opscode/opscode-solr4/jetty/logs'` + +### lb / lb_internal + +This configuration file has the following settings for `lb`: + +`lb['api_fqdn']` + +: The FQDN for the Chef Infra Server. FQDNs must always be in lowercase. + + Default value: `node['fqdn']`. + +`lb['ban_refresh_interval']` + +: Default value: `600`. + +`lb['bookshelf']` + +: Default value: `127.0.0.1`. + +`lb['cache_cookbook_files']` + +: Default value: `false`. + +`lb['chef_max_version']` + +: The maximum version of Chef Infra Client that is allowed to access + the Chef Infra Server via the Chef Infra Server API. + + Default value: `11`. + +`lb['chef_min_version']` + +: The minimum version of Chef Infra Client that is allowed to access + the Chef Infra Server via the Chef Infra Server API. + + Default value: `10`. + +`lb['chef_server_webui']` + +: Default value: `127.0.0.1`. + +`lb['debug']` + +: Default value: `false`. + +`lb['enable']` + +: Enable a service. + + Default value: `true`. + +`lb['erchef']` + +: Default value: `127.0.0.1`. + +`lb['maint_refresh_interval']` + +: Default value: `600`. + +`lb['redis_connection_pool_size']` + +: Default value: `250`. + +`lb['redis_connection_timeout']` + +: The amount of time (in milliseconds) to wait before timing out. + + Default value: `1000`. + +`lb['redis_keepalive_timeout']` + +: The amount of time (in milliseconds) to wait before timing out. + + Default value: `2000`. + +`lb['upstream']['bookshelf']` + +: The default value is the recommended value. + + Default value: `[ '127.0.0.1' ]`. + +`lb['upstream']['oc_bifrost']` + +: The default value is the recommended value. + + Default value: `[ '127.0.0.1' ]`. + +`lb['upstream']['opscode_erchef']` + +: The default value is the recommended value. + + Default value: `[ '127.0.0.1' ]`. + +`lb['upstream']['opscode_solr4']` + +: The default value is the recommended value. + + Default value: `[ '127.0.0.1' ]`. + +`lb['vip']` + +: The virtual IP address. + + Default value: `127.0.0.1`. + +`lb['web_ui_fqdn']` + +: FQDNs must always be in lowercase. + + Default value: `node['fqdn']`. + +`lb['xdl_defaults']['503_mode']` + +: The default value is the recommended value. + + Default value: `false`. + +`lb['xdl_defaults']['couchdb_acls']` + +: The default value is the recommended value. + + Default value: `true`. + +`lb['xdl_defaults']['couchdb_association_requests']` + +: The default value is the recommended value. + + Default value: `true`. + +`lb['xdl_defaults']['couchdb_associations']` + +: The default value is the recommended value. + + Default value: `true`. + +`lb['xdl_defaults']['couchdb_containers']` + +: The default value is the recommended value. + + Default value: `true`. + +`lb['xdl_defaults']['couchdb_groups']` + +: The default value is the recommended value. + + Default value: `true`. + +`lb['xdl_defaults']['couchdb_organizations']` + +: The default value is the recommended value. + + Default value: `true`. + +And for the internal load balancers: + +`lb_internal['account_port']` + +: Default value: `9685`. + +`lb_internal['chef_port']` + +: Default value: `9680`. + +`lb_internal['enable']` + +: Default value: `true`. + +`lb_internal['oc_bifrost_port']` + +: Default value: `9683`. + +`lb_internal['vip']` + +: The virtual IP address. + + Default value: `'127.0.0.1'`. + +### ldap + +{{< warning >}} + +The following settings **MUST** be in the config file for LDAP +authentication to Active Directory to work: + +- `base_dn` +- `bind_dn` +- `group_dn` +- `host` + +If those settings are missing, you will get authentication errors and be +unable to proceed. + +{{< /warning >}} + +This configuration file has the following settings for `ldap`: + +`ldap['base_dn']` + +: The root LDAP node under which all other nodes exist in the + directory structure. For Active Directory, this is typically + `cn=users` and then the domain. For example: + + ```ruby + 'OU=Employees,OU=Domain users,DC=example,DC=com' + ``` + + Default value: `nil`. + +`ldap['bind_dn']` + +: The distinguished name used to bind to the LDAP server. The user the + Chef Infra Server will use to perform LDAP searches. This is often + the administrator or manager user. This user needs to have read + access to all LDAP users that require authentication. The Chef Infra + Server must do an LDAP search before any user can log in. Many + Active Directory and LDAP systems do not allow an anonymous bind. If + anonymous bind is allowed, leave the `bind_dn` and `bind_password` + settings blank. If anonymous bind is not allowed, a user with `READ` + access to the directory is required. This user must be specified as + an LDAP distinguished name similar to: + + ```ruby + 'CN=user,OU=Employees,OU=Domainuser,DC=example,DC=com' + ``` + + {{< note >}} + + If you need to escape characters in a distinguished name, such as + when using Active Directory, they must be [escaped with a backslash + escape character](https://social.technet.microsoft.com/wiki/contents/articles/5312.active-directory-characters-to-escape.aspx). + + ```ruby + 'CN=example\\user,OU=Employees,OU=Domainuser,DC=example,DC=com' + ``` + + {{< /note >}} + + Default value: `nil`. + +`ldap['bind_password']` + +: Deprecated. Use `chef-server-ctl set-secret ldap bind_password` from the + [Secrets Management](/ctl_chef_server.html#ctl-chef-server-secrets-management) + commands. + + Legacy configuration for the password of the binding user. The + password for the user specified by `ldap['bind_dn']`. Leave this + value and `ldap['bind_dn']` unset if anonymous bind is sufficient. + + Default value: `nil`. + + ```bash + chef-server-ctl set-secret ldap bind_password + Enter ldap bind_password: (no terminal output) + Re-enter ldap bind_password: (no terminal output) + ``` + + Remove a set password via + + ```bash + chef-server-ctl remove-secret ldap bind_password + ``` + +`ldap['group_dn']` + +: The distinguished name for a group. When set to the distinguished + name of a group, only members of that group can log in. This feature + filters based on the `memberOf` attribute and only works with LDAP + servers that provide such an attribute. In OpenLDAP, the `memberOf` + overlay provides this attribute. For example, if the value of the + `memberOf` attribute is `CN=abcxyz,OU=users,DC=company,DC=com`, then + use: + + ```ruby + ldap['group_dn'] = 'CN=abcxyz,OU=users,DC=company,DC=com' + ``` + +`ldap['host']` + +: The name (or IP address) of the LDAP server. The hostname of the + LDAP or Active Directory server. Be sure the Chef Infra Server is + able to resolve any host names. + + Default value: `ldap-server-host`. + +`ldap['login_attribute']` + +: The LDAP attribute that holds the user's login name. Use to specify + the Chef Infra Server user name for an LDAP user. + + Default value: `sAMAccountName`. + +`ldap['port']` + +: An integer that specifies the port on which the LDAP server listens. + The default value is an appropriate value for most configurations. + + Default value: `389` or `636` when `ldap['encryption']` is set to + `:simple_tls`. + +`ldap['ssl_enabled']` + +: Cause the Chef Infra Server to connect to the LDAP server using SSL. + Must be `false` when `ldap['tls_enabled']` is `true`. + + Default value: `false`. + + {{< note >}} + + Enable SSL for Active Directory. + + {{< /note >}} + + {{< note >}} + + Previous versions of Chef Infra Server used the + `ldap['ssl_enabled']` setting to first enable SSL, and then the + `ldap['encryption']` setting to specify the encryption type. These + settings are deprecated. + + {{< /note >}} + +`ldap['system_adjective']` + +: A descriptive name for the login system that is displayed to users + in the Chef Infra Server management console. If a value like + "corporate" is used, then the Chef management console user interface + will display strings like "the corporate login server", "corporate + login", or "corporate password." + + Default value: `AD/LDAP`. + + {{< warning >}} + + This setting is **not** used by the Chef Infra Server. It is used + only by the Chef management console. + + {{< /warning >}} + +`ldap['timeout']` + +: The amount of time (in seconds) to wait before timing out. + + Default value: `60000`. + +`ldap['tls_enabled']` + +: Enable TLS. When enabled, communication with the LDAP server is done + via a secure SSL connection on a dedicated port. When `true`, + `ldap['port']` is also set to `636`. Must be `false` when `ldap['ssl_enabled']` is `true`. + + Default value: `false`. + + {{< note >}} + + Previous versions of Chef Infra Server used the + `ldap['ssl_enabled']` setting to first enable SSL, and then the + `ldap['encryption']` setting to specify the encryption type. These + settings are deprecated. + + {{< /note >}} + +### nginx + +This configuration file has the following settings for `nginx`: + +`nginx['cache_max_size']` + +: The `max_size` parameter used by the Nginx cache manager, which is + part of the `proxy_cache_path` directive. When the size of file + storage exceeds this value, the Nginx cache manager removes the + least recently used data. + + Default value: `5000m`. + +`nginx['client_max_body_size']` + +: The maximum accepted body size for a client request, as indicated by + the `Content-Length` request header. + + Default value: `250m`. + +`nginx['dir']` + +: The working directory. The default value is the recommended value. + + Default value: `/var/opt/opscode/nginx`. + +`nginx['enable']` + +: Enable a service. + + Default value: `true`. + +`nginx['enable_ipv6']` + +: Enable Internet Protocol version 6 (IPv6) addresses. + + Default value: `false`. + +`nginx['enable_non_ssl']` + +: Allow port 80 redirects to port 443. Set to + `true`, to enable SSL termination by the front-end hardware load balancers for WebUI and API endpoints. + + Default value: `false`. + +{{< note >}} +Chef Infra Server versions earlier than 14.5 configured with `nginx['enable_non_ssl'] = false` and `fips = true` require `export CSC_LB_URL=https://127.0.0.1` to run the command `chef-server-ctl reindex ` +{{< /note >}} + +`nginx['enable_stub_status']` + +: Enables the Nginx `stub_status` module. See + `nginx['stub_status']['allow_list']`, + `nginx['stub_status']['listen_host']`, + `nginx['stub_status']['listen_port']`, and + `nginx['stub_status']['location']`. + + Default value: `true`. + +`nginx['gzip']` + +: Enable gzip compression. + + Default value: `on`. + +`nginx['gzip_comp_level']` + +: The compression level used with gzip, from least amount of + compression (`1`, fastest) to the most (`2`, slowest). + + Default value: `2`. + +`nginx['gzip_http_version']` + +: Enable gzip depending on the version of the HTTP request. + + Default value: `1.0`. + +`nginx['gzip_proxied']` + +: The type of compression used based on the request and response. + + Default value: `any`. + +`nginx['gzip_types']` + +: Enable compression for the specified MIME-types. + + Default value: + + ```ruby + [ 'text/plain', + 'text/css', + 'application/x-javascript', + 'text/xml', 'application/xml', + 'application/xml+rss', + 'text/javascript', + 'application/json' + ] + ``` + +`nginx['hsts_max_age']` + +: Time duration in seconds till which the browser caches the `HSTS` information. + + Possible values: greater than or equal to `31536000` and less than or equal to `63072000`. + + Default value: `31536000` (1 year). + + **New in Chef Infra Server 14.3** + +`nginx['keepalive_timeout']` + +: The amount of time (in seconds) to wait for requests on a HTTP + keepalive connection. + + Default value: `65`. + +`nginx['log_directory']` + +: The directory in which log data is stored. The default value is the + recommended value. + + Default value: `/var/log/opscode/nginx`. + +`nginx['log_rotation']` + +: The log rotation policy for this service. Log files are rotated when + they exceed `file_maxbytes`. The maximum number of log files in the + rotation is defined by `num_to_keep`. + + Default value: `{ 'file_maxbytes' => 104857600, 'num_to_keep' => 10 }` + +`nginx['log_x_forwarded_for']` + +: Log \$http_x_forwarded_for ("X-Forwarded-For") instead of + \$remote_addr if `true`. + + Default value `false`. + +`nginx['nginx_no_root']` + +: Whether the `nginx` processes, including the `master` process, should not + run as the `root` user on a system and will instead run as `user['username']` (defaults to `opscode`). + **REQUIRES** that `nginx['ssl_port']` and `nginx['non_ssl_port']` options are configured to non-privileged + ports greater than `1024` or that the local system is otherwise allowed to bind to privileged ports + with the user `user['username']`. + + Possible values: `true`, `false`. + + Default value: `false`. + + **New in Chef Infra Server 14.10** + +`nginx['non_ssl_port']` + +: The port on which the WebUI and API are bound for non-SSL + connections. + + Default value: `80`. Use `nginx['enable_non_ssl']` to + enable or disable SSL redirects on this port number. Set to `false` + to disable non-SSL connections. + +`nginx['sendfile']` + +: Copy data between file descriptors when `sendfile()` is used. + + Default value: `on`. + +`nginx['server_name']` + +: The FQDN for the server. FQDNs must always be in lowercase. + + Default value: `node['fqdn']`. + +`nginx['ssl_certificate']` + +: The SSL certificate used to verify communication over HTTPS. + + Default value: `nil`. + +`nginx['ssl_certificate_key']` + +: The certificate key used for SSL communication. + + Default value: `nil`. + +`nginx['ssl_ciphers']` + +: The list of supported cipher suites that are used to establish a + secure connection. To favor AES256 with ECDHE forward security, drop + the `RC4-SHA:RC4-MD5:RC4:RSA` prefix. See [this + link](https://www.openssl.org/docs/man1.1.1/man1/ciphers.html) for more + information. For example: + + ```ruby + nginx['ssl_ciphers'] = HIGH: ... :!PSK + ``` + +`nginx['ssl_company_name']` + +: The name of your company. + + Default value: `YouCorp`. + +`nginx['ssl_country_name']` + +: The country in which your company is located. + + Default value: `US`. + +`nginx['ssl_email_address']` + +: The default email address for your company. + + Default value: `you@example.com`. + +`nginx['ssl_locality_name']` + +: The city in which your company is located. + + Default value: `Seattle`. + +`nginx['ssl_organizational_unit_name']` + +: The organization or group within your company that is running the + Chef Infra Server. + + Default value: `Operations`. + +`nginx['ssl_port']` + +: Default value: `443`. + +`nginx['ssl_protocols']` + +: The SSL protocol versions that are enabled for the Chef Infra Server API. + Starting with Chef Infra Server 14.3, this value defaults to `'TLSv1.2'` for + enhanced security. Previous releases defaulted to `'TLSv1 TLSv1.1 TLSv1.2'`, + which allowed for less secure SSL connections. TLS 1.2 is supported on + Chef Infra Client 10.16.4 and later on Linux, Unix, and macOS, and on Chef + Infra Client 12.8 and later on Windows. If it is necessary to support these older end-of-life + Chef Infra Client releases, set this value to `'TLSv1.1 TLSv1.2'`. + + ```ruby + nginx['ssl_protocols'] = 'TLSv1.2' + ``` + + Default value: `TLSv1.2`. + +`nginx['ssl_state_name']` + +: The state, province, or region in which your company is located. + + Default value: `WA`. + +`nginx['strict_host_header']` + +: Whether nginx should only respond to requests where the Host header + matches one of the configured FQDNs. + + Default value: `false`. + +`nginx['stub_status']['allow_list']` + +: The IP address on which accessing the `stub_status` endpoint is + allowed. + + Default value: `["127.0.0.1"]`. + +`nginx['stub_status']['listen_host']` + +: The host on which the Nginx `stub_status` module listens. + + Default value: `"127.0.0.1"`. + +`nginx['stub_status']['listen_port']` + +: The port on which the Nginx `stub_status` module listens. + + Default value: `"9999"`. + +`nginx['stub_status']['location']` + +: The name of the Nginx `stub_status` endpoint used to access data + generated by the Nginx `stub_status` module. + + Default value: `"/nginx_status"`. + +`nginx['tcp_nodelay']` + +: Enable the Nagle buffering algorithm. + + Default value: `on`. + +`nginx['tcp_nopush']` + +: Enable TCP/IP transactions. + + Default value: `on`. + +`nginx["time_format"]` + +: The time format of nginx `access.log`. + + **New in Chef Infra Server 14.1** + + Possible values: + + - `"time_iso8601"` (ex: [2020-10-21T07:22:00+00:00]) + - `"time_local"` (ex: [07/Jun/2018:01:05:11 +0900]). + + Default value: `"time_iso8601"`. + +`nginx['url']` + +: Default value: `https://#{node['fqdn']}`. + +`nginx['use_implicit_hosts']` + +: Automatically add `localhost` and any + local IP addresses to the configured FQDNs. Useful in combination + with `nginx['strict_host_header']`. + + Default value: `true`. + +`nginx['show_welcome_page']` + +: Determines whether or not the default nginx welcome page is shown. + + Default value: `true`. + +`nginx['worker_connections']` + +: The maximum number of simultaneous clients. Use with + `nginx['worker_processes']` to determine the maximum number of + allowed clients. + + Default value: `10240`. + +`nginx['worker_processes']` + +: The number of allowed worker processes. Use with + `nginx['worker_connections']` to determine the maximum number of + allowed clients. + + Default value: `node['cpu']['total'].to_i`. + +`nginx['x_forwarded_proto']` + +: The protocol used to connect to the server by a Chef Infra Client or a workstation. + + Possible values: `http`, `https`. + + Default value: `'https'`. + +### oc_bifrost + +{{< readfile file="content/server/reusable/md/server_services_bifrost.md" >}} + +This configuration file has the following settings for `oc_bifrost`: + +`oc_bifrost['db_pool_size']` + +: The number of open connections to PostgreSQL that are maintained by + the service. This value should be increased if failures indicate + that the **oc_bifrost** service ran out of connections. This value + should be tuned in conjunction with the + `postgresql['max_connections']` setting for PostgreSQL. + + Default value: `20`. + +`oc_bifrost['dir']` + +: The working directory. The default value is the recommended value. + + Default value: `/var/opt/opscode/oc_bifrost`. + +`oc_bifrost['enable']` + +: Enable a service. + + Default value: `true`. + +`oc_bifrost['enable_request_logging']` + +: Use to configure request logging for the `oc_bifrost` service. + + Default value: `true`. + +`oc_bifrost['extended_perf_log']` + +: Default value: `true`. + +`oc_bifrost['listen']` + +: The IP address on which the service is to listen. + + Default value: `'127.0.0.1'`. + +`oc_bifrost['log_directory']` + +: The directory in which log data is stored. The default value is the + recommended value. + + Default value: `/var/log/opscode/oc_bifrost`. + +`oc_bifrost['log_rotation']` + +: The log rotation policy for this service. Log files are rotated when + they exceed `file_maxbytes`. The maximum number of log files in the + rotation is defined by `num_to_keep`. + + Default value: `{ 'file_maxbytes' => 104857600, 'num_to_keep' => 10 }` + +`oc_bifrost['port']` + +: The port on which the service is to listen. + + Default value: `9463`. + +`oc_bifrost['sql_connection_user']` + +: The PostgreSQL user name in `'username@hostname'` format (e.g. + `'bifrost@my_postgresql.postgres.database.azure.com'`), where + `username` would normally equal the value of + `oc_bifrost['sql_user']` (default: `'bifrost'`). This setting is + **required** in an external Azure PostgreSQL database-as-a-service + configuration. If set to `nil`, Chef Infra Server assumes that the + database is not on Azure and the PostgreSQL connection will be made + using the value specified in `oc_bifrost['sql_user']`. + + Default value: `nil`. + +`oc_bifrost['sql_password']` + +: The password for the `sql_user`. + + Default value: **generated**. + + To override the default value, use the [Secrets + Management]({{< relref "/server/ctl_chef_server#secrets-management" >}}) + command: `chef-server-ctl set-secret oc_bifrost sql_password`. + +`oc_bifrost['sql_ro_password']` + +: The password for the `sql_ro_user`. + + Default value: **generated**. + + To override the default value, use the [Secrets + Management]({{< relref "/server/ctl_chef_server#secrets-management" >}}) + command: `chef-server-ctl set-secret oc_bifrost sql_ro_password`. + +`oc_bifrost['sql_ro_user']` + +: Default value: `'bifrost_ro'`. + +`oc_bifrost['sql_user']` + +: The user with permission to publish data. + + Default value: `'bifrost'`. + +`oc_bifrost['superuser_id']` + +: Default value: **generated**. + +`oc_bifrost['vip']` + +: The virtual IP address. + + Default value: `'127.0.0.1'`. + +### oc_chef_authz + +The **opscode-authz** service is used to handle authorization requests +from oc_erchef to oc_bifrost in the Chef Infra Server. + +This configuration file has the following settings for `oc_chef_authz`: + +`oc_chef_authz['http_cull_interval']` + +: Default value: `'{1, min}'`. + +`oc_chef_authz['http_init_count']` + +: Default value: `25`. + +`oc_chef_authz['http_max_age']` + +: Default value: `'{70, sec}'`. + +`oc_chef_authz['http_max_connection_duration']` + +: Default value: `'{70, sec}'`. + +`oc_chef_authz['http_max_count']` + +: Default value: `100`. + +`oc_chef_authz['ibrowse_options']` + +: The amount of time (in milliseconds) to wait for a connection to be + established. + + Default value: `'[{connect_timeout, 5000}]'`. + +`oc_chef_authz['max_connection_request_limit']` + +: The maximum number of requests allowed per connection. + + Default value: `100`. + + **New in Chef Infra Client 14.11** + +### oc-chef-pedant + +This configuration file has the following settings for `oc-chef-pedant`: + +`oc_chef_pedant['debug_org_creation']` + +: Run tests with full output. + + Default value: `false`. + +`oc_chef_pedant['dir']` + +: The working directory. The default value is the recommended value. + + Default value: `'/var/opt/opscode/oc-chef-pedant'`. + +`oc_chef_pedant['log_directory']` + +: The directory in which log data is stored. The default value is the + recommended value. + + Default value: `'/var/log/opscode/oc-chef-pedant'` + +`oc_chef_pedant['log_http_requests']` + +: Log HTTP requests in a file named `http-traffic.log` that is located + in the path specified by `log_directory`. + + Default value: `true`. + +`oc_chef_pedant['log_rotation']` + +: The log rotation policy for this service. Log files are rotated when + they exceed `file_maxbytes`. The maximum number of log files in the + rotation is defined by `num_to_keep`. + + Default value: `{ 'file_maxbytes' => 104857600, 'num_to_keep' => 10 }`. + +### oc-id + +{{< readfile file="content/server/reusable/md/server_services_oc_id.md" >}} + +This configuration file has the following settings for `oc-id`: + +`oc_id['administrators']` + +: An array of Chef Infra Server user names who may add applications to + the identity service. For example, `['user1', 'user2']`. + + Default value: `[ ]`. + +`oc_id['applications']` + +: A Hash that contains OAuth 2 application information. + + Default value: `{ }`. + + {{< readfile file="content/server/reusable/md/config_ocid_application_hash_supermarket.md" >}} + +`oc_id['db_pool_size']` + +: The number of open connections to PostgreSQL that are maintained by + the service. + + Default value: `'20'`. + +`oc_id['dir']` + +: The working directory. The default value is the recommended value. + + Default value: none. + +`oc_id['enable']` + +: Enable a service. + + Default value: `true`. + +`oc_id['email_from_address']` + +: Outbound email address. + + Defaults to the `'from_email'` value. + +`oc_id['enable_onetrust']` + +: Whether to enable OneTrust cookie consent verification. + + Default value: `false`. + + **New in Chef Infra Server 15.9.19** + +`oc_id['log_directory']` + +: The directory in which log data is stored. The default value is the + recommended value. + + Default value: `'/var/opt/opscode/oc_id'`. + +`oc_id['log_rotation']` + +: The log rotation policy for this service. Log files are rotated when + they exceed `file_maxbytes`. The maximum number of log files in the + rotation is defined by `num_to_keep`. + + Default value: `{ 'file_maxbytes' => 104857600, 'num_to_keep' => 10 }` + +`oc_id['origin']` + +: The FQDN for the server that is sending outbound email. FQDNs must + always be in lowercase. + + Defaults to the `'api_fqdn'` value, which is the FQDN for the Chef Infra Server. + +`oc_id['num_to_keep']` + +: The number of log files to keep. + + Default value: `10`. + +`oc_id['port']` + +: The port on which the service is to listen. + + Default value: `9090`. + +`oc_id['sql_connection_user']` + +: The PostgreSQL user name in `'username@hostname'` format (e.g. + `'oc_id@my_postgresql.postgres.database.azure.com'`), where + `username` would normally equal the value of `oc_id['sql_user']` + (default: `'od_id'`). This setting is **required** in an external + Azure PostgreSQL database-as-a-service configuration. If set to + `nil`, Chef Infra Server assumes that the database is not on Azure + and the PostgreSQL connection will be made using the value specified + in `oc_id['sql_user']`. + + Default value: `nil`. + +`oc_id['sql_database']` + +: The name of the database. + + Default value: `oc_id`. + +`oc_id['sql_password']` + +: The password for the `sql_user`. + + Default value: **generated**. + + To override the default value, use the [Secrets + Management]({{< relref "/server/ctl_chef_server#secrets-management" >}}) + command: `chef-server-ctl set-secret oc_id sql_password`. + +`oc_id['sql_user']` + +: The user with permission to write to `sql_database`. + + Default value: `oc_id`. + +`oc_id['vip']` + +: The virtual IP address. + + Default value: `'127.0.0.1'`. + +### opscode-chef-mover + +This configuration file has the following settings for +`opscode-chef-mover`: + +`opscode_chef_mover['bulk_fetch_batch_size']` + +: **Setting EOL in Chef Infra Server 14.** + + Default value: `'5'`. + +`opscode_chef_mover['cache_ttl']` + +: **Setting EOL in Chef Infra Server 14.** + + Default value: `'3600'`. + +`opscode_chef_mover['db_pool_size']` + +: **Setting EOL in Chef Infra Server 14.** + + The number of open connections to PostgreSQL that are maintained by + the service. + + Default value: `'5'`. + +`opscode_chef_mover['data_dir']` + +: **Setting EOL in Chef Infra Server 14.** + + The directory in which on-disk data is stored. The default value is + the recommended value. + + Default value: `'/var/opt/opscode/opscode-chef-mover/data'` + +`opscode_chef_mover['dir']` + +: **Setting EOL in Chef Infra Server 14.** + + The working directory. The default value is the recommended value. + + Default value: `'/var/opt/opscode/opscode-chef-mover'`. + +`opscode_chef_mover['enable']` + +: **Setting EOL in Chef Infra Server 14.** + + Enable a service. + + Default value: `true`. + +`opscode_chef_mover['ibrowse_max_pipeline_size']` + +: **Setting EOL in Chef Infra Server 14.** + + Default value: `1`. + +`opscode_chef_mover['ibrowse_max_sessions']` + +: **Setting EOL in Chef Infra Server 14.** + + Default value: `256`. + +`opscode_chef_mover['log_directory']` + +: The directory in which log data is stored. The default value is the + recommended value. Default value: + + ```ruby + '/var/log/opscode/opscode-chef-mover' + ``` + +`opscode_chef_mover['log_rotation']` + +: The log rotation policy for this service. Log files are rotated when + they exceed `file_maxbytes`. The maximum number of log files in the + rotation is defined by `num_to_keep`. Default value: + + ```ruby + { 'file_maxbytes' => 104857600, 'num_to_keep' => 10 } + ``` + +`opscode_chef_mover['max_cache_size']` + +: **Setting EOL in Chef Infra Server 14.** + + Default value: `'10000'`. + +`opscode_chef_mover['solr_http_cull_interval']` + +: **Setting EOL in Chef Infra Server 14.** + + Default value: `'{1, min}'`. + +`opscode_chef_mover['solr_http_init_count']` + +: **Setting EOL in Chef Infra Server 14.** + + Default value: `25`. + +`opscode_chef_mover['solr_http_max_age']` + +: **Setting EOL in Chef Infra Server 14.** + + Default value: `'{70, sec}'`. + +`opscode_chef_mover['solr_http_max_connection_duration']` + +: **Setting EOL in Chef Infra Server 14.** + + Default value: `'{70, sec}'`. + +`opscode_chef_mover['solr_http_max_count']` + +: **Setting EOL in Chef Infra Server 14.** + + Default value: `100`. + +`opscode_chef_mover['solr_ibrowse_options']` + +: **Setting EOL in Chef Infra Server 14.** + + Default value: `'[{connect_timeout, 10000}]'`. + +`opscode_chef_mover['solr_timeout']` + +: **Setting EOL in Chef Infra Server 14.** + + Default value: `30000`. + +### opscode-erchef + +{{< readfile file="content/server/reusable/md/server_services_erchef.md" >}} + +This configuration file has the following settings for `opscode-erchef`: + +`opscode_erchef["allow_email_update_only_from_manage"]` + +: Set to `true`, users can only update their email from the Chef management console. + Set to `false`, users can update their email using knife and the Chef management console. + + Default value : `false`. + + **New in Chef Infra Server 14.5** + +`opscode_erchef['auth_skew']` + +: Default value: `900`. + +`opscode_erchef['authz_fanout']` + +: Default value: `20`. + +`opscode_erchef['authz_timeout']` + +: The amount of time (in seconds) before a request to the + **oc_bifrost** service times out. + + Default value: `2000`. + +`opscode_erchef['base_resource_url']` + +: The base URL to which the service is to return links to API + resources. Use `:host_header` to ensure the URL is derived from the + host header of the incoming HTTP request. + + Default value: `:host_header`. + +`opscode_erchef['bulk_fetch_batch_size']` + +: The number of nodes that may be deserialized. Currently only applies + to the `/search` endpoint in the Chef Infra Server API. The default + value is the recommended value. + + Default value: `5`. + +`opscode_erchef['cache_ttl']` + +: Default value: `3600`. + +`opscode_erchef['cbv_cache_enabled']` + +: Whether to enable cookbook version response caching. If you frequently see + very long response times from `cookbook_versions` when under load, this is worth enabling. + Enabling this makes it possible for a client to receive stale results. When a cookbook is updated + in place (without incrementing the version), and the old response has not expired from the cache, + the Infra Server will give the old response to the client. Subsequent client runs will receive the + updated response. + + Possible values: `true`, `false`. + + Default value: `false`. + + **New in Chef Infra Server 14.11** + +`opscode_erchef['cbv_cache_item_ttl']` + +: The maximum time in milliseconds that Chef Infra Server will keep any given cookbook version response in the cache when when `cbv_cache_enabled` is enabled. + + Default value: `30000`. + + {{< note >}} + Be careful if increasing this number - requests for a given set of cookbook versions will be stale if the resolved cookbook versions are updated before the cache entry times out. This will + not occur if you increment the version of a cookbook with every cookbook update, which is the recommended approach to updating cookbooks. + {{< /note >}} + +`opscode_erchef['cleanup_batch_size']` + +: Default value: `0`. + +`opscode_erchef['couchdb_max_conn']` + +: Default value: `'100'`. + +`opscode_erchef['db_pool_size']` + +: The number of open connections to PostgreSQL that are maintained by + the service. + + Default value: `20`. + +`opscode_erchef['depsolver_timeout']` + +: The amount of time (in milliseconds) to wait for cookbook dependency + problems to be solved. + + Default value: `'5000'`. + +`opscode_erchef['depsolver_worker_count']` + +: The number of Ruby processes for which cookbook dependency problems + are unsolved. Use the `pgrep -fl depselector` command to verify the + number of depsolver workers that are running. If you are seeing 503 + service unavailable errors, increase this value. + + Default value: `'5'`. + +`opscode_erchef['dir']` + +: The working directory. The default value is the recommended value. + + Default value: `/var/opt/opscode/opscode-erchef`. + +`opscode_erchef['enable']` + +: Enable a service. + + Default value: `true`. + +`opscode_erchef['enable_actionlog']` + +: Use to enable Chef actions, a premium feature of the Chef Infra + Server. + + Default value: `false`. + +`opscode_erchef['enable_request_logging']` + +: Use to configure request logging for the `opscode_erchef` service. + + Default value: `true`. + +`opscode_erchef['ibrowse_max_pipeline_size']` + +: Default value: `1`. + +`opscode_erchef['ibrowse_max_sessions']` + +: Default value: `256`. + +`opscode_erchef['enable_ibrowse_traces']` + +: Use to configure ibrowse logging for the `opscode_erchef` service. + + Default value: `false`. + + **New in Chef Infra Server 14.11** + +`opscode_erchef["include_version_in_status"]` + +: Set to `true` to include `server_version` as part of the `/_status` endpoint. + + Default value : `false`. + + **New in Chef Infra Server 14.1** + +`opscode_erchef['listen']` + +: The IP address on which the service is to listen. + + Default value: `127.0.0.1`. + +`opscode_erchef['log_directory']` + +: The directory in which log data is stored. The default value is the + recommended value. + + Default value: `/var/log/opscode/opscode-erchef`. + +`opscode_erchef['log_rotation']` + +: The log rotation policy for this service. Log files are rotated when + they exceed `file_maxbytes`. The maximum number of log files in the + rotation is defined by `num_to_keep`. + + Default value: `{ 'file_maxbytes' => 104857600, 'num_to_keep' => 10 }` + +`opscode_erchef['max_cache_size']` + +: Default value: `10000`. + +`opscode_erchef['max_request_size']` + +: When the request body size is greater than this value, a + `413 Request Entity Too Large` error is returned. + + Default value: `2000000`. + +`opscode_erchef['nginx_bookshelf_caching']` + +: Whether Nginx is used to cache cookbooks. When `:on`, Nginx serves + up the cached content instead of forwarding the request. + + Default value: `:off`. + +`opscode_erchef['port']` + +: The port on which the service is to listen. + + Default value: `8000`. + +`opscode_erchef['reindex_batch_size']` + +: The number of items to fetch from the database and send to the + search index at a time. + + Default value: `10`. + +`opscode_erchef['reindex_sleep_min_ms']` + +: The minimum number of milliseconds to sleep before retrying a failed + attempt to index an item. Retries are delayed a random number of + miliseconds between `reindex_sleep_min_ms` and + `reindex_sleep_max_ms`. Set both this and `reindex_sleep_max_ms` to + 0 to retry without delay. + + Default value: `500` + +`opscode_erchef['reindex_sleep_max_ms']` + +: The maximum number of milliseconds to sleep before retrying a failed + attempt to index an item. Retries are delayed a random number of + miliseconds between `reindex_sleep_min_ms` and + `reindex_sleep_max_ms`. Set both this and `reindex_sleep_min_ms` to + 0 to retry without delay. + + Default value: `2000` + +`opscode_erchef['reindex_item_retries']` + +: The number of times to retry sending an object for indexing in the + case of failure. + + Default value: `3` + +`opscode_erchef['root_metric_key']` + +: Default value: `chefAPI`. + +`opscode_erchef['s3_bucket']` + +: The name of the Amazon Simple Storage Service (S3) bucket. This may + point at external storage locations, such as Amazon EC2. See [AWS + external bookshelf + settings]({{< relref "/server#aws-settings" >}}) for + more information on configuring external bookshelf. + +`opscode_erchef['s3_parallel_ops_fanout']` + +: Default value: `20`. + +`opscode_erchef['s3_parallel_ops_timeout']` + +: Default value: `5000`. + +`opscode_erchef['s3_url_expiry_window_size']` + +: The frequency at which unique URLs are generated. This value may be + a specific amount of time, i.e. `15m` (fifteen minutes) or a + percentage of the value of `s3_url_ttl`, i.e. `10%`. + + Default value: `:off`. + +`opscode_erchef['s3_url_ttl']` + +: The amount of time (in seconds) before connections to the server + expire. If node bootstraps are timing out, increase this setting. + + Default value: `28800`. + +`opscode_erchef['s3_url_type']` + +: The URL style to use (`path` or `vhost`) when connecting to S3. + Mainly used to manually override the default setting. Note that + Amazon may eliminate path-style URLs on some or all S3 buckets + in the future. + + Default value: `vhost`. + + **New in Chef Infra Server 15.3** + +`opscode_erchef['search_auth_password']` + +: The OpenSearch password. + + Default value: `nil`. + + **New in Chef Infra Server 14.14.** + +`opscode_erchef['search_auth_username']` + +: The OpenSearch username. + + Default value: `opensearch_user`. + + **New in Chef Infra Server 14.14.** + +`opscode_erchef['search_provider']` + +: The search index provider. + + Default value: `elasticsearch`. + + **New in Chef Infra Server 14.14.** + +`opscode_erchef['search_queue_mode']` + +: The search index queue mode. + + Default value: `batch`. + + **New in Chef Infra Server 14.14.** + +`opscode_erchef['sql_connection_user']` + +: The PostgreSQL user name in `'username@hostname'` format (e.g. + `'opscode_chef@my_postgresql.postgres.database.azure.com'`), where + `username` would normally equal the value of + `opscode-erchef['sql_user']` (default: `'opscode_chef'`). This + setting is **required** in an external Azure PostgreSQL + database-as-a-service configuration. If set to `nil`, Chef Infra + Server assumes that the database is not on Azure and the PostgreSQL + connection will be made using the value specified in + `opscode_erchef['sql_user']`. + + Default value: `nil`. + +`opscode_erchef['strict_search_result_acls']` + +: {{< readfile file="content/server/reusable/md/settings_strict_search_result_acls.md" >}} + +`opscode_erchef['udp_socket_pool_size']` + +: Default value: `20`. + +`opscode_erchef['umask']` + +: Default value: `0022`. + +`opscode_erchef['validation_client_name']` + +: Default value: `chef-validator`. + +`opscode_erchef['vip']` + +: The virtual IP address. + + Default value: `127.0.0.1`. + + +### opscode-expander + +{{< readfile file="content/server/reusable/md/server_services_expander.md" >}} + +{{< note >}} + +opscode-expander settings are EOL in Chef Infra Server 14. + +{{< /note >}} + +This configuration file has the following settings for +`opscode-expander`: + +`opscode_expander['consumer_id']` + +: **Setting EOL in Chef Infra Server 14.** + + The identity of the consumer to which messages are published. + Default value: `default`. + +`opscode_expander['dir']` + +: **Setting EOL in Chef Infra Server 14.** + + The working directory. The default value is the recommended value. + Default value: + + ```ruby + /var/opt/opscode/opscode-expander + ``` + +`opscode_expander['enable']` + +: **Setting EOL in Chef Infra Server 14.** + + Enable a service. Default value: `true`. + +`opscode_expander['log_directory']` + +: **Setting EOL in Chef Infra Server 14.** + + The directory in which log data is stored. The default value is the + recommended value. Default value: + + ```ruby + /var/log/opscode/opscode-expander + ``` + +`opscode_expander['log_rotation']` + +: **Setting EOL in Chef Infra Server 14.** + + The log rotation policy for this service. Log files are rotated when + they exceed `file_maxbytes`. The maximum number of log files in the + rotation is defined by `num_to_keep`. Default value: + + ```ruby + { 'file_maxbytes' => 104857600, 'num_to_keep' => 10 } + ``` + +`opscode_expander['nodes']` + +: **Setting EOL in Chef Infra Server 14.** + + The number of allowed worker processes. Default value: `2`. + +`opscode_expander['reindexer_log_directory']` + +: **Setting EOL in Chef Infra Server 14.** + + The directory in which `opscode-expander-reindexer` logs files are + located. Default value: + + ```ruby + /var/log/opscode/opscode-expander-reindexer + ``` + +### opscode-solr4 + +{{< readfile file="content/server/reusable/md/server_services_solr4.md" >}} + +{{< note >}} + +opscode-solr4 settings are EOL in Chef Infra Server 14. + +{{< /note >}} + +This configuration file has the following settings for `opscode-solr4`: + +`opscode_solr4['auto_soft_commit']` + +: **Setting EOL in Chef Infra Server 14.** + + The maximum number of documents before a soft commit is triggered. + Default value: `1000`. + +`opscode_solr4['commit_interval']` + +: **Setting EOL in Chef Infra Server 14.** + + The frequency (in seconds) at which node objects are added to the + Apache Solr search index. This value should be tuned carefully. When + data is committed to the Apache Solr index, all incoming updates are + blocked. If the duration between updates is too short, it is + possible for the rate at which updates are asked to occur to be + faster than the rate at which objects can be actually committed. + Default value: `60000` (every 60 seconds). + +`opscode_solr4['data_dir']` + +: **Setting EOL in Chef Infra Server 14.** + + The directory in which on-disk data is stored. The default value is + the recommended value. Default value: + + ```ruby + /var/opt/opscode/opscode-solr4/data + ``` + +`opscode_solr4['dir']` + +: **Setting EOL in Chef Infra Server 14.** + + The working directory. The default value is the recommended value. + Default value: + + ```ruby + /var/opt/opscode/opscode-solr4 + ``` + +`opscode_solr4['enable']` + +: **Setting EOL in Chef Infra Server 14.** + + Enable a service. Default value: `true`. + +`opscode_solr4['heap_size']` + +: **Setting EOL in Chef Infra Server 14.** + + The amount of memory (in MBs) available to Apache Solr. If there is + not enough memory available, search queries made by nodes to Apache + Solr may fail. The amount of memory that must be available also + depends on the number of nodes in the organization, the frequency of + search queries, and other characteristics that are unique to each + organization. In general, as the number of nodes increases, so does + the amount of memory. The default value should work for many + organizations with fewer than 25 nodes. For an organization with + several hundred nodes, the amount of memory that is required often + exceeds 3GB. Default value: `nil`, which is equivalent to 25% of the + system memory or 1024 (MB, but this setting is specified as an + integer number of MB in EC11), whichever is smaller. + +`opscode_solr4['ip_address']` + +: **Setting EOL in Chef Infra Server 14.** + + The IP address for the machine on which Apache Solr is running. + Default value: `127.0.0.1`. + +`opscode_solr4['java_opts']` + +: **Setting EOL in Chef Infra Server 14.** + + A Hash of `JAVA_OPTS` environment variables to be set. + (`-XX:NewSize` is configured using the `new_size` setting.) Default + value: `' '` (empty). + +`opscode_solr4['log_directory']` + +: **Setting EOL in Chef Infra Server 14.** + + The directory in which log data is stored. The default value is the + recommended value. Default value: + + ```ruby + /var/log/opscode/opscode-solr4 + ``` + +`opscode_solr4['log_gc']` + +: Enable or disable GC logging. Default is `true`. + +`opscode_solr4['log_rotation']` + +: **Setting EOL in Chef Infra Server 14.** + + The log rotation policy for this service. Log files are rotated when + they exceed `file_maxbytes`. The maximum number of log files in the + rotation is defined by `num_to_keep`. Default value: + + ```ruby + { 'file_maxbytes' => 104857600, 'num_to_keep' => 10 } + ``` + +`opscode_solr4['max_commit_docs']` + +: **Setting EOL in Chef Infra Server 14.** + + The frequency (in documents) at which node objects are added to the + Apache Solr search index. This value should be tuned carefully. When + data is committed to the Apache Solr index, all incoming updates are + blocked. If the duration between updates is too short, it is + possible for the rate at which updates are asked to occur to be + faster than the rate at which objects can be actually committed. + Default value: `1000` (every 1000 documents). + +`opscode_solr4['max_field_length']` + +: **Setting EOL in Chef Infra Server 14.** + + The maximum field length (in number of tokens/terms). If a field + length exceeds this value, Apache Solr may not be able to complete + building the index. Default value: `100000` (increased from the + Apache Solr default value of `10000`). + +`opscode_solr4['max_merge_docs']` + +: **Setting EOL in Chef Infra Server 14.** + + The maximum number of index segments allowed before they are merged + into a single index. Default value: `2147483647`. + +`opscode_solr4['merge_factor']` + +: **Setting EOL in Chef Infra Server 14.** + + The maximum number of document updates that can be stored in memory + before being flushed and added to the current index segment. Default + value: `15`. + +`opscode_solr4['new_size']` + +: **Setting EOL in Chef Infra Server 14.** + + Configure the `-XX:NewSize` `JAVA_OPTS` environment variable. + Default value: `nil`. + +`opscode_solr4['poll_seconds']` + +: **Setting EOL in Chef Infra Server 14.** + + The frequency (in seconds) at which the secondary machine polls the + primary. Default value: `20`. + +`opscode_solr4['port']` + +: **Setting EOL in Chef Infra Server 14.** + + The port on which the service is to listen. Default value: `8983`. + +`opscode_solr4['ram_buffer_size']` + +: **Setting EOL in Chef Infra Server 14.** + + The size (in megabytes) of the RAM buffer. When document updates + exceed this amout, pending updates are flushed. Default value: + `100`. + +`opscode_solr4['url']` + +: **Setting EOL in Chef Infra Server 14.** + + Default value: `'http://localhost:8983/solr'`. + +`opscode_solr4['vip']` + +: **Setting EOL in Chef Infra Server 14.** + + The virtual IP address. Default value: `127.0.0.1`. + +### OpenSearch + +You can configure external OpenSearch starting in Chef Infra Server 14.14. + +The `chef-server.rb` file has the following settings for OpenSearch: + +`opensearch['enable']` + +: Enable the service. + + Default value: `true`. + +`opensearch['dir']` + +: The working directory. The default value is the recommended value. + + Default value: `/var/opt/opscode/opensearch` + +`opensearch['data_dir']` + +: The paths used to store data. + + Default value: `/var/opt/opscode/elasticsearch/data` + +`opensearch['enable_gc_log']` + +: Enable or disable GC logging. + + Default value: `false` + +`opensearch['heap_size']` + +: The amount of memory (in MBs) available to OpenSearch. If there is not enough memory available, search queries made by nodes to OpenSearch may fail. The amount of memory that must be available also depends on the number of nodes in the organization, the frequency of search queries, and other characteristics that are unique to each organization. In general, as the number of nodes increases, so does the amount of memory. The default value should work for many organizations with fewer than 25 nodes. For an organization with several hundred nodes, the amount of memory that is required often exceeds 3GB. + + Default value is 25% of the system memory or 1024 MB, whichever is greater. + + {{< note >}} + + If `heap_size` is also specified directly in `java_opts`, it will be ignored in favor of the chef-server.rb values or the defaults as calculated here. Only use chef-server.rb to set `heap_size`. It will raise an error if the system memory is less than 4 GB. This value is bounded between 1 GB - 28 GB. + + {{< /note >}} + +`opensearch['initial_cluster_join_timeout']` + +: Default value: `90` + +`opensearch['jvm_opts']` + +: Default values are set based on [JVM configuration options](https://github.com/elastic/elasticsearch/blob/6.8/distribution/src/config/jvm.options). + + {{< note >}} + + Each item in this list will be placed as is into the `java_opts` config file. Entries are set in chef-server.rb as: + + ```ruby + opensearch.jvm_opts = [ + "-xoption1", + "-xoption2", + ... + "optionN" + ] + ``` + + {{< /note >}} + +`opensearch['listen']` + +: The IP address for the machine on which Apache Solr is running. + + Default value: `127.0.0.1` + +`opensearch['log_directory']` + +: The directory in which log data is stored. The default value is the recommended value. + + Default value: `/var/log/opscode/opensearch` + +`opensearch['log_rotation']['file_maxbytes']` + +: The log rotation policy for this service. Log files are rotated when they exceed `file_maxbytes`. + + Default value: `104857600`. + +`opensearch['log_rotation']['num_to_keep']` + +: The log rotation policy for this service. `num_to_keep` specifies the maximum number of log files in the rotation. + + Default value: `10`. + +`opensearch['new_size']` + +: Defaults to the larger of 1/16th of the `heap_size` or 32 MB. + + {{< note >}} + + If `new_size` is also specified directly in `java_opts`, it will be ignored in favor of the chef-server.rb values or the defaults calculated here. Only use chef-server.rb to set `new_size`. + + {{< /note >}} + +`opensearch['plugins_directory']` + +: The default location of the plugins directory depends on which package you install. + + Default value: `/var/opt/opscode/opensearch/plugins` + +`opensearch['port']` + +: The port on which the service is listening. + + Default value: `9200` + +`opensearch['scripts_directory']` + +: The default location of the scripts directory depends on which package you install. + + Default value: `/var/opt/opscode/opensearch/scripts` + +`opensearch['temp_directory']` + +: By default, OpenSearch uses a private temporary directory that the startup script creates immediately below the system temporary directory. + + Default value: `/var/opt/opscode/opensearch/tmp` + + +`opensearch['vip']` + +: The virtual IP address for the machine on which Apache Solr is running. + + Default value: `127.0.0.1` + +### External OpenSearch + +`opensearch['external']` + +: Enable external `opensearch` service by setting to `true`. + + Default value: `false`. + +`opensearch['external_url']` + +: The external OpenSearch URL. Example: `http://127.0.0.1:9200`. + + Default value: `nil` + +{{< note >}} +Chef Infra Server supports OpenSearch only as an external indexing provider. You must provide values for `external` and `external_url` under this configuration. +{{< /note >}} + +### Elasticsearch + +This configuration file has the following settings for `elasticsearch`: + +`elasticsearch['enable']` + +: Enable a service. + + Default value: `true`. + +`elasticsearch['dir']` + +: The working directory. The default value is the recommended value. + + Default value: `/var/opt/opscode/elasticsearch` + +`elasticsearch['data_dir']` + +: The paths used to store data. + + Default value: `/var/opt/opscode/elasticsearch/data` + +`elasticsearch['plugins_directory']` + +: The default location of the plugins directory depends on which package you install. + + Default value: `/var/opt/opscode/elasticsearch/plugins` + +`elasticsearch['scripts_directory']` + +: The default location of the scripts directory depends on which package you install. + + Default value: `/var/opt/opscode/elasticsearch/scripts` + +`elasticsearch['temp_directory']` + +: By default, Elasticsearch uses a private temporary directory that the startup script creates immediately below the system temporary directory. + + Default value: `/var/opt/opscode/elasticsearch/tmp` + +`elasticsearch['log_directory']` + +: The directory in which log data is stored. The default value is the recommended value. + + Default value: `/var/log/opscode/elasticsearch` + +`elasticsearch['log_rotation']['file_maxbytes']` + +: The log rotation policy for this service. Log files are rotated when they exceed file_maxbytes. + + Default value for 'file_maxbytes': `104857600` + +`elasticsearch['log_rotation']['num_to_keep']` + +: The log rotation policy for this service. The maximum number of log files in the rotation is defined by num_to_keep. Default value for 'num_to_keep': => `10` + +`elasticsearch['vip']` + +: The virtual IP address for the machine on which Apache Solr is running. + + Default value: `127.0.0.1` + +`elasticsearch['listen']` + +: The IP address for the machine on which Apache Solr is running. + + Default value: `127.0.0.1` + +`elasticsearch['port']` + +: The port on which the service is to listen. + + Default value: `9200` + +`elasticsearch['enable_gc_log']` + +: Enable or disable GC logging. + + Default value: `false` + +`elasticsearch['initial_cluster_join_timeout']` + +: Default value: `90` + +`elasticsearch['jvm_opts']` + +: Default values are set based on [JVM configuration options](https://github.com/elastic/elasticsearch/blob/6.8/distribution/src/config/jvm.options). + +{{< note >}} + +Each item in this list will be placed as is into the java_opts config file. Entries are set in chef-server.rb as: + +```ruby + elasticsearch.jvm_opts = [ + "-xoption1", + "-xoption2", + ... + "optionN" + ] +``` + +{{< /note >}} + +`elasticsearch['heap_size']` + +: The amount of memory (in MBs) available to Elasticsearch. If there is not enough memory available, search queries made by nodes to Elasticsearch may fail. The amount of memory that must be available also depends on the number of nodes in the organization, the frequency of search queries, and other characteristics that are unique to each organization. In general, as the number of nodes increases, so does the amount of memory. The default value should work for many organizations with fewer than 25 nodes. For an organization with several hundred nodes, the amount of memory that is required often exceeds 3GB. + + Default value is is equivalent to 25% of the system memory or 1024 MB, whichever is greater. + +{{< note >}} + +If new_size or heap_size is also specified directly in java_opts, it will be ignored in favor of the chef-server.rb values or the defaults as calculated here. Only use chef-server.rb to set heap and new sizes. Learn more about [Elasticsearch heap-size](https://www.elastic.co/guide/en/elasticsearch/reference/current/heap-size.html). It will error out if the system memory is less than 4 GB. This value is bounded between 1 GB - 28 GB. + +{{< /note >}} + +`elasticsearch['new_size']` + +: Defaults to the larger of 1/16th the heap_size and 32 MB. + +{{< note >}} + +If new_size or heap_size is also specified directly in java_opts, it will be ignored in favor of the chef-server.rb values or the defaults as calculated here. Only use chef-server.rb to set heap and new sizes. Learn more about [Elasticsearch heap-size documentation](https://www.elastic.co/guide/en/elasticsearch/reference/current/heap-size.html). + +{{< /note >}} + +### postgresql + +{{< readfile file="content/server/reusable/md/server_services_postgresql.md" >}} + +This configuration file has the following settings for `postgresql`: + +`postgresql['checkpoint_completion_target']` + +: A completion percentage that is used to determine how quickly a + checkpoint should finish in relation to the completion status of the + next checkpoint. For example, if the value is `0.5`, then a + checkpoint attempts to finish before 50% of the next checkpoint is + done. + + Default value: `0.5`. + +`postgresql['checkpoint_segments']` + +: The maximum amount (in megabytes) between checkpoints in log file + segments. + + Default value: `3`. + +`postgresql['checkpoint_timeout']` + +: The amount of time (in minutes) between checkpoints. + + Default value: `5min`. + +`postgresql['checkpoint_warning']` + +: The frequency (in seconds) at which messages are sent to the server + log files if checkpoint segments are being filled faster than their + currently configured values. + + Default value: `30s`. + +`postgresql['data_dir']` + +: The directory in which on-disk data is stored. The default value is + the recommended value. + + Default value: `/var/opt/opscode/postgresql/#{node['private_chef']['postgresql']['version']}/data`. + +`postgresql['db_connection_superuser']` + +: The PostgreSQL superuser name in `'username@hostname'` format (e.g. + `'opscode_pgsql@my_postgresql.postgres.database.azure.com'`), where + `username` would normally equal the value of + `postgresql['db_superuser']` with any dashes replaced by + underscores. This setting is **required** in an external Azure + PostgreSQL database-as-a-service configuration. If set to `nil`, + Chef Infra Server assumes that the database is not on Azure and the + PostgreSQL connection will be made using the value specified in + `postgresql['db_superuser']`. + + Default value: `nil`. + +`postgresql['db_superuser']` + +: Default value: `opscode-pgsql`. If `username` is set, set + `db_superuser` to the same value. + +`postgresql['db_superuser_password']` + +: Password for the DB superuser. + + Default value: **generated**. + + To override the default value, use the [Secrets + Management]({{< relref "/server/ctl_chef_server#secrets-management" >}}) + command: `chef-server-ctl set-db-superuser-password`. + +`postgresql['dir']` + +: The working directory. The default value is the recommended value. + + Default value: `/var/opt/opscode/postgresql/#{node['private_chef']['postgresql']['version']}`. + +`postgresql['effective_cache_size']` + +: The size of the disk cache that is used for data files. + + Default value: 50% of available RAM. + +`postgresql['enable']` + +: Enable a service. + + Default value: `true`. + +`postgresql['home']` + +: The home directory for PostgreSQL. + + Default value: `/var/opt/opscode/postgresql`. + +`postgresql['keepalives_count']` + +: The maximum number of keepalive proves that should be sent before + dropping a connection. + + Default value: `2`. + +`postgresql['keepalives_idle']` + +: The amount of time (in seconds) a connection must remain idle before + keepalive probes will resume. + + Default value: `60`. + +`postgresql['keepalives_interval']` + +: The amount of time (in seconds) between probes. + + Default value: `15`. + +`postgresql['listen_address']` + +: The connection source to which PostgreSQL is to respond. + + Default value: `localhost`. + +`postgresql['log_directory']` + +: The directory in which log data is stored. The default value is the + recommended value. + + Default value: `/var/log/opscode/postgresql/#{node['private_chef']['postgresql']['version']}`. + +`postgresql['log_min_duration_statement']` + +: When to log a slow PostgreSQL query statement. + + Possible values: + + - `-1` (disabled, do not log any statements) + - `0` (log every statement) + - an integer greater than zero + + If set to an integer greater than zero, + this value is the amount of time (in milliseconds) that a query + statement must have run before it is logged. + + Default value: `-1`. + +`postgresql['log_rotation']` + +: The log rotation policy for this service. Log files are rotated when + they exceed `file_maxbytes`. The maximum number of log files in the + rotation is defined by `num_to_keep`. + + Default value: `{ 'file_maxbytes' => 104857600, 'num_to_keep' => 10 }` + +`postgresql['max_connections']` + +: The maximum number of allowed concurrent connections. + + Default value: `350`. + +`postgresql['md5_auth_cidr_addresses']` + +: Use instead of `trust_auth_cidr_addresses` to encrypt passwords + using MD5 hashes. + + Default value: `[ '127.0.0.1/32', '::1/128' ]`. + +`postgresql['port']` + +: The port on which the service is to listen. + + Default value: `5432`. + +`postgresql['shared_buffers']` + +: The amount of memory that is dedicated to PostgreSQL for data + caching. + + Default value: `#{(node['memory']['total'].to_i / 4) / (1024)}MB`. + +`postgresql['shell']` + +: Default value: `/bin/sh`. + +`postgresql['shmall']` + +: The total amount of available shared memory. + + Default value: `4194304`. + +`postgresql['shmmax']` + +: The maximum amount of shared memory. + + Default value: `17179869184`. + +`postgresql['sslmode']` + +: SSL encryption mode between the Chef Infra Server and PostgreSQL. + + Possible values: + + - `'disable'` + - `'require'` + + Default value: `'disable'`. + +`postgresql['trust_auth_cidr_addresses']` + +: Use for clear-text passwords. See `md5_auth_cidr_addresses`. + + Default value: `'127.0.0.1/32', '::1/128'`. + +`postgresql['pg_upgrade_timeout']` + +: The timeout value (in seconds) for PostgreSQL upgrade. + + Default value: `7200`. + +`postgresql['user_path']` + +: Default value: `/opt/opscode/embedded/bin:/opt/opscode/bin:$PATH`. + +`postgresql['username']` + +: The PostgreSQL account user name. + If setting this value, you must set `db_superuser` to the same value. + + Default value: `opscode-pgsql`. + +`postgresql['version']` + +: The (currently) hardcoded version of PostgreSQL. + + Default value: `'9.2'`. + +`postgresql['vip']` + +: The virtual IP address. + + Default value: `127.0.0.1`. + +`postgresql['work_mem']` + +: The size (in megabytes) of allowed in-memory sorting. + + Default value: `8MB`. + +### rabbitmq + +The **rabbitmq** service is used to provide the message queue that is +used by the Chef Infra Server to get search data to Apache Solr so that +it can be indexed for search. + +{{< note >}} + +rabbitmq settings are EOL in Chef Infra Server 14. + +{{< /note >}} + +This configuration file has the following settings for `rabbitmq`: + +`rabbitmq['actions_exchange']` + +: The name of the exchange to which Chef actions publishes actions + data. Default value: `'actions'`. + +`rabbitmq['actions_password']` + +: Legacy configuration setting for the password of the `actions_user`. + Default value: **generated**. + + To override the default value, use the [Secrets + Management]({{< relref "/server/ctl_chef_server#secrets-management" >}}) + command: `chef-server-ctl set-actions-password`. + +`rabbitmq['actions_user']` + +: The user with permission to publish actions data. Default value: + `'actions'`. + +`rabbitmq['actions_vhost']` + +: The virtual host to which Chef actions publishes actions data. + Default value: `'/analytics'`. + +`rabbitmq['analytics_max_length']` + +: The maximum number of messages that can be queued before RabbitMQ + automatically drops messages from the front of the queue to make + room for new messages. Default value: `10000`. + +`rabbitmq['consumer_id']` + +: The identity of the consumer to which messages are published. + Default value: `'hotsauce'`. + +`rabbitmq['data_dir']` + +: The directory in which on-disk data is stored. The default value is + the recommended value. Default value: + `'/var/opt/opscode/rabbitmq/db'`. + +`rabbitmq['dir']` + +: The working directory. The default value is the recommended value. + Default value: `'/var/opt/opscode/rabbitmq'`. + +`rabbitmq['drop_on_full_capacity']` + +: Specify if messages will stop being sent to the RabbitMQ queue when + it is at capacity. Default value: `true`. + +`rabbitmq['enable']` + +: Enable a service. Default value: `true`. + +`rabbitmq['log_directory']` + +: The directory in which log data is stored. The default value is the + recommended value. Default value: `'/var/log/opscode/rabbitmq'`. + +`rabbitmq['log_rotation']` + +: The log rotation policy for this service. Log files are rotated when + they exceed `file_maxbytes`. The maximum number of log files in the + rotation is defined by `num_to_keep`. Default value: + + ```ruby + { 'file_maxbytes' => 104857600, 'num_to_keep' => 10 } + ``` + +`rabbitmq['management_enabled']` + +: Specify if the rabbitmq-management plugin is enabled. Default value: + `true`. + +`rabbitmq['management_password']` + +: Legacy configuration setting for rabbitmq-management plugin + password. Default value: **generated**. + + To override the default value, use the [Secrets + Management]({{< relref "/server/ctl_chef_server#secrets-management" >}}) + command: `chef-server-ctl set-secret rabbitmq management_password`. + +`rabbitmq['management_port']` + +: The rabbitmq-management plugin port. Default value: `15672`. + +`rabbitmq['management_user']` + +: The rabbitmq-management plugin user. Default value: `'rabbitmgmt'`. + +`rabbitmq['node_ip_address']` + +: The bind IP address for RabbitMQ. Default value: `'127.0.0.1'`. + +`rabbitmq['node_port']` + +: The port on which the service is to listen. Default value: `'5672'`. + +`rabbitmq['nodename']` + +: The unique identifier of the node. Default value: `'rabbit@localhost'`. + +`rabbitmq['password']` + +: Legacy configuration setting for the password for the RabbitMQ user. + Default value: **generated**. + + To override the default value, use the [Secrets + Management]({{< relref "/server/ctl_chef_server#secrets-management" >}}) + command: `chef-server-ctl set-secret rabbitmq password`. + +`rabbitmq['prevent_erchef_startup_on_full_capacity']` + +: Specify if the Chef Infra Server will start when the monitored + RabbitMQ queue is full. Default value: `false`. + +`rabbitmq['queue_at_capacity_affects_overall_status']` + +: Specify if the `_status` endpoint in the Chef Infra Server API will + fail if the monitored queue is at capacity. Default value: `false`. + +`rabbitmq['queue_length_monitor_enabled']` + +: Specify if the queue length monitor is enabled. Default value: + `true`. + +`rabbitmq['queue_length_monitor_millis']` + +: The frequency (in milliseconds) at which the length of the RabbitMQ + queue is checked. Default value: `30000`. + +`rabbitmq['queue_length_monitor_timeout_millis']` + +: The timeout (in milliseconds) at which calls to the queue length + monitor will stop if the Chef Infra Server is overloaded. Default + value: `5000`. + +`rabbitmq['queue_length_monitor_queue']` + +: The RabbitMQ queue that is observed by queue length monitor. Default + value: `'alaska'`. + +`rabbitmq['queue_length_monitor_vhost']` + +: The virtual host for the RabbitMQ queue that is observed by queue + length monitor. Default value: `'/analytics'`. + +`rabbitmq['rabbit_mgmt_http_cull_interval']` + +: The maximum cull interval (in seconds) for the HTTP connection pool + that is used by the rabbitmq-management plugin. Default value: `60`. + +`rabbitmq['rabbit_mgmt_http_init_count']` + +: The initial worker count for the HTTP connection pool that is used + by the rabbitmq-management plugin. Default value: `25`. + +`rabbitmq['rabbit_mgmt_http_max_age']` + +: The maximum connection worker age (in seconds) for the HTTP + connection pool that is used by the rabbitmq-management plugin. + Default value: `70`. + +`rabbitmq['rabbit_mgmt_http_max_connection_duration']` + +: The maximum connection duration (in seconds) for the HTTP connection + pool that is used by the rabbitmq-management plugin. Default value: + `70`. + +`rabbitmq['rabbit_mgmt_http_max_count']` + +: The maximum worker count for the HTTP connection pool that is used + by the rabbitmq-management plugin. Default value: `100`. + +`rabbitmq['rabbit_mgmt_ibrowse_options']` + +: An array of comma-separated key-value pairs of ibrowse options for + the HTTP connection pool that is used by the rabbitmq-management + plugin. Default value: `'{connect_timeout, 10000}'`. + +`rabbitmq['rabbit_mgmt_timeout']` + +: The timeout for the HTTP connection pool that is used by the + rabbitmq-management plugin. Default value: `30000`. + +`rabbitmq['reindexer_vhost']` + +: Default value: `'/reindexer'`. + +`rabbitmq['ssl_versions']` + +: The SSL versions used by the rabbitmq-management plugin. (See + [RabbitMQ TLS support](https://www.rabbitmq.com/ssl.html) for more + information.) Default value: `['tlsv1.2', 'tlsv1.1']`. + +`rabbitmq['user']` + +: Default value: `'chef'`. + +`rabbitmq['vhost']` + +: Default value: `'/chef'`. + +`rabbitmq['vip']` + +: The virtual IP address. Default value: `'127.0.0.1'`. + +### redis_lb + +{{< readfile file="content/server/reusable/md/server_services_redis.md" >}} + +This configuration file has the following settings for `redis_lb`: + +`redis_lb['activerehashing']` + +: Enable active rehashing. + + Default value: `'no'`. + +`redis_lb['aof_rewrite_min_size']` + +: The minimum size of the append-only file. Only files larger than + this value are rewritten. + + Default value: `'16mb'`. + +`redis_lb['aof_rewrite_percent']` + +: The size of the current append-only file, as compared to the base + size. The append-only file is rewritten when the current file + exceeds the base size by this value. + + Default value: `'50'`. + +`redis_lb['appendfsync']` + +: The frequency at which the operating system writes data on-disk, + instead of waiting for more data. + + Possible values: + + - `no` (don't fsync, let operating system flush data) + - `always` (fsync after every write to the append-only log file) + - `everysec` (fsync only once time per second) + + Default value: `'always'`. + +`redis_lb['appendonly']` + +: Dump data asynchronously on-disk or to an append-only log file. Set + to `yes` to dump data to an append-only log file. + + Default value: `'no'`. + +`redis_lb['bind']` + +: Bind Redis to the specified IP address. + + Default value: `'127.0.0.1'`. + +`redis_lb['data_dir']` + +: The directory in which on-disk data is stored. The default value is + the recommended value. + + Default value: `'/var/opt/opscode/redis_lb/data'`. + +`redis_lb['databases']` + +: The number of databases. + + Default value: `'16'`. + +`redis_lb['dir']` + +: The working directory. The default value is the recommended value. + + Default value: `'/var/opt/opscode/redis_lb'`. + +`redis_lb['enable']` + +: Enable a service. + + Default value: `true`. + +`redis_lb['ha']` + +: Run the Chef Infra Server in a high availability topology. When + `topology` is set to `ha`, this setting defaults to `true`. + + Default value: `false`. + +`redis_lb['keepalive']` + +: The amount of time (in seconds) to wait for requests on a + connection. + + Default value: `'60'`. + +`redis_lb['log_directory']` + +: The directory in which log data is stored. The default value is the + recommended value. + + Default value: `'/var/log/opscode/redis_lb'`. + +`redis_lb['log_rotation']` + +: The log rotation policy for this service. Log files are rotated when + they exceed `file_maxbytes`. The maximum number of log files in the + rotation is defined by `num_to_keep`. + + Default value: `{ 'file_maxbytes' => 104857600, 'num_to_keep' => 10 }` + +`redis_lb['loglevel']` + +: The level of logging to be stored in a log file. + + Possible values: + + - `debug` + - `notice` + - `verbose` + - `warning`. + + Default value: `'notice'`. + +`redis_lb['maxmemory']` + +: The maximum amount of memory (in bytes). + + Default value: `'8m'`. + +`redis_lb['maxmemory_policy']` + +: The policy applied when the maximum amount of memory is reached. + + Possible values: + + - `allkeys-lru` (remove keys, starting with those used least frequently) + - `allkeys-random` (remove keys randomly) + - `noeviction` (don't expire, return an error on write operation) + - `volatile-lru` (remove expired keys, starting with those used least frequently) + - `volatile-random` (remove expired keys randomly) + - `volatile-ttl` (remove keys, starting with nearest expired time) + + Default value: `'noeviction'`. + +`redis_lb['port']` + +: The port on which the service is to listen. + + Default value: `'16379'`. + +`redis_lb['save_frequency']` + +: Set the save frequency in the following pattern: + `{ "seconds" => "keys", "seconds" => "keys", "seconds" => "keys" }`. + + Default value: `{ '900' => '1', '300' => '10', '60' => '1000' }` + + The default value saves the database every 15 minutes if at least one key + changes, every 5 minutes if at least 10 keys change, and every 60 + seconds if 10000 keys change. + +`redis_lb['timeout']` + +: The amount of time (in seconds) a client may be idle before timeout. + + Default value: `'300'`. + +`redis_lb['vip']` + +: The virtual IP address. + + Default value: `'127.0.0.1'`. + +`redis_lb['password']` + +: Legacy configuration setting for the Redis password. + + Default value: **generated**. + + To override the default value, use the [Secrets + Management]({{< relref "/server/ctl_chef_server#secrets-management" >}}) + command: `chef-server-ctl set-secret redis_lb password`. + +### upgrades + +This configuration file has the following settings for `upgrades`: + +`upgrades['dir']` + +: The working directory. The default value is the recommended value. + + Default value: `'/var/opt/opscode/upgrades'`. + +### user + +This configuration file has the following settings for `user`: + +`user['home']` + +: The home directory for the user under which Chef Infra Server + services run. + + Default value: `/opt/opscode/embedded`. + +`user['shell']` + +: The shell for the user under which Chef Infra Server services run. + + Default value: `/bin/sh`. + +`user['username']` + +: The user name under which Chef Infra Server services run. + + Default value: `opscode`. + +### required_recipe + +`required_recipe` is a feature that allows an administrator to specify a +recipe that will be run by all Chef Infra Clients that connect to it, +regardless of the node's run list. This feature is targeted at expert +level practitioners who are delivering isolated configuration changes to +the target systems, such as self-contained agent software. Further +explanation of the feature can be found in +[Chef Infra Client Development Docs](https://github.com/chef/chef/blob/main/docs/dev/design_documents/server_enforced_recipes.md). + +This configuration file has the following settings for +`required_recipe`: + +`required_recipe["enable"]` + +: Whether the feature is enabled. + + Default value: `false`. + +`required_recipe["path"]` + +: The location of the recipe to serve. The file must be owned by the + root user and group, and may not be group or world-writeable. + + Default value: `nil`. diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/config_ocid_application_hash_supermarket.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/config_ocid_application_hash_supermarket.md index a2a84b3429..6c90a4547a 100644 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/config_ocid_application_hash_supermarket.md +++ b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/config_ocid_application_hash_supermarket.md @@ -1,5 +1,4 @@ -To define OAuth 2 information for Chef Supermarket, create a Hash -similar to: +To define OAuth 2 information for Chef Supermarket, create a Hash similar to: ```ruby oc_id['applications'] ||= {} diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/config_rb_server_summary.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/config_rb_server_summary.md index 32715754fe..019229038a 100644 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/config_rb_server_summary.md +++ b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/config_rb_server_summary.md @@ -5,4 +5,4 @@ only be added to the `chef-server.rb` file to apply non-default values. These configuration settings are processed when the `chef-server-ctl reconfigure` command is run. The `chef-server.rb` file is a Ruby file, which means that conditional statements can be used -within it. \ No newline at end of file +within it. diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/notes_config_rb_server_must_reconfigure.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/notes_config_rb_server_must_reconfigure.md index b3cae5ddf9..64fd4057d3 100644 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/notes_config_rb_server_must_reconfigure.md +++ b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/notes_config_rb_server_must_reconfigure.md @@ -1,5 +1,4 @@ -When changes are made to the chef-server.rb file the Chef Infra Server -must be reconfigured by running the following command: +When changes are made to the chef-server.rb file the Chef Infra Server must be reconfigured by running the following command: ```bash chef-server-ctl reconfigure diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/notes_server_aws_cookbook_storage.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/notes_server_aws_cookbook_storage.md similarity index 100% rename from _vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/notes_server_aws_cookbook_storage.md rename to _vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/notes_server_aws_cookbook_storage.md diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_rbac_permissions_object.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_rbac_permissions_object.md index 2146929d5a..df3cadc7b8 100644 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_rbac_permissions_object.md +++ b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_rbac_permissions_object.md @@ -1,34 +1,8 @@ The Chef Infra Server includes the following object permissions: - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
PermissionDescription
DeleteUse the Delete permission to define which users and groups may delete an object. This permission is required for any user who uses the knife [object] delete [object_name] argument to interact with objects on the Chef Infra Server.
GrantUse the Grant permission to define which users and groups may configure permissions on an object. This permission is required for any user who configures permissions using the Administration tab in the Chef management console.
ReadUse the Read permission to define which users and groups may view the details of an object. This permission is required for any user who uses the knife [object] show [object_name] argument to interact with objects on the Chef Infra Server.
UpdateUse the Update permission to define which users and groups may edit the details of an object. This permission is required for any user who uses the knife [object] edit [object_name] argument to interact with objects on the Chef Infra Server and for any Chef Infra Client to save node data to the Chef Infra Server at the conclusion of a Chef Infra Client run.
- -{{/* moved to chef-server repo */}} +| Permission | Description | +| --- | --- | +| **Delete** | Use the **Delete** permission to define which users and groups may delete an object. This permission is required for any user who uses the `knife [object] delete [object_name]` argument to interact with objects on the Chef Infra Server. | +| **Grant** | Use the **Grant** permission to define which users and groups may configure permissions on an object. This permission is required for any user who configures permissions using the **Administration** tab in the Chef management console. | +| **Read** | Use the **Read** permission to define which users and groups may view the details of an object. This permission is required for any user who uses the `knife [object] show [object_name]` argument to interact with objects on the Chef Infra Server. | +| **Update** | Use the **Update** permission to define which users and groups may edit the details of an object. This permission is required for any user who uses the `knife [object] edit [object_name]` argument to interact with objects on the Chef Infra Server and for any Chef Infra Client to save node data to the Chef Infra Server at the conclusion of a Chef Infra Client run. | diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_services_bifrost.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_services_bifrost.md index 8e3f7a533f..4ba0e07281 100644 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_services_bifrost.md +++ b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_services_bifrost.md @@ -1,2 +1,2 @@ The **oc_bifrost** service ensures that every request to view or manage -objects stored on the Chef Infra Server is authorized. \ No newline at end of file +objects stored on the Chef Infra Server is authorized. diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_services_bookshelf.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_services_bookshelf.md index 8e2c037f67..e1cd6c0881 100644 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_services_bookshelf.md +++ b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_services_bookshelf.md @@ -1,4 +1,4 @@ The **bookshelf** service is an Amazon Simple Storage Service (S3)-compatible service that is used to store cookbooks, including all of the files---recipes, templates, and so on---that are associated with -each cookbook. \ No newline at end of file +each cookbook. diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_services_erchef.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_services_erchef.md index 2ca525cec3..d277fe53e8 100644 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_services_erchef.md +++ b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_services_erchef.md @@ -8,4 +8,4 @@ the Chef Infra Server: - Nodes - Roles - Sandboxes -- Search \ No newline at end of file +- Search diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_services_expander.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_services_expander.md similarity index 100% rename from _vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_services_expander.md rename to _vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_services_expander.md diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_services_oc_id.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_services_oc_id.md index eb2f69fa7f..4082e755ef 100644 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_services_oc_id.md +++ b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_services_oc_id.md @@ -3,4 +3,4 @@ Server by external applications, including Chef Supermarket. OAuth 2.0 uses token-based authentication, where external applications use tokens that are issued by the **oc-id** provider. No special credentials---`webui_priv.pem` or privileged keys---are stored on the -external application. \ No newline at end of file +external application. diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_services_postgresql.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_services_postgresql.md index 027de67cca..e8611bd0e8 100644 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_services_postgresql.md +++ b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_services_postgresql.md @@ -1 +1 @@ -The **postgresql** service is used to store node, object, and user data. \ No newline at end of file +The **postgresql** service is used to store node, object, and user data. diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_services_redis.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_services_redis.md index 4fdcb48d9c..c9634cfd88 100644 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_services_redis.md +++ b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_services_redis.md @@ -1,2 +1,2 @@ Key-value store used in conjunction with Nginx to route requests and -populate request data used by the Chef Infra Server. \ No newline at end of file +populate request data used by the Chef Infra Server. diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_services_solr4.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_services_solr4.md similarity index 100% rename from _vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_services_solr4.md rename to _vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_services_solr4.md diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_tuning_expander.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_tuning_expander.md similarity index 91% rename from _vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_tuning_expander.md rename to _vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_tuning_expander.md index 76ed8e88e1..09693df59c 100644 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_tuning_expander.md +++ b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_tuning_expander.md @@ -9,4 +9,6 @@ tuning effort for the **opscode-expander** service: Infra Server. Additional memory may be required by these worker processes depending on the frequency and volume of Chef Infra Client runs across the organization, but only if the back-end machines have - available CPU and RAM. Default value: `2`. \ No newline at end of file + available CPU and RAM. + + Default value: `2`. diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_tuning_nginx.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_tuning_nginx.md index a59d98574c..0f8a64a6ea 100644 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_tuning_nginx.md +++ b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/server_tuning_nginx.md @@ -1,16 +1,39 @@ The following settings are often modified from the default as part of the tuning effort for the **nginx** service and to configure the Chef -Infra Server to use SSL certificates: +Infra Server to use SSL certificates. + +{{< note >}} + +See for more +information about the values used with the `nginx['ssl_ciphers']` and +`nginx['ssl_protocols']` settings. + +{{< /note >}} + +After copying SSL certificate files to the Chef Infra Server, +update the `nginx['ssl_certificate']` and `nginx['ssl_certificate_key']` +settings to specify the paths to those files, and then (optionally) update the `nginx['ssl_ciphers']` and +`nginx['ssl_protocols']` settings to reflect the desired level of +hardness for the Chef Infra Server. For example: + +```ruby +nginx['ssl_certificate'] = '/etc/pki/tls/private/name.of.pem' +nginx['ssl_certificate_key'] = '/etc/pki/tls/private/name.of.key' +nginx['ssl_ciphers'] = 'HIGH:MEDIUM:!LOW:!kEDH:!aNULL:!ADH:!eNULL:!EXP:!SSLv2:!SEED:!CAMELLIA:!PSK' +nginx['ssl_protocols'] = 'TLSv1.2' +``` `nginx['ssl_certificate']` -: The SSL certificate used to verify communication over HTTPS. Default - value: `nil`. +: The SSL certificate used to verify communication over HTTPS. + + Default value: `nil`. `nginx['ssl_certificate_key']` -: The certificate key used for SSL communication. Default value: - `nil`. +: The certificate key used for SSL communication. + + Default value: `nil`. `nginx['ssl_ciphers']` @@ -27,32 +50,11 @@ Infra Server to use SSL certificates: `nginx['ssl_protocols']` -: The SSL protocol versions that are enabled for the Chef Infra Server API. For enhanced security set this value to `'TLSv1.2'`. TLS 1.2 is supported on - Chef Infra Client 10.16.4 and later on Linux, Unix, and macOS, and on Chef Infra Client 12.8 and later on Windows. If it is necessary to support these - older end-of-life Chef Infra Client releases, set this value to `'TLSv1.1 TLSv1.2'`. For example: +: The SSL protocol versions that are enabled for the Chef Infra Server API. - ```ruby - nginx['ssl_protocols'] = 'TLSv1.2' - ``` - -{{< note >}} - -See for more -information about the values used with the `nginx['ssl_ciphers']` and -`nginx['ssl_protocols']` settings. - -{{< /note >}} - -For example, after copying the SSL certificate files to the Chef Infra -Server, update the `nginx['ssl_certificate']` and -`nginx['ssl_certificate_key']` settings to specify the paths to those -files, and then (optionally) update the `nginx['ssl_ciphers']` and -`nginx['ssl_protocols']` settings to reflect the desired level of -hardness for the Chef Infra Server: - -```ruby -nginx['ssl_certificate'] = '/etc/pki/tls/private/name.of.pem' -nginx['ssl_certificate_key'] = '/etc/pki/tls/private/name.of.key' -nginx['ssl_ciphers'] = 'HIGH:MEDIUM:!LOW:!kEDH:!aNULL:!ADH:!eNULL:!EXP:!SSLv2:!SEED:!CAMELLIA:!PSK' -nginx['ssl_protocols'] = 'TLSv1 TLSv1.1 TLSv1.2' -``` + Starting with **Chef Infra Server 14.3**, this value defaults to `'TLSv1.2'` for + enhanced security. Previous releases defaulted to `'TLSv1 TLSv1.1 TLSv1.2'`, + which allowed for less secure SSL connections. TLS 1.2 is supported on + Chef Infra Client 10.16.4 and later on Linux, Unix, and macOS, and on Chef + Infra Client 12.8 and later on Windows. If it is necessary to support these + older end-of-life Chef Infra Client releases, set this value to `'TLSv1.1 TLSv1.2'`. diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/settings_strict_search_result_acls.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/settings_strict_search_result_acls.md similarity index 79% rename from _vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/settings_strict_search_result_acls.md rename to _vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/settings_strict_search_result_acls.md index 194441f335..eb6de4e9c6 100644 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/settings_strict_search_result_acls.md +++ b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/reusable/md/settings_strict_search_result_acls.md @@ -5,14 +5,11 @@ management console may increase because it enables the Chef management console to skip redundant ACL checks. To ensure the Chef management console is configured properly, after this setting has been applied with a `chef-server-ctl reconfigure` run `chef-manage-ctl reconfigure` to -ensure the Chef management console also picks up the setting. Default -value: `false`. +ensure the Chef management console also picks up the setting. -
+Default value: `false`. -

Warning

- -
+{{< warning >}} When `true`, `opscode_erchef['strict_search_result_acls']` affects all search results and any actor (user, client, etc.) that does not have @@ -21,6 +18,4 @@ this could affect search results returned during a Chef Infra Client runs if a Chef Infra Client does not have permission to read the information. -
- -
+{{< /warning >}} diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/config_rb_server.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/config_rb_server.md deleted file mode 100644 index 3cec8be3df..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/config_rb_server.md +++ /dev/null @@ -1,106 +0,0 @@ -+++ -title = "chef-server.rb Settings" -gh_repo = "chef-server" -+++ - -{{< reusable_text_versioned file="config_rb_server_summary">}} - -## Use Conditions - -{{< reusable_text_versioned file="config_add_condition">}} - -## Recommended Settings - -{{< reusable_text_versioned file="server_tuning_general">}} - -### NGINX SSL Protocols - -{{< reusable_text_versioned file="server_tuning_nginx">}} - -## Optional Settings - -The following settings are often used for performance tuning of the Chef -Infra Server in larger installations. - -{{< note >}} -{{< reusable_text_versioned file="notes_config_rb_server_must_reconfigure">}} -{{< /note >}} - -{{< note >}} - -Review the full list of [optional -settings]({{< relref "/server/config_rb_server_optional_settings" >}}) that can be added to -the chef-server.rb file. Many of these optional settings should not be -added without first consulting with Chef support. - -{{< /note >}} - -### bookshelf - -{{< reusable_text_versioned file="server_tuning_bookshelf">}} - -{{< warning >}} - -{{< reusable_text_versioned file="notes_server_aws_cookbook_storage">}} - -{{< /warning >}} - -### opscode-account - -The following setting is often modified from the default as part of the -tuning effort for the **opscode-account** service: - -`opscode_account['worker_processes']` - -: The number of allowed worker processes. This value should be - increased if requests made to the **opscode-account** service are - timing out, but only if the front-end machines have available CPU - and RAM. Default value: `4`. - -### opscode-erchef - -{{< reusable_text_versioned file="server_tuning_erchef">}} - -#### Data Collector - -The following settings are often modified from the default as part of -the tuning effort for the **data_collector** **opscode-erchef** -application: - -`data_collector['http_max_count']` - -: The maximum worker count for the HTTP connection pool that is used - by the data collector. If failures indicate that **opscode-erchef** - application has run out of HTTP connections for the - **data_collector** then increase this value. Default value: 100. - -### opscode-expander - -{{< reusable_text_versioned file="server_tuning_expander">}} - -### opscode-solr4 - -{{< reusable_text_versioned file="server_tuning_solr">}} - -#### Available Memory - -{{< reusable_text_versioned file="server_tuning_solr_available_memory">}} - -#### Large Node Sizes - -{{< reusable_text_versioned file="server_tuning_solr_large_node_sizes">}} - -#### Update Frequency - -{{< reusable_text_versioned file="server_tuning_solr_update_frequency">}} - -### postgresql - -{{< reusable_text_versioned file="server_tuning_postgresql">}} - -`postgresql['sslmode']` - -: SSL encryption mode between the Chef Infra Server and PostgreSQL. - Valid settings are `'disable'` and `'require'`. Default value: - `'disable'`. diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/config_rb_server_optional_settings.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/config_rb_server_optional_settings.md deleted file mode 100644 index 575ba1f515..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/config_rb_server_optional_settings.md +++ /dev/null @@ -1,2230 +0,0 @@ -+++ -title = "chef-server.rb 13 Optional Settings" -gh_repo = "chef-server" -+++ - -{{< reusable_text_versioned file="config_rb_server_summary" >}} - -## Settings - -The following sections describe the various settings that are available -in the chef-server.rb file. - -{{< note >}} - -{{< reusable_text_versioned file="notes_config_rb_server_must_reconfigure" >}} - -{{< /note >}} - -### General - -This configuration file has the following general settings: - -`addons['install']` - -: Default value: `false`. - -`addons['path']` - -: Default value: `nil`. - -`addons['packages']` - -: Default value: - - ```ruby - %w{chef-manage} - ``` - -`api_version` - -: The version of the Chef Infra Server. Default value: `'12.0.0'`. - -`default_orgname` - -: The `ORG_NAME` part of the `/organizations` endpoint in Chef Infra - Server. - -`fips` - -: Set to `true` to run the server in FIPS compliance mode. Set to - `false` to force the server to run without FIPS compliance mode. - Default: The kernel configuration FIPS value. - -{{< note spaces=4 >}} - -Chef Infra Server versions earlier than 14.5 that are configured with `nginx['enable_non_ssl'] = false` and `fips = true` require `export CSC_LB_URL=https://127.0.0.1` to run the command `chef-server-ctl reindex ` - -{{< /note >}} - -
- -`insecure_addon_compat` - -: Set to `true` to keep Chef Infra Server compatible with older add-on - versions by rendering secrets and credentials to - `/etc/opscode/chef-server-running.json` and other files in - `/etc/opscode/`. When set to `false`, secrets are **only** written - to `/etc/opscode/private-chef-secrets.json` and **not** to any other - files. Default value: `true`. - - See [Add-on - Compatibility]({{< relref "/server/server_security#add-on-compatibility" >}}) for the - minimum add-on versions supporting `insecure_addon_compat false`. - -`install_path` - -: The directory in which the Chef Infra Server is installed. Default - value: `'/opt/opscode'`. - -`from_email` - -: The email address from which invitations to the Chef management - console are sent. Default value: `'"Opscode" '`. - -`license['nodes']` - -: The number of licensed nodes. Default value: `25`. - -`license['upgrade_url']` - -: The URL to visit for more information about how to update the number - of nodes licensed for an organization. Default value: - `'https://www.chef.io/pricing'`. - -`notification_email` - -: The email addressed to which email notifications are sent. Default - value: `'pc-default@chef.io'`. - -`role` - -: The configuration type of the Chef Infra Server. Possible values: - `backend`, `frontend`, or `standalone`. Default value: - `'standalone'`. - -`topology` - -: The topology of the Chef Infra Server. Possible values: `manual`, - `standalone`, and `tier`. Default value: `'standalone'`. - -
- -### bookshelf - -{{< reusable_text_versioned file="server_services_bookshelf" >}} - -{{< note >}} - -{{< reusable_text_versioned file="notes_server_aws_cookbook_storage" >}} - -{{< /note >}} - -This configuration file has the following settings for `bookshelf`: - -`bookshelf['access_key_id']` - -: Deprecated. - Use `chef-server-ctl set-secret bookshelf access_key_id` from the [Secrets Management]({{< relref "/server/ctl_chef_server#secrets-management" >}}) commands. - - The access key identifier. - This may point at an external storage location, such as Amazon EC2. - See [AWS external bookshelf settings]({{< relref "/server#aws-settings" >}}) for - more information on configuring external bookshelf. Default value: - **generated**. - -`bookshelf['data_dir']` - -: The directory in which on-disk data is stored. The default value is - the recommended value. Default value: - `/var/opt/opscode/bookshelf/data`. - -`bookshelf['dir']` - -: The working directory. The default value is the recommended value. - Default value: `/var/opt/opscode/bookshelf`. - -`bookshelf['enable']` - -: Enable a service. Default value: `true`. - -`bookshelf['enable_request_logging']` - -: Use to configure request logging for the bookshelf service. Default - value: `false`. - -`bookshelf['external_url']` - -: The base URL to which the service is to return links to API - resources. Use `:host_header` to ensure the URL is derived from the - host header of the incoming HTTP request. Default value: - `:host_header`. - -`bookshelf['listen']` - -: The IP address on which the service is to listen. Default value: - `127.0.0.1`. - -`bookshelf['log_directory']` - -: The directory in which log data is stored. The default value is the - recommended value. Default value: `/var/log/opscode/bookshelf`. - -`bookshelf['log_rotation']` - -: The log rotation policy for this service. Log files are rotated when - they exceed `file_maxbytes`. The maximum number of log files in the - rotation is defined by `num_to_keep`. Default value: - - ```ruby - { 'file_maxbytes' => 104857600, 'num_to_keep' => 10 } - ``` - -`bookshelf['port']` - -: The port on which the service is to listen. Default value: `4321`. - -`bookshelf['secret_access_key']` - -: Deprecated. - Use `chef-server-ctl set-secret bookshelf secret_access_key` from the [Secrets Management]({{< relref "/server/ctl_chef_server#secrets-management" >}}) commands. - - The secret key. This may point at an external storage location, such - as Amazon EC2. See [AWS external bookshelf - settings]({{< relref "/server#aws-settings" >}}) for - more information on configuring external bookshelf. Default value: - **generated**. - -`bookshelf['storage_type']` - -: Determines where cookbooks are stored. Default value: `:filesystem`. - - In instances that require cookbooks to be stored within a SQL - backend, such as in a high availability setup, you must set - `storage_type` to `:sql`: - - ```ruby - bookshelf['storage_type'] = :sql - ``` - -`bookshelf['stream_download']` - -: Enable stream downloading of cookbooks. This setting (when `true`) - typically results in improved cookbook download performance, - especially with the memory usage of the **bookshelf** service and - the behavior of load balancers and proxies in-between Chef Infra - Client and the Chef Infra Server. Default value: `true`. - -`bookshelf['sql_connection_user']` - -: The PostgreSQL user name in `'username@hostname'` format (e.g. - `'bookshelf@my_postgresql.postgres.database.azure.com'`), where - `username` would normally equal the value of `bookshelf['sql_user']` - (default: `'bookshelf'`). This setting is **required** in an - external Azure PostgreSQL database-as-a-service configuration. If - set to `nil`, Chef Infra Server assumes that the database is not on - Azure and the PostgreSQL connection will be made using the value - specified in `bookshelf['sql_user']`. Default value: `nil`. - -`bookshelf['vip']` - -: The virtual IP address. This may point at an external storage - location, such as Amazon EC2. See [AWS external bookshelf - settings]({{< relref "/server#aws-settings" >}}) for - more information on configuring external bookshelf. Default value: - `127.0.0.1`. - -### bootstrap - -This configuration file has the following settings for `bootstrap`: - -`bootstrap['enable']` - -: Indicates whether an attempt to bootstrap the Chef Infra Server is - made. Generally only enabled on systems that have bootstrap enabled - via a `server` entry. Default value: `true`. - -### compliance forwarding - -The configuration file has the following settings for forwarding -`compliance` requests using the chef server authentication system. - -`profiles['root_url']` - -: If set, any properly signed requests arriving at - `/organizations/ORGNAME/owners/OWNER/compliance` will be forwarded - to this URL. This is expected to be a fully qualified resource, e.g. - `http://compliance.example.org/owners/OWNER/compliance`. - -### dark_launch - -This configuration file has the following settings for `dark_launch`: - -`dark_launch['actions']` - -: Enable Chef actions. Default value: `true`. - -`dark_launch['add_type_and_bag_to_items']` - -: Default value: `true`. - -`dark_launch['new_theme']` - -: Default value: `true`. - -`dark_launch['private-chef']` - -: Default value: `true`. - -`dark_launch['quick_start']` - -: Default value: `false`. - -`dark_launch['reporting']` - -: Enable Reporting, which performs data collection during a Chef Infra - Client run. Default value: `true`. - -`dark_launch['sql_users']` - -: Default value: `true`. - -### data_collector - -This configuration file has the following settings for `data_collector`: - -`data_collector['root_url']` - -: The fully qualified URL to the data collector server API. When - present, it will enable the data collector in **opscode-erchef**. - This also enables Chef Infra Server authenticated forwarding any properly - signed requests arriving at `/organizations/ORGNAME/data-collector` - to this URL with the data collector token appended. This is also - target for requests authenticated and forwarded by the - `/organizations/ORGNAME/data-collector` endpoint. For the forwarding - to work correctly the `data_collector['token']` field must also be - set. For example, if the data collector in Chef Automate is being - used, the URI would look like: - `http://my_automate_server.example.org/data-collector/v0/`. - -`data_collector['proxy']` - -: If set to `true`, Chef Infra Server will proxy all requests sent to - `/data-collector` to the configured Chef Automate - `data_collector['root_url']`. Note that *this route* does not check - the request signature and add the right data_collector token, but - just proxies the Automate endpoint **as-is**. Default value: `nil`. - -`data_collector['token']` - -: Deprecated. Use `chef-server-ctl set-secret data_collector token` from - the [Secrets Management]({{< relref "/server/ctl_chef_server#secrets-management" >}}) - commands. - - Legacy configuration for shared data collector security token. When - configured, the token will be passed as an HTTP header named - `x-data-collector-token` which the server can choose to accept or - reject. - -`data_collector['timeout']` - -: The amount of time (in milliseconds) before a request to the data - collector API times out. Default value: 30000. - -`data_collector['http_init_count']` - -: The initial worker count for the HTTP connection pool that is used - by the data collector. Default value: 25. - -`data_collector['http_max_count']` - -: The maximum worker count for the HTTP connection pool that is used - by the data collector. Default value: 100. - -`data_collector['http_max_age']` - -: The maximum connection worker age (in seconds) for the HTTP - connection pool that is used by the data collector. Default value: - "{70, sec}". - -`data_collector['http_cull_interval']` - -: The maximum cull interval (in minutes) for the HTTP connection pool - that is used by the data collector. Default value: "{1, min}". - -`data_collector['http_max_connection_duration']` - -: The maximum connection duration (in seconds) for the HTTP connection - pool that is used by the data collector. Default value: "{70, sec}". - -`data_collector['ibrowse_options']` - -: An array of comma-separated key-value pairs of ibrowse options for - the HTTP connection pool that is used by the data collector. Default - value: "\[{connect_timeout, - 10000}\]". - -`data_collector['health_check']` - -: A boolean that controls whether the data collector health is - included in the overall health at the `_status` endpoint. When set - to `true`, Chef Infra Server will report that healthy front end Chef - HA cluster members have failed when the data_collector\['root_url'\] cannot be reached. As a result, the load balancer - will remove those members from the load balancer pool. Default - value: true\`. - -### estatsd - -This configuration file has the following settings for `estatsd`: - -`estatsd['dir']` - -: The working directory. The default value is the recommended value. - Default value: `'/var/opt/opscode/estatsd'`. - -`estatsd['enable']` - -: Enable a service. Default value: `true`. - -`estatsd['log_directory']` - -: The directory in which log data is stored. The default value is the - recommended value. Default value: `'/var/log/opscode/estatsd'`. - -`estatsd['port']` - -: The port on which the service is to listen. Default value: `9466`. - -`estatsd['protocol']` - -: Use to send application statistics with StatsD protocol formatting. - Set this value to `statsd` to apply StatsD protocol formatting. - -`estatsd['vip']` - -: The virtual IP address. Default value: `'127.0.0.1'`. - -### jetty - -This configuration file has the following settings for `jetty`: - -`jetty['enable']` - -: Enable a service. Default value: `'false'`. This value should not be - modified. - -`jetty['log_directory']` - -: The directory in which log data is stored. The default value is the - recommended value. Default value: - - ```ruby - '/var/opt/opscode/opscode-solr4/jetty/logs' - ``` - -### lb / lb_internal - -This configuration file has the following settings for `lb`: - -`lb['api_fqdn']` - -: FQDNs must always be in lowercase. Default value: `node['fqdn']`. - -`lb['ban_refresh_interval']` - -: Default value: `600`. - -`lb['bookshelf']` - -: Default value: `127.0.0.1`. - -`lb['cache_cookbook_files']` - -: Default value: `false`. - -`lb['chef_max_version']` - -: The maximum version of Chef Infra Client that is allowed to access - the Chef Infra Server via the Chef Infra Server API. Default value: - `11`. - -`lb['chef_min_version']` - -: The minimum version of Chef Infra Client that is allowed to access - the Chef Infra Server via the Chef Infra Server API. Default value: - `10`. - -`lb['chef_server_webui']` - -: Default value: `127.0.0.1`. - -`lb['debug']` - -: Default value: `false`. - -`lb['enable']` - -: Enable a service. Default value: `true`. - -`lb['erchef']` - -: Default value: `127.0.0.1`. - -`lb['maint_refresh_interval']` - -: Default value: `600`. - -`lb['redis_connection_pool_size']` - -: Default value: `250`. - -`lb['redis_connection_timeout']` - -: The amount of time (in milliseconds) to wait before timing out. - Default value: `1000`. - -`lb['redis_keepalive_timeout']` - -: The amount of time (in milliseconds) to wait before timing out. - Default value: `2000`. - -`lb['upstream']['bookshelf']` - -: The default value is the recommended value. Default value: - `[ '127.0.0.1' ]`. - -`lb['upstream']['oc_bifrost']` - -: The default value is the recommended value. Default value: - `[ '127.0.0.1' ]`. - -`lb['upstream']['opscode_erchef']` - -: The default value is the recommended value. Default value: - `[ '127.0.0.1' ]`. - -`lb['upstream']['opscode_solr4']` - -: The default value is the recommended value. Default value: - `[ '127.0.0.1' ]`. - -`lb['vip']` - -: The virtual IP address. Default value: `127.0.0.1`. - -`lb['web_ui_fqdn']` - -: FQDNs must always be in lowercase. Default value: `node['fqdn']`. - -`lb['xdl_defaults']['503_mode']` - -: The default value is the recommended value. Default value: `false`. - -`lb['xdl_defaults']['couchdb_acls']` - -: The default value is the recommended value. Default value: `true`. - -`lb['xdl_defaults']['couchdb_association_requests']` - -: The default value is the recommended value. Default value: `true`. - -`lb['xdl_defaults']['couchdb_associations']` - -: The default value is the recommended value. Default value: `true`. - -`lb['xdl_defaults']['couchdb_containers']` - -: The default value is the recommended value. Default value: `true`. - -`lb['xdl_defaults']['couchdb_groups']` - -: The default value is the recommended value. Default value: `true`. - -`lb['xdl_defaults']['couchdb_organizations']` - -: The default value is the recommended value. Default value: `true`. - -And for the internal load balancers: - -`lb_internal['account_port']` - -: Default value: `9685`. - -`lb_internal['chef_port']` - -: Default value: `9680`. - -`lb_internal['enable']` - -: Default value: `true`. - -`lb_internal['oc_bifrost_port']` - -: Default value: `9683`. - -`lb_internal['vip']` - -: The virtual IP address. Default value: `'127.0.0.1'`. - -### ldap - -{{< reusable_text_versioned file="config_rb_server_settings_ldap" >}} - -### nginx - -This configuration file has the following settings for `nginx`: - -`nginx['cache_max_size']` - -: The `max_size` parameter used by the Nginx cache manager, which is - part of the `proxy_cache_path` directive. When the size of file - storage exceeds this value, the Nginx cache manager removes the - least recently used data. Default value: `5000m`. - -`nginx['client_max_body_size']` - -: The maximum accepted body size for a client request, as indicated by - the `Content-Length` request header. Default value: `250m`. - -`nginx['dir']` - -: The working directory. The default value is the recommended value. - Default value: `/var/opt/opscode/nginx`. - -`nginx['enable']` - -: Enable a service. Default value: `true`. - -`nginx['enable_ipv6']` - -: Enable Internet Protocol version 6 (IPv6) addresses. Default value: - `false`. - -`nginx['enable_non_ssl']` - -: Allow port 80 redirects to port 443. When this value is set to - `true`, load balancers on the front-end hardware are allowed to do - SSL termination of the WebUI and API. Default value: `false`. - -{{< note spaces=4 >}} -Chef Infra Server versions earlier than 14.5 configured with `nginx['enable_non_ssl'] = false` and `fips = true` require `export CSC_LB_URL=https://127.0.0.1` to run the command `chef-server-ctl reindex ` -{{< /note >}} - -`nginx['enable_stub_status']` - -: Enables the Nginx `stub_status` module. See - `nginx['stub_status']['allow_list']`, - `nginx['stub_status']['listen_host']`, - `nginx['stub_status']['listen_port']`, and - `nginx['stub_status']['location']`. Default value: `true`. - -`nginx['gzip']` - -: Enable gzip compression. Default value: `on`. - -`nginx['gzip_comp_level']` - -: The compression level used with gzip, from least amount of - compression (`1`, fastest) to the most (`2`, slowest). Default - value: `2`. - -`nginx['gzip_http_version']` - -: Enable gzip depending on the version of the HTTP request. Default - value: `1.0`. - -`nginx['gzip_proxied']` - -: The type of compression used based on the request and response. - Default value: `any`. - -`nginx['gzip_types']` - -: Enable compression for the specified MIME-types. Default value: - - ```ruby - [ 'text/plain', - 'text/css', - 'application/x-javascript', - 'text/xml', 'application/xml', - 'application/xml+rss', - 'text/javascript', - 'application/json' - ] - ``` - -`nginx['keepalive_timeout']` - -: The amount of time (in seconds) to wait for requests on a HTTP - keepalive connection. Default value: `65`. - -`nginx['log_directory']` - -: The directory in which log data is stored. The default value is the - recommended value. Default value: `/var/log/opscode/nginx`. - -`nginx['log_rotation']` - -: The log rotation policy for this service. Log files are rotated when - they exceed `file_maxbytes`. The maximum number of log files in the - rotation is defined by `num_to_keep`. Default value: - `{ 'file_maxbytes' => 104857600, 'num_to_keep' => 10 }` - -`nginx['log_x_forwarded_for']` - -: Log \$http_x_forwarded_for ("X-Forwarded-For") instead of - \$remote_addr if `true`. Default value `false`. - -`nginx['non_ssl_port']` - -: The port on which the WebUI and API are bound for non-SSL - connections. Default value: `80`. Use `nginx['enable_non_ssl']` to - enable or disable SSL redirects on this port number. Set to `false` - to disable non-SSL connections. - -`nginx['sendfile']` - -: Copy data between file descriptors when `sendfile()` is used. - Default value: `on`. - -`nginx['server_name']` - -: The FQDN for the server. FQDNs must always be in lowercase. - Default value: `node['fqdn']`. - -`nginx['ssl_certificate']` - -: The SSL certificate used to verify communication over HTTPS. Default - value: `nil`. - -`nginx['ssl_certificate_key']` - -: The certificate key used for SSL communication. Default value: - `nil`. - -`nginx['ssl_ciphers']` - -: The list of supported cipher suites that are used to establish a - secure connection. To favor AES256 with ECDHE forward security, drop - the `RC4-SHA:RC4-MD5:RC4:RSA` prefix. See [this - link](https://www.openssl.org/docs/man1.1.1/man1/ciphers.html) for more - information. For example: - - ```ruby - nginx['ssl_ciphers'] = HIGH: ... :!PSK - ``` - -`nginx['ssl_company_name']` - -: The name of your company. Default value: `YouCorp`. - -`nginx['ssl_country_name']` - -: The country in which your company is located. Default value: `US`. - -`nginx['ssl_email_address']` - -: The default email address for your company. Default value: - `you@example.com`. - -`nginx['ssl_locality_name']` - -: The city in which your company is located. Default value: `Seattle`. - -`nginx['ssl_organizational_unit_name']` - -: The organization or group within your company that is running the - Chef Infra Server. Default value: `Operations`. - -`nginx['ssl_port']` - -: Default value: `443`. - -`nginx['ssl_protocols']` - -: The SSL protocol versions that are enabled. For enhanced security set - this value to `'TLSv1.2'`. TLS 1.2 is supported on Chef Infra Client 10.16.4 - and later on Linux, Unix, and macOS, and on Chef Infra Client 12.8 and later on - Windows. If it is necessary to support these older end-of-life - Chef Infra Client releases, set this value to `'TLSv1.1 TLSv1.2'`. - - ```ruby - nginx['ssl_protocols'] = 'TLSv1.2' - ``` - - Default value: `TLSv1 TLSv1.1 TLSv1.2`. - -`nginx['ssl_state_name']` - -: The state, province, or region in which your company is located. - Default value: `WA`. - -`nginx['strict_host_header']` - -: Whether nginx should only respond to requests where the Host header - matches one of the configured FQDNs. Default value: `false`. - -`nginx['stub_status']['allow_list']` - -: The IP address on which accessing the `stub_status` endpoint is - allowed. Default value: `["127.0.0.1"]`. - -`nginx['stub_status']['listen_host']` - -: The host on which the Nginx `stub_status` module listens. Default - value: `"127.0.0.1"`. - -`nginx['stub_status']['listen_port']` - -: The port on which the Nginx `stub_status` module listens. Default - value: `"9999"`. - -`nginx['stub_status']['location']` - -: The name of the Nginx `stub_status` endpoint used to access data - generated by the Nginx `stub_status` module. Default value: - `"/nginx_status"`. - -`nginx['tcp_nodelay']` - -: Enable the Nagle buffering algorithm. Default value: `on`. - -`nginx['tcp_nopush']` - -: Enable TCP/IP transactions. Default value: `on`. - -`nginx['url']` - -: Default value: `https://#{node['fqdn']}`. - -`nginx['use_implicit_hosts']` - -: Automatically add localhost and any - local IP addresses to the configured FQDNs. Useful in combination - with `nginx['strict_host_header']`. Default value: `true`. - -`nginx['show_welcome_page']` - -: Determines whether or not the default nginx welcome page is shown. - Default value: `true`. - - -`nginx['worker_connections']` - -: The maximum number of simultaneous clients. Use with - `nginx['worker_processes']` to determine the maximum number of - allowed clients. Default value: `10240`. - -`nginx['worker_processes']` - -: The number of allowed worker processes. Use with - `nginx['worker_connections']` to determine the maximum number of - allowed clients. Default value: `node['cpu']['total'].to_i`. - -`nginx['x_forwarded_proto']` - -: The protocol used to connect to the server. Possible values: `http` - and `https`. This is the protocol used to connect to the Chef Infra - Server by a Chef Infra Client or a workstation. Default value: - `'https'`. - -### oc_bifrost - -{{< reusable_text_versioned file="server_services_bifrost" >}} - -This configuration file has the following settings for `oc_bifrost`: - -`oc_bifrost['db_pool_size']` - -: The number of open connections to PostgreSQL that are maintained by - the service. This value should be increased if failures indicate - that the **oc_bifrost** service ran out of connections. This value - should be tuned in conjunction with the - `postgresql['max_connections']` setting for PostgreSQL. Default - value: `20`. - -`oc_bifrost['dir']` - -: The working directory. The default value is the recommended value. - Default value: `/var/opt/opscode/oc_bifrost`. - -`oc_bifrost['enable']` - -: Enable a service. Default value: `true`. - -`oc_bifrost['enable_request_logging']` - -: Use to configure request logging for the `oc_bifrost` service. - Default value: `true`. - -`oc_bifrost['extended_perf_log']` - -: Default value: `true`. - -`oc_bifrost['listen']` - -: The IP address on which the service is to listen. Default value: - `'127.0.0.1'`. - -`oc_bifrost['log_directory']` - -: The directory in which log data is stored. The default value is the - recommended value. Default value: `/var/log/opscode/oc_bifrost`. - -`oc_bifrost['log_rotation']` - -: The log rotation policy for this service. Log files are rotated when - they exceed `file_maxbytes`. The maximum number of log files in the - rotation is defined by `num_to_keep`. Default value: - - ```ruby - { 'file_maxbytes' => 104857600, 'num_to_keep' => 10 } - ``` - -`oc_bifrost['port']` - -: The port on which the service is to listen. Default value: `9463`. - -`oc_bifrost['sql_connection_user']` - -: The PostgreSQL user name in `'username@hostname'` format (e.g. - `'bifrost@my_postgresql.postgres.database.azure.com'`), where - `username` would normally equal the value of - `oc_bifrost['sql_user']` (default: `'bifrost'`). This setting is - **required** in an external Azure PostgreSQL database-as-a-service - configuration. If set to `nil`, Chef Infra Server assumes that the - database is not on Azure and the PostgreSQL connection will be made - using the value specified in `oc_bifrost['sql_user']`. Default - value: `nil`. - -`oc_bifrost['sql_password']` - -: The password for the `sql_user`. Default value: **generated**. - - To override the default value, use the [Secrets - Management]({{< relref "/server/ctl_chef_server#secrets-management" >}}) - command: `chef-server-ctl set-secret oc_bifrost sql_password`. - -`oc_bifrost['sql_ro_password']` - -: The password for the `sql_ro_user`. Default value: **generated**. - - To override the default value, use the [Secrets - Management]({{< relref "/server/ctl_chef_server#secrets-management" >}}) - command: `chef-server-ctl set-secret oc_bifrost sql_ro_password`. - -`oc_bifrost['sql_ro_user']` - -: Default value: `'bifrost_ro'`. - -`oc_bifrost['sql_user']` - -: The user with permission to publish data. Default value: - `'bifrost'`. - -`oc_bifrost['superuser_id']` - -: Default value: **generated**. - -`oc_bifrost['vip']` - -: The virtual IP address. Default value: `'127.0.0.1'`. - -### oc_chef_authz - -The **opscode-authz** service is used to handle authorization requests -from oc_erchef to oc_bifrost in the Chef Infra Server. - -This configuration file has the following settings for `oc_chef_authz`: - -`oc_chef_authz['http_cull_interval']` - -: Default value: `'{1, min}'`. - -`oc_chef_authz['http_init_count']` - -: Default value: `25`. - -`oc_chef_authz['http_max_age']` - -: Default value: `'{70, sec}'`. - -`oc_chef_authz['http_max_connection_duration']` - -: Default value: `'{70, sec}'`. - -`oc_chef_authz['http_max_count']` - -: Default value: `100`. - -`oc_chef_authz['ibrowse_options']` - -: The amount of time (in milliseconds) to wait for a connection to be - established. Default value: `'[{connect_timeout, 5000}]'`. - -### oc-chef-pedant - -This configuration file has the following settings for `oc-chef-pedant`: - -`oc_chef_pedant['debug_org_creation']` - -: Run tests with full output. Default value: `false`. - -`oc_chef_pedant['dir']` - -: The working directory. The default value is the recommended value. - Default value: - - ```ruby - '/var/opt/opscode/oc-chef-pedant' - ``` - -`oc_chef_pedant['log_directory']` - -: The directory in which log data is stored. The default value is the - recommended value. Default value: - - ```ruby - '/var/log/opscode/oc-chef-pedant' - ``` - -`oc_chef_pedant['log_http_requests']` - -: Log HTTP requests in a file named `http-traffic.log` that is located - in the path specified by `log_directory`. Default value: `true`. - -`oc_chef_pedant['log_rotation']` - -: The log rotation policy for this service. Log files are rotated when - they exceed `file_maxbytes`. The maximum number of log files in the - rotation is defined by `num_to_keep`. Default value: - - ```ruby - { 'file_maxbytes' => 104857600, 'num_to_keep' => 10 } - ``` - -### oc-id - -{{< reusable_text_versioned file="server_services_oc_id" >}} - -This configuration file has the following settings for `oc-id`: - -`oc_id['administrators']` - -: An array of Chef Infra Server user names who may add applications to - the identity service. For example, `['user1', 'user2']`. Default - value: `[ ]`. - -`oc_id['applications']` - -: A Hash that contains OAuth 2 application information. Default value: - `{ }`. - - {{< readfile file="content/server/reusable/md/config_ocid_application_hash_supermarket.md" >}} - -`oc_id['db_pool_size']` - -: The number of open connections to PostgreSQL that are maintained by - the service. Default value: `'20'`. - -`oc_id['dir']` - -: The working directory. The default value is the recommended value. - Default value: none. - -`oc_id['enable']` - -: Enable a service. Default value: `true`. - -`oc_id['email_from_address']` - -: Outbound email address. Defaults to the `'from_email'` value. - -`oc_id['log_directory']` - -: The directory in which log data is stored. The default value is the - recommended value. Default value: `'/var/opt/opscode/oc_id'`. - -`oc_id['log_rotation']` - -: The log rotation policy for this service. Log files are rotated when - they exceed `file_maxbytes`. The maximum number of log files in the - rotation is defined by `num_to_keep`. Default value: - - ```ruby - { 'file_maxbytes' => 104857600, 'num_to_keep' => 10 } - ``` - -`oc_id['origin']` - -: The FQDN for the server that is sending outbound email. FQDNs must - always be in lowercase. Defaults to the `'api_fqdn'` value, which is - the FQDN for the Chef Infra Server. - -`oc_id['num_to_keep']` - -: The number of log files to keep. Default value: `10`. - -`oc_id['port']` - -: The port on which the service is to listen. Default value: `9090`. - -`oc_id['sql_connection_user']` - -: The PostgreSQL user name in `'username@hostname'` format (e.g. - `'oc_id@my_postgresql.postgres.database.azure.com'`), where - `username` would normally equal the value of `oc_id['sql_user']` - (default: `'od_id'`). This setting is **required** in an external - Azure PostgreSQL database-as-a-service configuration. If set to - `nil`, Chef Infra Server assumes that the database is not on Azure - and the PostgreSQL connection will be made using the value specified - in `oc_id['sql_user']`. Default value: `nil`. - -`oc_id['sql_database']` - -: The name of the database. Default value: `oc_id`. - -`oc_id['sql_password']` - -: The password for the `sql_user`. Default value: **generated**. - - To override the default value, use the [Secrets - Management]({{< relref "/server/ctl_chef_server#secrets-management" >}}) - command: `chef-server-ctl set-secret oc_id sql_password`. - -`oc_id['sql_user']` - -: The user with permission to write to `sql_database`. Default value: - `oc_id`. - -`oc_id['vip']` - -: The virtual IP address. Default value: `'127.0.0.1'`. - -### opscode-chef-mover - -This configuration file has the following settings for -`opscode-chef-mover`: - -`opscode_chef_mover['bulk_fetch_batch_size']` - -: Default value: `'5'`. - -`opscode_chef_mover['cache_ttl']` - -: Default value: `'3600'`. - -`opscode_chef_mover['db_pool_size']` - -: The number of open connections to PostgreSQL that are maintained by - the service. Default value: `'5'`. - -`opscode_chef_mover['data_dir']` - -: The directory in which on-disk data is stored. The default value is - the recommended value. Default value: - - ```ruby - '/var/opt/opscode/opscode-chef-mover/data' - ``` - -`opscode_chef_mover['dir']` - -: The working directory. The default value is the recommended value. - Default value: - - ```ruby - '/var/opt/opscode/opscode-chef-mover' - ``` - -`opscode_chef_mover['enable']` - -: Enable a service. Default value: `true`. - -`opscode_chef_mover['ibrowse_max_pipeline_size']` - -: Default value: `1`. - -`opscode_chef_mover['ibrowse_max_sessions']` - -: Default value: `256`. - -`opscode_chef_mover['log_directory']` - -: The directory in which log data is stored. The default value is the - recommended value. Default value: - - ```ruby - '/var/log/opscode/opscode-chef-mover' - ``` - -`opscode_chef_mover['log_rotation']` - -: The log rotation policy for this service. Log files are rotated when - they exceed `file_maxbytes`. The maximum number of log files in the - rotation is defined by `num_to_keep`. Default value: - - ```ruby - { 'file_maxbytes' => 104857600, 'num_to_keep' => 10 } - ``` - -`opscode_chef_mover['max_cache_size']` - -: Default value: `'10000'`. - -`opscode_chef_mover['solr_http_cull_interval']` - -: Default value: `'{1, min}'`. - -`opscode_chef_mover['solr_http_init_count']` - -: Default value: `25`. - -`opscode_chef_mover['solr_http_max_age']` - -: Default value: `'{70, sec}'`. - -`opscode_chef_mover['solr_http_max_connection_duration']` - -: Default value: `'{70, sec}'`. - -`opscode_chef_mover['solr_http_max_count']` - -: Default value: `100`. - -`opscode_chef_mover['solr_ibrowse_options']` - -: Default value: `'[{connect_timeout, 10000}]'`. - -`opscode_chef_mover['solr_timeout']` - -: Default value: `30000`. - -### opscode-erchef - -{{< reusable_text_versioned file="server_services_erchef" >}} - -This configuration file has the following settings for `opscode-erchef`: - -`opscode_erchef['auth_skew']` - -: Default value: `900`. - -`opscode_erchef['authz_fanout']` - -: Default value: `20`. - -`opscode_erchef['authz_timeout']` - -: The amount of time (in seconds) before a request to the - **oc_bifrost** service times out. Default value: `2000`. - -`opscode_erchef['base_resource_url']` - -: The base URL to which the service is to return links to API - resources. Use `:host_header` to ensure the URL is derived from the - host header of the incoming HTTP request. Default value: - `:host_header`. - -`opscode_erchef['bulk_fetch_batch_size']` - -: The number of nodes that may be deserialized. Currently only applies - to the `/search` endpoint in the Chef Infra Server API. The default - value is the recommended value. Default value: `5`. - -`opscode_erchef['cache_ttl']` - -: Default value: `3600`. - -`opscode_erchef['cleanup_batch_size']` - -: Default value: `0`. - -`opscode_erchef['couchdb_max_conn']` - -: Default value: `'100'`. - -`opscode_erchef['db_pool_size']` - -: The number of open connections to PostgreSQL that are maintained by - the service. Default value: `20`. - -`opscode_erchef['depsolver_timeout']` - -: The amount of time (in milliseconds) to wait for cookbook dependency - problems to be solved. Default value: `'5000'`. - -`opscode_erchef['depsolver_worker_count']` - -: The number of Ruby processes for which cookbook dependency problems - are unsolved. Use the `pgrep -fl depselector` command to verify the - number of depsolver workers that are running. If you are seeing 503 - service unavailable errors, increase this value. Default value: - `'5'`. - -`opscode_erchef['dir']` - -: The working directory. The default value is the recommended value. - Default value: `/var/opt/opscode/opscode-erchef`. - -`opscode_erchef['enable']` - -: Enable a service. Default value: `true`. - -`opscode_erchef['enable_actionlog']` - -: Use to enable Chef actions, a premium feature of the Chef Infra - Server. Default value: `false`. - -`opscode_erchef['enable_request_logging']` - -: Use to configure request logging for the `opscode_erchef` service. - Default value: `true`. - -`opscode_erchef['ibrowse_max_pipeline_size']` - -: Default value: `1`. - -`opscode_erchef['ibrowse_max_sessions']` - -: Default value: `256`. - -`opscode_erchef['listen']` - -: The IP address on which the service is to listen. Default value: - `127.0.0.1`. - -`opscode_erchef['log_directory']` - -: The directory in which log data is stored. The default value is the - recommended value. Default value: `/var/log/opscode/opscode-erchef`. - -`opscode_erchef['log_rotation']` - -: The log rotation policy for this service. Log files are rotated when - they exceed `file_maxbytes`. The maximum number of log files in the - rotation is defined by `num_to_keep`. Default value: - - ```ruby - { 'file_maxbytes' => 104857600, 'num_to_keep' => 10 } - ``` - -`opscode_erchef['max_cache_size']` - -: Default value: `10000`. - -`opscode_erchef['max_request_size']` - -: When the request body size is greater than this value, a - `413 Request Entity Too Large` error is returned. Default value: - `2000000`. - -`opscode_erchef['nginx_bookshelf_caching']` - -: Whether Nginx is used to cache cookbooks. When `:on`, Nginx serves - up the cached content instead of forwarding the request. Default - value: `:off`. - -`opscode_erchef['port']` - -: The port on which the service is to listen. Default value: `8000`. - -`opscode_erchef['reindex_batch_size']` - -: The number of items to fetch from the database and send to the - search index at a time. Default value: `10`. - -`opscode_erchef['reindex_sleep_min_ms']` - -: The minimum number of milliseconds to sleep before retrying a failed - attempt to index an item. Retries are delayed a random number of - miliseconds between `reindex_sleep_min_ms` and - `reindex_sleep_max_ms`. Set both this and `reindex_sleep_max_ms` to - 0 to retry without delay. Default value: `500` - -`opscode_erchef['reindex_sleep_max_ms']` - -: The maximum number of milliseconds to sleep before retrying a failed - attempt to index an item. Retries are delayed a random number of - miliseconds between `reindex_sleep_min_ms` and - `reindex_sleep_max_ms`. Set both this and `reindex_sleep_min_ms` to - 0 to retry without delay. Default value: `2000` - -`opscode_erchef['reindex_item_retries']` - -: The number of times to retry sending an object for indexing in the - case of failure. Default value: `3` - -`opscode_erchef['root_metric_key']` - -: Default value: `chefAPI`. - -`opscode_erchef['s3_bucket']` - -: The name of the Amazon Simple Storage Service (S3) bucket. This may - point at external storage locations, such as Amazon EC2. See [AWS - external bookshelf - settings]({{< relref "/server#aws-settings" >}}) for - more information on configuring external bookshelf. - -`opscode_erchef['s3_parallel_ops_fanout']` - -: Default value: `20`. - -`opscode_erchef['s3_parallel_ops_timeout']` - -: Default value: `5000`. - -`opscode_erchef['s3_url_expiry_window_size']` - -: The frequency at which unique URLs are generated. This value may be - a specific amount of time, i.e. `15m` (fifteen minutes) or a - percentage of the value of `s3_url_ttl`, i.e. `10%`. Default value: - `:off`. - -`opscode_erchef['s3_url_ttl']` - -: The amount of time (in seconds) before connections to the server - expire. If node bootstraps are timing out, increase this setting. - Default value: `28800`. - -`opscode_erchef['sql_connection_user']` - -: The PostgreSQL user name in `'username@hostname'` format (e.g. - `'opscode_chef@my_postgresql.postgres.database.azure.com'`), where - `username` would normally equal the value of - `opscode-erchef['sql_user']` (default: `'opscode_chef'`). This - setting is **required** in an external Azure PostgreSQL - database-as-a-service configuration. If set to `nil`, Chef Infra - Server assumes that the database is not on Azure and the PostgreSQL - connection will be made using the value specified in - `opscode_erchef['sql_user']`.Default value: `nil`. - -`opscode_erchef['strict_search_result_acls']` - -: {{< reusable_text_versioned file="settings_strict_search_result_acls" >}} - -`opscode_erchef['udp_socket_pool_size']` - -: Default value: `20`. - -`opscode_erchef['umask']` - -: Default value: `0022`. - -`opscode_erchef['validation_client_name']` - -: Default value: `chef-validator`. - -`opscode_erchef['vip']` - -: The virtual IP address. Default value: `127.0.0.1`. - -### opscode-expander - -{{< reusable_text_versioned file="server_services_expander" >}} - -This configuration file has the following settings for -`opscode-expander`: - -`opscode_expander['consumer_id']` - -: The identity of the consumer to which messages are published. - Default value: `default`. - -`opscode_expander['dir']` - -: The working directory. The default value is the recommended value. - Default value: - - ```ruby - /var/opt/opscode/opscode-expander - ``` - -`opscode_expander['enable']` - -: Enable a service. Default value: `true`. - -`opscode_expander['log_directory']` - -: The directory in which log data is stored. The default value is the - recommended value. Default value: - - ```ruby - /var/log/opscode/opscode-expander - ``` - -`opscode_expander['log_rotation']` - -: The log rotation policy for this service. Log files are rotated when - they exceed `file_maxbytes`. The maximum number of log files in the - rotation is defined by `num_to_keep`. Default value: - - ```ruby - { 'file_maxbytes' => 104857600, 'num_to_keep' => 10 } - ``` - -`opscode_expander['nodes']` - -: The number of allowed worker processes. Default value: `2`. - -`opscode_expander['reindexer_log_directory']` - -: The directory in which `opscode-expander-reindexer` logs files are - located. Default value: - - ```ruby - /var/log/opscode/opscode-expander-reindexer - ``` - -### opscode-solr4 - -{{< reusable_text_versioned file="server_services_solr4" >}} - -This configuration file has the following settings for `opscode-solr4`: - -`opscode_solr4['auto_soft_commit']` - -: The maximum number of documents before a soft commit is triggered. - Default value: `1000`. - -`opscode_solr4['commit_interval']` - -: The frequency (in seconds) at which node objects are added to the - Apache Solr search index. This value should be tuned carefully. When - data is committed to the Apache Solr index, all incoming updates are - blocked. If the duration between updates is too short, it is - possible for the rate at which updates are asked to occur to be - faster than the rate at which objects can be actually committed. - Default value: `60000` (every 60 seconds). - -`opscode_solr4['data_dir']` - -: The directory in which on-disk data is stored. The default value is - the recommended value. Default value: - - ```ruby - /var/opt/opscode/opscode-solr4/data - ``` - -`opscode_solr4['dir']` - -: The working directory. The default value is the recommended value. - Default value: - - ```ruby - /var/opt/opscode/opscode-solr4 - ``` - -`opscode_solr4['enable']` - -: Enable a service. Default value: `true`. - -`opscode_solr4['heap_size']` - -: The amount of memory (in MBs) available to Apache Solr. If there is - not enough memory available, search queries made by nodes to Apache - Solr may fail. The amount of memory that must be available also - depends on the number of nodes in the organization, the frequency of - search queries, and other characteristics that are unique to each - organization. In general, as the number of nodes increases, so does - the amount of memory. The default value should work for many - organizations with fewer than 25 nodes. For an organization with - several hundred nodes, the amount of memory that is required often - exceeds 3GB. Default value: `nil`, which is equivalent to 25% of the - system memory or 1024 (MB, but this setting is specified as an - integer number of MB in EC11), whichever is smaller. - -`opscode_solr4['ip_address']` - -: The IP address for the machine on which Apache Solr is running. - Default value: `127.0.0.1`. - -`opscode_solr4['java_opts']` - -: A Hash of `JAVA_OPTS` environment variables to be set. - (`-XX:NewSize` is configured using the `new_size` setting.) Default - value: `' '` (empty). - -`opscode_solr4['log_directory']` - -: The directory in which log data is stored. The default value is the - recommended value. Default value: - - ```ruby - /var/log/opscode/opscode-solr4 - ``` - -`opscode_solr4['log_gc']` - -: Enable or disable GC logging. Default is `true`. - -`opscode_solr4['log_rotation']` - -: The log rotation policy for this service. Log files are rotated when - they exceed `file_maxbytes`. The maximum number of log files in the - rotation is defined by `num_to_keep`. Default value: - - ```ruby - { 'file_maxbytes' => 104857600, 'num_to_keep' => 10 } - ``` - -`opscode_solr4['max_commit_docs']` - -: The frequency (in documents) at which node objects are added to the - Apache Solr search index. This value should be tuned carefully. When - data is committed to the Apache Solr index, all incoming updates are - blocked. If the duration between updates is too short, it is - possible for the rate at which updates are asked to occur to be - faster than the rate at which objects can be actually committed. - Default value: `1000` (every 1000 documents). - -`opscode_solr4['max_field_length']` - -: The maximum field length (in number of tokens/terms). If a field - length exceeds this value, Apache Solr may not be able to complete - building the index. Default value: `100000` (increased from the - Apache Solr default value of `10000`). - -`opscode_solr4['max_merge_docs']` - -: The maximum number of index segments allowed before they are merged - into a single index. Default value: `2147483647`. - -`opscode_solr4['merge_factor']` - -: The maximum number of document updates that can be stored in memory - before being flushed and added to the current index segment. Default - value: `15`. - -`opscode_solr4['new_size']` - -: Configure the `-XX:NewSize` `JAVA_OPTS` environment variable. - Default value: `nil`. - -`opscode_solr4['poll_seconds']` - -: The frequency (in seconds) at which the secondary machine polls the - primary. Default value: `20`. - -`opscode_solr4['port']` - -: The port on which the service is to listen. Default value: `8983`. - -`opscode_solr4['ram_buffer_size']` - -: The size (in megabytes) of the RAM buffer. When document updates - exceed this amout, pending updates are flushed. Default value: - `100`. - -`opscode_solr4['url']` - -: Default value: `'http://localhost:8983/solr'`. - -`opscode_solr4['vip']` - -: The virtual IP address. Default value: `127.0.0.1`. - -### postgresql - -{{< reusable_text_versioned file="server_services_postgresql" >}} - -This configuration file has the following settings for `postgresql`: - -`postgresql['checkpoint_completion_target']` - -: A completion percentage that is used to determine how quickly a - checkpoint should finish in relation to the completion status of the - next checkpoint. For example, if the value is `0.5`, then a - checkpoint attempts to finish before 50% of the next checkpoint is - done. Default value: `0.5`. - -`postgresql['checkpoint_segments']` - -: The maximum amount (in megabytes) between checkpoints in log file - segments. Default value: `3`. - -`postgresql['checkpoint_timeout']` - -: The amount of time (in minutes) between checkpoints. Default value: - `5min`. - -`postgresql['checkpoint_warning']` - -: The frequency (in seconds) at which messages are sent to the server - log files if checkpoint segments are being filled faster than their - currently configured values. Default value: `30s`. - -`postgresql['data_dir']` - -: The directory in which on-disk data is stored. The default value is - the recommended value. Default value: - `/var/opt/opscode/postgresql/#{node['private_chef']['postgresql']['version']}/data`. - -`postgresql['db_connection_superuser']` - -: The PostgreSQL superuser name in `'username@hostname'` format (e.g. - `'opscode_pgsql@my_postgresql.postgres.database.azure.com'`), where - `username` would normally equal the value of - `postgresql['db_superuser']` with any dashes replaced by - underscores. This setting is **required** in an external Azure - PostgreSQL database-as-a-service configuration. If set to `nil`, - Chef Infra Server assumes that the database is not on Azure and the - PostgreSQL connection will be made using the value specified in - `postgresql['db_superuser']`. Default value: `nil`. - -`postgresql['db_superuser']` - -: Default value: `opscode-pgsql`. If `username` is set, set - `db_superuser` to the same value. - -`postgresql['db_superuser_password']` - -: Password for the DB superuser. Default value: **generated**. - - To override the default value, use the [Secrets - Management]({{< relref "/server/ctl_chef_server#secrets-management" >}}) - command: `chef-server-ctl set-db-superuser-password`. - -`postgresql['dir']` - -: The working directory. The default value is the recommended value. - Default value: - `/var/opt/opscode/postgresql/#{node['private_chef']['postgresql']['version']}`. - -`postgresql['effective_cache_size']` - -: The size of the disk cache that is used for data files. Default - value: 50% of available RAM. - -`postgresql['enable']` - -: Enable a service. Default value: `true`. - -`postgresql['home']` - -: The home directory for PostgreSQL. Default value: - `/var/opt/opscode/postgresql`. - -`postgresql['keepalives_count']` - -: The maximum number of keepalive proves that should be sent before - dropping a connection. Default value: `2`. - -`postgresql['keepalives_idle']` - -: The amount of time (in seconds) a connection must remain idle before - keepalive probes will resume. Default value: `60`. - -`postgresql['keepalives_interval']` - -: The amount of time (in seconds) between probes. Default value: `15`. - -`postgresql['listen_address']` - -: The connection source to which PostgreSQL is to respond. Default - value: `localhost`. - -`postgresql['log_directory']` - -: The directory in which log data is stored. The default value is the - recommended value. Default value: - `/var/log/opscode/postgresql/#{node['private_chef']['postgresql']['version']}`. - -`postgresql['log_min_duration_statement']` - -: When to log a slow PostgreSQL query statement. Possible values: `-1` - (disabled, do not log any statements), `0` (log every statement), or - an integer greater than zero. When the integer is greater than zero, - this value is the amount of time (in milliseconds) that a query - statement must have run before it is logged. Default value: `-1`. - -`postgresql['log_rotation']` - -: The log rotation policy for this service. Log files are rotated when - they exceed `file_maxbytes`. The maximum number of log files in the - rotation is defined by `num_to_keep`. Default value: - `{ 'file_maxbytes' => 104857600, 'num_to_keep' => 10 }` - -`postgresql['max_connections']` - -: The maximum number of allowed concurrent connections. Default value: - `350`. - -`postgresql['md5_auth_cidr_addresses']` - -: Use instead of `trust_auth_cidr_addresses` to encrypt passwords - using MD5 hashes. Default value: `[ '127.0.0.1/32', '::1/128' ]`. - -`postgresql['port']` - -: The port on which the service is to listen. Default value: `5432`. - -`postgresql['shared_buffers']` - -: The amount of memory that is dedicated to PostgreSQL for data - caching. Default value: - `#{(node['memory']['total'].to_i / 4) / (1024)}MB`. - -`postgresql['shell']` - -: Default value: `/bin/sh`. - -`postgresql['shmall']` - -: The total amount of available shared memory. Default value: - `4194304`. - -`postgresql['shmmax']` - -: The maximum amount of shared memory. Default value: `17179869184`. - -`postgresql['sslmode']` - -: SSL encryption mode between the Chef Infra Server and PostgreSQL. - Valid settings are `'disable'` and `'require'`. Default value: - `'disable'`. - -`postgresql['trust_auth_cidr_addresses']` - -: Use for clear-text passwords. See `md5_auth_cidr_addresses`. Default - value: `'127.0.0.1/32', '::1/128'`. - -`postgresql['user_path']` - -: Default value: `/opt/opscode/embedded/bin:/opt/opscode/bin:$PATH`. - -`postgresql['username']` - -: The PostgreSQL account user name. Default value: `opscode-pgsql`. If - setting this value, must set `db_superuser` to the same value. - -`postgresql['version']` - -: The (currently) hardcoded version of PostgreSQL. Default value: - `'9.2'`. - -`postgresql['vip']` - -: The virtual IP address. Default value: `127.0.0.1`. - -`postgresql['work_mem']` - -: The size (in megabytes) of allowed in-memory sorting. Default value: - `8MB`. - -### rabbitmq - -{{< reusable_text_versioned file="server_services_rabbitmq" >}} - -This configuration file has the following settings for `rabbitmq`: - -`rabbitmq['actions_exchange']` - -: The name of the exchange to which Chef actions publishes actions - data. Default value: `'actions'`. - -`rabbitmq['actions_password']` - -: Legacy configuration setting for the password of the `actions_user`. - Default value: **generated**. - - To override the default value, use the [Secrets - Management]({{< relref "/server/ctl_chef_server#secrets-management" >}}) - command: `chef-server-ctl set-actions-password`. - -`rabbitmq['actions_user']` - -: The user with permission to publish actions data. Default value: - `'actions'`. - -`rabbitmq['actions_vhost']` - -: The virtual host to which Chef actions publishes actions data. - Default value: `'/analytics'`. - -`rabbitmq['analytics_max_length']` - -: The maximum number of messages that can be queued before RabbitMQ - automatically drops messages from the front of the queue to make - room for new messages. Default value: `10000`. - -`rabbitmq['consumer_id']` - -: The identity of the consumer to which messages are published. - Default value: `'hotsauce'`. - -`rabbitmq['data_dir']` - -: The directory in which on-disk data is stored. The default value is - the recommended value. Default value: - `'/var/opt/opscode/rabbitmq/db'`. - -`rabbitmq['dir']` - -: The working directory. The default value is the recommended value. - Default value: `'/var/opt/opscode/rabbitmq'`. - -`rabbitmq['drop_on_full_capacity']` - -: Specify if messages will stop being sent to the RabbitMQ queue when - it is at capacity. Default value: `true`. - -`rabbitmq['enable']` - -: Enable a service. Default value: `true`. - -`rabbitmq['log_directory']` - -: The directory in which log data is stored. The default value is the - recommended value. Default value: `'/var/log/opscode/rabbitmq'`. - -`rabbitmq['log_rotation']` - -: The log rotation policy for this service. Log files are rotated when - they exceed `file_maxbytes`. The maximum number of log files in the - rotation is defined by `num_to_keep`. Default value: - - ```ruby - { 'file_maxbytes' => 104857600, 'num_to_keep' => 10 } - ``` - -`rabbitmq['management_enabled']` - -: Specify if the rabbitmq-management plugin is enabled. Default value: - `true`. - -`rabbitmq['management_password']` - -: Legacy configuration setting for rabbitmq-management plugin - password. Default value: **generated**. - - To override the default value, use the [Secrets - Management]({{< relref "/server/ctl_chef_server#secrets-management" >}}) - command: `chef-server-ctl set-secret rabbitmq management_password`. - -`rabbitmq['management_port']` - -: The rabbitmq-management plugin port. Default value: `15672`. - -`rabbitmq['management_user']` - -: The rabbitmq-management plugin user. Default value: `'rabbitmgmt'`. - -`rabbitmq['node_ip_address']` - -: The bind IP address for RabbitMQ. Default value: `'127.0.0.1'`. - -`rabbitmq['node_port']` - -: The port on which the service is to listen. Default value: `'5672'`. - -`rabbitmq['nodename']` - -: The unique identifier of the node. Default value: `'rabbit@localhost'`. - -`rabbitmq['password']` - -: Legacy configuration setting for the password for the RabbitMQ user. - Default value: **generated**. - - To override the default value, use the [Secrets - Management]({{< relref "/server/ctl_chef_server#secrets-management" >}}) - command: `chef-server-ctl set-secret rabbitmq password`. - -`rabbitmq['prevent_erchef_startup_on_full_capacity']` - -: Specify if the Chef Infra Server will start when the monitored - RabbitMQ queue is full. Default value: `false`. - -`rabbitmq['queue_at_capacity_affects_overall_status']` - -: Specify if the `_status` endpoint in the Chef Infra Server API will - fail if the monitored queue is at capacity. Default value: `false`. - -`rabbitmq['queue_length_monitor_enabled']` - -: Specify if the queue length monitor is enabled. Default value: - `true`. - -`rabbitmq['queue_length_monitor_millis']` - -: The frequency (in milliseconds) at which the length of the RabbitMQ - queue is checked. Default value: `30000`. - -`rabbitmq['queue_length_monitor_timeout_millis']` - -: The timeout (in milliseconds) at which calls to the queue length - monitor will stop if the Chef Infra Server is overloaded. Default - value: `5000`. - -`rabbitmq['queue_length_monitor_queue']` - -: The RabbitMQ queue that is observed by queue length monitor. Default - value: `'alaska'`. - -`rabbitmq['queue_length_monitor_vhost']` - -: The virtual host for the RabbitMQ queue that is observed by queue - length monitor. Default value: `'/analytics'`. - -`rabbitmq['rabbit_mgmt_http_cull_interval']` - -: The maximum cull interval (in seconds) for the HTTP connection pool - that is used by the rabbitmq-management plugin. Default value: `60`. - -`rabbitmq['rabbit_mgmt_http_init_count']` - -: The initial worker count for the HTTP connection pool that is used - by the rabbitmq-management plugin. Default value: `25`. - -`rabbitmq['rabbit_mgmt_http_max_age']` - -: The maximum connection worker age (in seconds) for the HTTP - connection pool that is used by the rabbitmq-management plugin. - Default value: `70`. - -`rabbitmq['rabbit_mgmt_http_max_connection_duration']` - -: The maximum connection duration (in seconds) for the HTTP connection - pool that is used by the rabbitmq-management plugin. Default value: - `70`. - -`rabbitmq['rabbit_mgmt_http_max_count']` - -: The maximum worker count for the HTTP connection pool that is used - by the rabbitmq-management plugin. Default value: `100`. - -`rabbitmq['rabbit_mgmt_ibrowse_options']` - -: An array of comma-separated key-value pairs of ibrowse options for - the HTTP connection pool that is used by the rabbitmq-management - plugin. Default value: `'{connect_timeout, 10000}'`. - -`rabbitmq['rabbit_mgmt_timeout']` - -: The timeout for the HTTP connection pool that is used by the - rabbitmq-management plugin. Default value: `30000`. - -`rabbitmq['reindexer_vhost']` - -: Default value: `'/reindexer'`. - -`rabbitmq['ssl_versions']` - -: The SSL versions used by the rabbitmq-management plugin. (See - [RabbitMQ TLS support](https://www.rabbitmq.com/ssl.html) for more - information.) Default value: `['tlsv1.2', 'tlsv1.1']`. - -`rabbitmq['user']` - -: Default value: `'chef'`. - -`rabbitmq['vhost']` - -: Default value: `'/chef'`. - -`rabbitmq['vip']` - -: The virtual IP address. Default value: `'127.0.0.1'`. - -### redis_lb - -{{< reusable_text_versioned file="server_services_redis" >}} - -This configuration file has the following settings for `redis_lb`: - -`redis_lb['activerehashing']` - -: Enable active rehashing. Default value: `'no'`. - -`redis_lb['aof_rewrite_min_size']` - -: The minimum size of the append-only file. Only files larger than - this value are rewritten. Default value: `'16mb'`. - -`redis_lb['aof_rewrite_percent']` - -: The size of the current append-only file, as compared to the base - size. The append-only file is rewritten when the current file - exceeds the base size by this value. Default value: `'50'`. - -`redis_lb['appendfsync']` - -: The frequency at which the operating system writes data on-disk, - instead of waiting for more data. Possible values: `no` (don't - fsync, let operating system flush data), `always` (fsync after every - write to the append-only log file), and `everysec` (fsync only once - time per second). Default value: `'always'`. - -`redis_lb['appendonly']` - -: Dump data asynchronously on-disk or to an append-only log file. Set - to `yes` to dump data to an append-only log file. Default value: - `'no'`. - -`redis_lb['bind']` - -: Bind Redis to the specified IP address. Default value: - `'127.0.0.1'`. - -`redis_lb['data_dir']` - -: The directory in which on-disk data is stored. The default value is - the recommended value. Default value: - `'/var/opt/opscode/redis_lb/data'`. - -`redis_lb['databases']` - -: The number of databases. Default value: `'16'`. - -`redis_lb['dir']` - -: The working directory. The default value is the recommended value. - Default value: `'/var/opt/opscode/redis_lb'`. - -`redis_lb['enable']` - -: Enable a service. Default value: `true`. - -`redis_lb['ha']` - -: Run the Chef Infra Server in a high availability topology. When - `topology` is set to `ha`, this setting defaults to `true`. Default - value: `false`. - -`redis_lb['keepalive']` - -: The amount of time (in seconds) to wait for requests on a - connection. Default value: `'60'`. - -`redis_lb['log_directory']` - -: The directory in which log data is stored. The default value is the - recommended value. Default value: `'/var/log/opscode/redis_lb'`. - -`redis_lb['log_rotation']` - -: The log rotation policy for this service. Log files are rotated when - they exceed `file_maxbytes`. The maximum number of log files in the - rotation is defined by `num_to_keep`. Default value: - - ```ruby - { 'file_maxbytes' => 104857600, 'num_to_keep' => 10 } - ``` - -`redis_lb['loglevel']` - -: The level of logging to be stored in a log file.. Possible values: - `debug`, `notice`, `verbose`, and `warning`. Default value: - `'notice'`. - -`redis_lb['maxmemory']` - -: The maximum amount of memory (in bytes). Default value: `'8m'`. - -`redis_lb['maxmemory_policy']` - -: The policy applied when the maximum amount of memory is reached. - Possible values: `allkeys-lru` (remove keys, starting with those - used least frequently), `allkeys-random` (remove keys randomly), - `noeviction` (don't expire, return an error on write operation), - `volatile-lru` (remove expired keys, starting with those used least - frequently), `volatile-random` (remove expired keys randomly), and - `volatile-ttl` (remove keys, starting with nearest expired time). - Default value: `'noeviction'`. - -`redis_lb['port']` - -: The port on which the service is to listen. Default value: - `'16379'`. - -`redis_lb['save_frequency']` - -: Set the save frequency. Pattern: - `{ "seconds" => "keys", "seconds" => "keys", "seconds" => "keys" }`. - Default value: - - ```ruby - { '900' => '1', '300' => '10', '60' => '1000' } - ``` - - Which saves the database every 15 minutes if at least one key - changes, every 5 minutes if at least 10 keys change, and every 60 - seconds if 10000 keys change. - -`redis_lb['timeout']` - -: The amount of time (in seconds) a client may be idle before timeout. - Default value: `'300'`. - -`redis_lb['vip']` - -: The virtual IP address. Default value: `'127.0.0.1'`. - -`redis_lb['password']` - -: Legacy configuration setting for the Redis password. Default value: - **generated**. - - To override the default value, use the [Secrets - Management]({{< relref "/server/ctl_chef_server#secrets-management" >}}) - command: `chef-server-ctl set-secret redis_lb password`. - -### upgrades - -This configuration file has the following settings for `upgrades`: - -`upgrades['dir']` - -: The working directory. The default value is the recommended value. - Default value: `'/var/opt/opscode/upgrades'`. - -### user - -This configuration file has the following settings for `user`: - -`user['home']` - -: The home directory for the user under which Chef Infra Server - services run. Default value: `/opt/opscode/embedded`. - -`user['shell']` - -: The shell for the user under which Chef Infra Server services run. - Default value: `/bin/sh`. - -`user['username']` - -: The user name under which Chef Infra Server services run. Default - value: `opscode`. - -### required_recipe - -`required_recipe` is a feature that allows an administrator to specify a -recipe that will be run by all Chef Infra Clients that connect to it, -regardless of the node's run list. This feature is targeted at expert -level practitioners who are delivering isolated configuration changes to -the target systems, such as self-contained agent software. Further -explanation of the feature can be found in -[Chef Infra Client Development Docs](https://github.com/chef/chef/blob/main/docs/dev/design_documents/server_enforced_recipes.md). - -This configuration file has the following settings for -`required_recipe`: - -`required_recipe["enable"]` - -: Whether the feature is enabled. Default value: `false`. - -`required_recipe["path"]` - -: The location of the recipe to serve. The file must be owned by the - root user and group, and may not be group or world-writeable. - Default value: `nil`. diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/index.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/index.md deleted file mode 100644 index 2ae2541c48..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/index.md +++ /dev/null @@ -1,3 +0,0 @@ -+++ -headless = true -+++ \ No newline at end of file diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/config_add_condition.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/config_add_condition.md deleted file mode 100644 index 5351c32bdc..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/config_add_condition.md +++ /dev/null @@ -1,13 +0,0 @@ -Use a `case` statement to apply different values based on whether the -setting exists on the front-end or back-end servers. Add code to the -server configuration file similar to the following: - -```ruby -role_name = ChefServer['servers'][node['fqdn']]['role'] -case role_name -when 'backend' - # backend-specific configuration here -when 'frontend' - # frontend-specific configuration here -end -``` diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/config_rb_server_settings_ldap.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/config_rb_server_settings_ldap.md deleted file mode 100644 index f4f699d9e9..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/config_rb_server_settings_ldap.md +++ /dev/null @@ -1,166 +0,0 @@ - -  - -
- -

Warning

- -
- -The following settings **MUST** be in the config file for LDAP -authentication to Active Directory to work: - -- `base_dn` -- `bind_dn` -- `group_dn` -- `host` - -If those settings are missing, you will get authentication errors and be -unable to proceed. - -
- -
- -This configuration file has the following settings for `ldap`: - -`ldap['base_dn']` - -: The root LDAP node under which all other nodes exist in the - directory structure. For Active Directory, this is typically - `cn=users` and then the domain. For example: - - ```ruby - 'OU=Employees,OU=Domain users,DC=example,DC=com' - ``` - - Default value: `nil`. - -`ldap['bind_dn']` - -: The distinguished name used to bind to the LDAP server. The user the - Chef Infra Server will use to perform LDAP searches. This is often - the administrator or manager user. This user needs to have read - access to all LDAP users that require authentication. The Chef Infra - Server must do an LDAP search before any user can log in. Many - Active Directory and LDAP systems do not allow an anonymous bind. If - anonymous bind is allowed, leave the `bind_dn` and `bind_password` - settings blank. If anonymous bind is not allowed, a user with `READ` - access to the directory is required. This user must be specified as - an LDAP distinguished name similar to: - - ```ruby - 'CN=user,OU=Employees,OU=Domainuser,DC=example,DC=com' - ``` - - {{< note >}} - If you need to escape characters in a distinguished name, such as when using Active Directory, they must be [escaped with a backslash escape character](https://social.technet.microsoft.com/wiki/contents/articles/5312.active-directory-characters-to-escape.aspx). - - ```ruby - 'CN=example\\user,OU=Employees,OU=Domainuser,DC=example,DC=com' - ``` - {{< /note >}} - - - Default value: `nil`. - -`ldap['bind_password']` - -: Deprecated. Use `chef-server-ctl set-secret ldap bind_password` from the - [Secrets Management](/ctl_chef_server.html#ctl-chef-server-secrets-management) - commands. - - Legacy configuration for the password of the binding user. The - password for the user specified by `ldap['bind_dn']`. Leave this - value and `ldap['bind_dn']` unset if anonymous bind is sufficient. - Default value: `nil`. - - ```bash - chef-server-ctl set-secret ldap bind_password - Enter ldap bind_password: (no terminal output) - Re-enter ldap bind_password: (no terminal output) - ``` - - Remove a set password via - - ```bash - chef-server-ctl remove-secret ldap bind_password - ``` - -`ldap['group_dn']` - -: The distinguished name for a group. When set to the distinguished - name of a group, only members of that group can log in. This feature - filters based on the `memberOf` attribute and only works with LDAP - servers that provide such an attribute. In OpenLDAP, the `memberOf` - overlay provides this attribute. For example, if the value of the - `memberOf` attribute is `CN=abcxyz,OU=users,DC=company,DC=com`, then - use: - - ```ruby - ldap['group_dn'] = 'CN=abcxyz,OU=users,DC=company,DC=com' - ``` - -`ldap['host']` - -: The name (or IP address) of the LDAP server. The hostname of the - LDAP or Active Directory server. Be sure the Chef Infra Server is - able to resolve any host names. Default value: `ldap-server-host`. - -`ldap['login_attribute']` - -: The LDAP attribute that holds the user's login name. Use to specify - the Chef Infra Server user name for an LDAP user. Default value: - `sAMAccountName`. - -`ldap['port']` - -: An integer that specifies the port on which the LDAP server listens. - The default value is an appropriate value for most configurations. - Default value: `389` or `636` when `ldap['encryption']` is set to - `:simple_tls`. - -`ldap['ssl_enabled']` - -: Cause the Chef Infra Server to connect to the LDAP server using SSL. - Default value: `false`. Must be `false` when `ldap['tls_enabled']` - is `true`. - - {{< note >}} - - It's recommended that you enable SSL for Active Directory. - - Previous versions of Chef Infra Server used the `ldap['ssl_enabled']` setting to first enable SSL, and then the `ldap['encryption']` setting to specific the encryption type. These settings are deprecated. - - {{< /note >}} - - -`ldap['system_adjective']` - -: A descriptive name for the login system that is displayed to users - in the Chef Infra Server management console. If a value like - "corporate" is used, then the Chef management console user interface - will display strings like "the corporate login server", "corporate - login", or "corporate password." Default value: `AD/LDAP`. - - {{< warning >}} - This setting is used by Chef Manage and not Chef Infra Server. Chef Manage is deprecated. - {{< /warning >}} - -`ldap['timeout']` - -: The amount of time (in seconds) to wait before timing out. Default - value: `60000`. - -`ldap['tls_enabled']` - -: Enable TLS. When enabled, communication with the LDAP server is done - via a secure SSL connection on a dedicated port. When `true`, - `ldap['port']` is also set to `636`. Default value: `false`. Must be - `false` when `ldap['ssl_enabled']` is `true`. - - {{< note >}} - - Previous versions of Chef Infra Server used the `ldap['ssl_enabled']` setting to first enable SSL, and then the `ldap['encryption']` setting to specify the encryption type. These settings are deprecated. - - {{< /note >}} diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/config_rb_server_summary.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/config_rb_server_summary.md deleted file mode 100644 index 32715754fe..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/config_rb_server_summary.md +++ /dev/null @@ -1,8 +0,0 @@ -The `/etc/opscode/chef-server.rb` file contains all of the non-default -configuration settings used by the Chef Infra Server. The default -settings are built into the Chef Infra Server configuration and should -only be added to the `chef-server.rb` file to apply non-default values. -These configuration settings are processed when the -`chef-server-ctl reconfigure` command is run. The `chef-server.rb` file -is a Ruby file, which means that conditional statements can be used -within it. \ No newline at end of file diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/notes_config_rb_server_must_reconfigure.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/notes_config_rb_server_must_reconfigure.md deleted file mode 100644 index e224908d32..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/notes_config_rb_server_must_reconfigure.md +++ /dev/null @@ -1,5 +0,0 @@ -When changes are made to the chef-server.rb file the Chef Infra Server must be reconfigured by running the following command: - -```bash -chef-server-ctl reconfigure -``` \ No newline at end of file diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_services_bifrost.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_services_bifrost.md deleted file mode 100644 index 8e3f7a533f..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_services_bifrost.md +++ /dev/null @@ -1,2 +0,0 @@ -The **oc_bifrost** service ensures that every request to view or manage -objects stored on the Chef Infra Server is authorized. \ No newline at end of file diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_services_bookshelf.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_services_bookshelf.md deleted file mode 100644 index 8e2c037f67..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_services_bookshelf.md +++ /dev/null @@ -1,4 +0,0 @@ -The **bookshelf** service is an Amazon Simple Storage Service -(S3)-compatible service that is used to store cookbooks, including all -of the files---recipes, templates, and so on---that are associated with -each cookbook. \ No newline at end of file diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_services_erchef.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_services_erchef.md deleted file mode 100644 index e384d536a2..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_services_erchef.md +++ /dev/null @@ -1,11 +0,0 @@ -The **opscode-erchef** service is an Erlang-based service that is used -to handle Chef Infra Server API requests to the following areas within -the Chef Infra Server: - -- Cookbooks -- Data bags -- Environments -- Nodes -- Roles -- Sandboxes -- Search \ No newline at end of file diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_services_expander.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_services_expander.md deleted file mode 100644 index bc27280bee..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_services_expander.md +++ /dev/null @@ -1,3 +0,0 @@ -The **opscode-expander** service is used to process data (pulled from -the **rabbitmq** service's message queue) so that it can be properly -indexed by the **opscode-solr4** service. \ No newline at end of file diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_services_oc_id.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_services_oc_id.md deleted file mode 100644 index eb2f69fa7f..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_services_oc_id.md +++ /dev/null @@ -1,6 +0,0 @@ -The **oc-id** service enables OAuth 2.0 authentication to the Chef Infra -Server by external applications, including Chef Supermarket. OAuth 2.0 -uses token-based authentication, where external applications use tokens -that are issued by the **oc-id** provider. No special -credentials---`webui_priv.pem` or privileged keys---are stored on the -external application. \ No newline at end of file diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_services_postgresql.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_services_postgresql.md deleted file mode 100644 index 027de67cca..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_services_postgresql.md +++ /dev/null @@ -1 +0,0 @@ -The **postgresql** service is used to store node, object, and user data. \ No newline at end of file diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_services_rabbitmq.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_services_rabbitmq.md deleted file mode 100644 index 6953338391..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_services_rabbitmq.md +++ /dev/null @@ -1,3 +0,0 @@ -The **rabbitmq** service is used to provide the message queue that is -used by the Chef Infra Server to get search data to Apache Solr so that -it can be indexed for search. \ No newline at end of file diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_services_redis.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_services_redis.md deleted file mode 100644 index 4fdcb48d9c..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_services_redis.md +++ /dev/null @@ -1,2 +0,0 @@ -Key-value store used in conjunction with Nginx to route requests and -populate request data used by the Chef Infra Server. \ No newline at end of file diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_services_solr4.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_services_solr4.md deleted file mode 100644 index e52ffa4ff8..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_services_solr4.md +++ /dev/null @@ -1,4 +0,0 @@ -The **opscode-solr4** service is used to create the search indexes used -for searching objects like nodes, data bags, and cookbooks. (This -service ensures timely search results via the Chef Infra Server API; -data that is used by the Chef platform is stored in PostgreSQL.) \ No newline at end of file diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_tuning_bookshelf.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_tuning_bookshelf.md deleted file mode 100644 index b67c0a3bf2..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_tuning_bookshelf.md +++ /dev/null @@ -1,6 +0,0 @@ -The following setting is often modified from the default as part of the -tuning effort for the **bookshelf** service: - -`bookshelf['vip']` - -: The virtual IP address. Default value: `node['fqdn']`. \ No newline at end of file diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_tuning_erchef.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_tuning_erchef.md deleted file mode 100644 index 5f08daf94e..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_tuning_erchef.md +++ /dev/null @@ -1,22 +0,0 @@ -The following settings are often modified from the default as part of -the tuning effort for the **opscode-erchef** service: - -`opscode_erchef['db_pool_size']` - -: The number of open connections to PostgreSQL that are maintained by - the service. If failures indicate that the **opscode-erchef** - service ran out of connections, try increasing the - `postgresql['max_connections']` setting. If failures persist, then - increase this value (in small increments) and also increase the - value for `postgresql['max_connections']`. Default value: `20`. - -`opscode_erchef['s3_url_ttl']` - -: The amount of time (in seconds) before connections to the server - expire. If Chef Infra Client runs are timing out, increase this - setting to `3600`, and then adjust again if necessary. Default - value: `900`. - -`opscode_erchef['strict_search_result_acls']` - -: {{< reusable_text_versioned "settings_strict_search_result_acls" >}} \ No newline at end of file diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_tuning_general.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_tuning_general.md deleted file mode 100644 index a8b44469c1..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_tuning_general.md +++ /dev/null @@ -1,26 +0,0 @@ -The following settings are typically added to the server configuration -file (no equal sign is necessary to set the value): - -`api_fqdn` - -: The FQDN for the Chef Infra Server. This setting is not in the - server configuration file by default. When added, its value should - be equal to the FQDN for the service URI used by the Chef Infra - Server. For example: `api_fqdn "chef.example.com"`. - -`bootstrap` - -: Default value: `true`. - -`ip_version` - -: Use to set the IP version: `"ipv4"` or `"ipv6"`. When set to - `"ipv6"`, the API listens on IPv6 and front end and back end - services communicate via IPv6 when a high availability configuration - is used. When configuring for IPv6 in a high availability - configuration, be sure to set the netmask on the IPv6 `backend_vip` - attribute. Default value: `"ipv4"`. - -`notification_email` - -: Default value: `info@example.com`. \ No newline at end of file diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_tuning_nginx.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_tuning_nginx.md deleted file mode 100644 index 20b62196a5..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_tuning_nginx.md +++ /dev/null @@ -1,63 +0,0 @@ -The following settings are often modified from the default as part of -the tuning effort for the **nginx** service and to configure the Chef -Infra Server to use SSL certificates: - -`nginx['ssl_certificate']` - -: The SSL certificate used to verify communication over HTTPS. Default - value: `nil`. - -`nginx['ssl_certificate_key']` - -: The certificate key used for SSL communication. Default value: - `nil`. - -`nginx['ssl_ciphers']` - -: The list of supported cipher suites that are used to establish a - secure connection. To favor AES256 with ECDHE forward security, drop - the `RC4-SHA:RC4-MD5:RC4:RSA` prefix. For example: - - ```ruby - nginx['ssl_ciphers'] = "HIGH:MEDIUM:!LOW:!kEDH: \ - !aNULL:!ADH:!eNULL:!EXP: \ - !SSLv2:!SEED:!CAMELLIA: \ - !PSK" - ``` - -`nginx['ssl_protocols']` - -: The SSL protocol versions that are enabled for the Chef Infra Server API. - For enhanced security set this value to `'TLSv1.2'`. TLS 1.2 is supported on - Chef Infra Client 10.16.4 and later on Linux, Unix, and macOS, and on Chef - Infra Client 12.8 and later on Windows. If it is necessary to support these - older end-of-life Chef Infra Client releases, set this value to `'TLSv1.1 TLSv1.2'`. - - ```ruby - nginx['ssl_protocols'] = 'TLSv1.2' - ``` - -
-

Note

-
- - See for more - information about the values used with the `nginx['ssl_ciphers']` and - `nginx['ssl_protocols']` settings. - -
-
- - For example, after copying the SSL certificate files to the Chef Infra - Server, update the `nginx['ssl_certificate']` and - `nginx['ssl_certificate_key']` settings to specify the paths to those - files, and then (optionally) update the `nginx['ssl_ciphers']` and - `nginx['ssl_protocols']` settings to reflect the desired level of - hardness for the Chef Infra Server: - - ```ruby - nginx['ssl_certificate'] = '/etc/pki/tls/private/name.of.pem' - nginx['ssl_certificate_key'] = '/etc/pki/tls/private/name.of.key' - nginx['ssl_ciphers'] = 'HIGH:MEDIUM:!LOW:!kEDH:!aNULL:!ADH:!eNULL:!EXP:!SSLv2:!SEED:!CAMELLIA:!PSK' - nginx['ssl_protocols'] = 'TLSv1.2' - ``` diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_tuning_postgresql.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_tuning_postgresql.md deleted file mode 100644 index 423bbef08a..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_tuning_postgresql.md +++ /dev/null @@ -1,34 +0,0 @@ -The following setting is often modified from the default as part of the tuning effort for the **postgresql** service: - -`postgresql['max_connections']` - -: The maximum number of allowed concurrent connections. This value should only be tuned when the `opscode_erchef['db_pool_size']` value used by the **opscode-erchef** service is modified. Default value: `350`. - If there are more than two front end machines in a cluster, the - `postgresql['max_connections']` setting should be increased. The - increased value depends on the number of machines in the front end, - but also the number of services that are running on each of these - machines. - - - Each front end machine always runs the **oc_bifrost** and - **opscode-erchef** services. - - The Reporting add-on adds the **reporting** service. - - Each of these services requires 25 connections, above the default - value. - - Use the following formula to help determine what the increased value - should be: - - ```ruby - new_value = current_value + [ - (# of front end machines - 2) * (25 * # of services) - ] - ``` - - For example, if the current value is 350, there are four front end - machines, and all add-ons are installed, then the formula looks - like: - - ```ruby - 550 = 350 + [(4 - 2) * (25 * 4)] - ``` diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_tuning_solr.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_tuning_solr.md deleted file mode 100644 index 8652366637..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_tuning_solr.md +++ /dev/null @@ -1,3 +0,0 @@ -The following sections describe ways of tuning the **opscode-solr4** -service to improve performance around large node sizes, available -memory, and update frequencies. \ No newline at end of file diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_tuning_solr_available_memory.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_tuning_solr_available_memory.md deleted file mode 100644 index c13f016fc2..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_tuning_solr_available_memory.md +++ /dev/null @@ -1,27 +0,0 @@ -Use the following configuration setting to help ensure that Apache Solr -does not run out of memory: - -`opscode_solr4['heap_size']` - -: The amount of memory (in MBs) available to Apache Solr. If there is - not enough memory available, search queries made by nodes to Apache - Solr may fail. The amount of memory that must be available also - depends on the number of nodes in the organization, the frequency of - search queries, and other characteristics that are unique to each - organization. In general, as the number of nodes increases, so does - the amount of memory. - -If Apache Solr is running out of memory, the -`/var/log/opscode/opscode-solr4/current` log file will contain a message -similar to: - -```bash -SEVERE: java.lang.OutOfMemoryError: Java heap space -``` - -The default value for `opscode_solr4['heap_size']` should work for many -organizations, especially those with fewer than 25 nodes. For -organizations with more than 25 nodes, set this value to 25% of system -memory or `1024`, whichever is smaller. For very large configurations, -increase this value to 25% of system memory or `4096`, whichever is -smaller. This value should not exceed `8192`. diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_tuning_solr_large_node_sizes.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_tuning_solr_large_node_sizes.md deleted file mode 100644 index 6dec8e687d..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_tuning_solr_large_node_sizes.md +++ /dev/null @@ -1,59 +0,0 @@ -The maximum field length setting for Apache Solr should be greater than -any expected node object file sizes in order for them to be successfully -added to the search index. If a node object file is greater than the -maximum field length, the node object will be indexed up to the maximum, -but the part of the file past that limit will not be indexed. If this -occurs, it will seem as if nodes disappear from the search index. To -ensure that large node file sizes are indexed properly, verify the -following configuration settings: - -`nginx['client_max_body_size']` - -: The maximum accepted body size for a client request, as indicated by - the `Content-Length` request header. When the maximum accepted body - size is greater than this value, a `413 Request Entity Too Large` - error is returned. Default value: `250m`. - -and - -`opscode_erchef['max_request_size']` - -: When the request body size is greater than this value, a 413 Request - Entity Too Large error is returned. Default value: `2000000`. - -to ensure that those settings are not part of the reasons for incomplete -indexing, and then update the following setting so that its value is -greater than the expected node file sizes: - -`opscode_solr4['max_field_length']` - -: The maximum field length (in number of tokens/terms). If a field - length exceeds this value, Apache Solr may not be able to complete - building the index. Default value: `100000` (increased from the - Apache Solr default value of `10000`). - -Use the `wc` command to get the byte count of a large node object file. -For example: - -```bash -wc -c NODE_NAME.json -``` - -and then ensure there is a buffer beyond that value. For example, verify -the size of the largest node object file: - -```bash -wc -c nodebsp2016.json -``` - -which returns `154516`. Update the `opscode_solr4['max_field_length']` -setting to have a value greater than the returned value. For example: -`180000`. - -If you don't have a node object file available then you can get an -approximate size of the node data by running the following command on a -node. - -```bash -ohai | wc -c -``` diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_tuning_solr_update_frequency.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_tuning_solr_update_frequency.md deleted file mode 100644 index a5d0b9bb48..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/server_tuning_solr_update_frequency.md +++ /dev/null @@ -1,24 +0,0 @@ -At the end of every Chef Infra Client run, the node object is saved to -the Chef Infra Server. From the Chef Infra Server, each node object is -then added to the `SOLR` search index. This process is asynchronous. By -default, node objects are committed to the search index every 60 seconds -or per 1000 node objects, whichever occurs first. - -When data is committed to the Apache Solr index, all incoming updates -are blocked. If the duration between updates is too short, it is -possible for the rate at which updates are asked to occur to be faster -than the rate at which objects can be actually committed. - -Use the following configuration setting to improve the indexing -performance of node objects: - -`opscode_solr4['commit_interval']` - -: The frequency (in seconds) at which node objects are added to the - Apache Solr search index. Default value: `60000` (every 60 seconds). - -`opscode_solr4['max_commit_docs']` - -: The frequency (in documents) at which node objects are added to the - Apache Solr search index. Default value: `1000` (every 1000 - documents). \ No newline at end of file diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/settings_strict_search_result_acls.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/settings_strict_search_result_acls.md deleted file mode 100644 index d8715f15dd..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v13_2/reusable_text/settings_strict_search_result_acls.md +++ /dev/null @@ -1,28 +0,0 @@ -Use to specify that search results only return objects to which an actor -(user, client, etc.) has read access, as determined by ACL settings. -This affects all searches. When `true`, the performance of the Chef -management console may increase because it enables the Chef management -console to skip redundant ACL checks. To ensure the Chef management -console is configured properly, after this setting has been applied with -a `chef-server-ctl reconfigure` run `chef-manage-ctl reconfigure` to -ensure the Chef management console also picks up the setting. Default -value: `false`. - -
- -

Warning

- -
- -When `true`, `opscode_erchef['strict_search_result_acls']` affects all -search results and any actor (user, client, etc.) that does not have -read access to a search result will not be able to view it. For example, -this could affect search results returned during a Chef Infra Client -runs if a Chef Infra Client does not have permission to read the -information. - - - -
- -
\ No newline at end of file diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/config_rb_server.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/config_rb_server.md deleted file mode 100644 index 1ec7dd14fc..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/config_rb_server.md +++ /dev/null @@ -1,86 +0,0 @@ -+++ -title = "chef-server.rb Settings" -gh_repo = "chef-server" -+++ - -{{< reusable_text_versioned file="config_rb_server_summary">}} - -## Use Conditions - -{{< reusable_text_versioned file="config_add_condition">}} - -## Recommended Settings - -{{< reusable_text_versioned file="server_tuning_general">}} - -### NGINX SSL Protocols - -{{< reusable_text_versioned file="server_tuning_nginx">}} - -## Optional Settings - -The following settings are often used for performance tuning of the Chef -Infra Server in larger installations. - -{{< note >}} -{{< reusable_text_versioned file="notes_config_rb_server_must_reconfigure">}} -{{< /note >}} - -{{< note >}} - -Review the full list of [optional -settings]({{< relref "/server/config_rb_server_optional_settings" >}}) that can be added to -the chef-server.rb file. Many of these optional settings should not be -added without first consulting with Chef support. - -{{< /note >}} - -### bookshelf - -{{< reusable_text_versioned file="server_tuning_bookshelf">}} - -{{< warning >}} - -{{< reusable_text_versioned file="notes_server_aws_cookbook_storage">}} - -{{< /warning >}} - -### opscode-account - -The following setting is often modified from the default as part of the -tuning effort for the **opscode-account** service: - -`opscode_account['worker_processes']` - -: The number of allowed worker processes. This value should be - increased if requests made to the **opscode-account** service are - timing out, but only if the front-end machines have available CPU - and RAM. Default value: `4`. - -### opscode-erchef - -{{< reusable_text_versioned file="server_tuning_erchef">}} - -#### Data Collector - -The following settings are often modified from the default as part of -the tuning effort for the **data_collector** **opscode-erchef** -application: - -`data_collector['http_max_count']` - -: The maximum worker count for the HTTP connection pool that is used - by the data collector. If failures indicate that **opscode-erchef** - application has run out of HTTP connections for the - **data_collector** then increase this value. Default value: 100. - -### postgresql - -{{< reusable_text_versioned file="server_tuning_postgresql">}} - -`postgresql['sslmode']` - -: SSL encryption mode between the Chef Infra Server and PostgreSQL. - Valid settings are `'disable'` and `'require'`. Default value: - `'disable'`. diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/config_rb_server_optional_settings.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/config_rb_server_optional_settings.md deleted file mode 100644 index bbe21662bc..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/config_rb_server_optional_settings.md +++ /dev/null @@ -1,1997 +0,0 @@ -+++ -title = "chef-server.rb 14 Optional Settings" -gh_repo = "chef-server" -+++ - -{{< reusable_text_versioned file="config_rb_server_summary" >}} - -## Settings - -The following sections describe the various settings that are available -in the chef-server.rb file. - -{{< note >}} -{{< reusable_text_versioned file="notes_config_rb_server_must_reconfigure" >}} -{{< /note >}} - -### General - -This configuration file has the following general settings: - -`addons['install']` - -: Default value: `false`. - -`addons['path']` - -: Default value: `nil`. - -`addons['packages']` - -: Default value: - - ```ruby - %w{chef-manage} - ``` - -`api_version` - -: The version of the Chef Infra Server. Default value: `'12.0.0'`. - -`default_orgname` - -: The `ORG_NAME` part of the `/organizations` endpoint in Chef Infra - Server. - -`flavor` - -: Default value: `'cs'`. - -`fips` - -: Set to `true` to run the server in FIPS compliance mode. Set to - `false` to force the server to run without FIPS compliance mode. - Default: The value in the kernel configuration. - -{{< note spaces=4 >}} -Chef Infra Server versions earlier than 14.5 configured with `nginx['enable_non_ssl'] = false` and `fips = true` require `export CSC_LB_URL=https://127.0.0.1` to run the command `chef-server-ctl reindex ` -{{< /note >}} - -`insecure_addon_compat` - -: Set to `true` to keep Chef Infra Server compatible with older add-on - versions by rendering secrets and credentials to - `/etc/opscode/chef-server-running.json` and other files in - `/etc/opscode/`. When set to `false`, secrets are **only** written - to `/etc/opscode/private-chef-secrets.json` and **not** to any other - files. Default value: `true`. - - See [Add-on - Compatibility]({{< relref "/server/server_security#add-on-compatibility" >}}) for the - minimum add-on versions supporting `insecure_addon_compat false`. - -`install_path` - -: The directory in which the Chef Infra Server is installed. Default - value: `'/opt/opscode'`. - -`from_email` - -: The email address from which invitations to the Chef management - console are sent. Default value: `'"Opscode" '`. - -`license['nodes']` - -: The number of licensed nodes. Default value: `25`. - -`license['upgrade_url']` - -: The URL to visit for more information about how to update the number - of nodes licensed for an organization. Default value: - `'https://www.chef.io/pricing'`. - -`notification_email` - -: The email addressed to which email notifications are sent. Default - value: `'pc-default@chef.io'`. - -`role` - -: The configuration type of the Chef Infra Server. Possible values: - `backend`, `frontend`, or `standalone`. Default value: - `'standalone'`. - -`topology` - -: The topology of the Chef Infra Server. Possible values: `manual`, - `standalone`, and `tier`. Default value: `'standalone'`. - -### bookshelf - -{{< reusable_text_versioned file="server_services_bookshelf" >}} - -{{< note >}} -{{< reusable_text_versioned file="notes_server_aws_cookbook_storage" >}} -{{< /note >}} - -This configuration file has the following settings for `bookshelf`: - -`bookshelf['access_key_id']` - -: Deprecated. Use `chef-server-ctl set-secret bookshelf access_key_id` from - the [Secrets Management]({{< relref "/server/ctl_chef_server#secrets-management" >}}) - commands. - - The access key identifier. This may point at an external storage - location, such as Amazon EC2. See [AWS external bookshelf - settings]({{< relref "/server#aws-settings" >}}) for more information on configuring external bookshelf. Default value: **generated**. - -`bookshelf['data_dir']` - -: The directory in which on-disk data is stored. The default value is - the recommended value. Default value: - `/var/opt/opscode/bookshelf/data`. - -`bookshelf['dir']` - -: The working directory. The default value is the recommended value. - Default value: `/var/opt/opscode/bookshelf`. - -`bookshelf['enable']` - -: Enable a service. Default value: `true`. - -`bookshelf['enable_request_logging']` - -: Use to configure request logging for the bookshelf service. Default - value: `false`. - -`bookshelf['external_url']` - -: The base URL to which the service is to return links to API - resources. Use `:host_header` to ensure the URL is derived from the - host header of the incoming HTTP request. Default value: - `:host_header`. - -`bookshelf['listen']` - -: The IP address on which the service is to listen. Default value: - `127.0.0.1`. - -`bookshelf['log_directory']` - -: The directory in which log data is stored. The default value is the - recommended value. Default value: `/var/log/opscode/bookshelf`. - -`bookshelf['log_rotation']` - -: The log rotation policy for this service. Log files are rotated when - they exceed `file_maxbytes`. The maximum number of log files in the - rotation is defined by `num_to_keep`. Default value: - - ```ruby - { 'file_maxbytes' => 104857600, 'num_to_keep' => 10 } - ``` - -`bookshelf['port']` - -: The port on which the service is to listen. Default value: `4321`. - -`bookshelf['secret_access_key']` - -: Deprecated. Use `chef-server-ctl set-secret bookshelf secret_access_key` - from the [Secrets Management]({{< relref "/server/ctl_chef_server#secrets-management" >}}) - commands. - - The secret key. This may point at an external storage location, such - as Amazon EC2. See [AWS external bookshelf - settings]({{< relref "/server#aws-settings" >}}) for - more information on configuring external bookshelf. Default value: - **generated**. - -`bookshelf['storage_type']` - -: Determines where cookbooks are stored. Default value: `:filesystem`. - - In instances that require cookbooks to be stored within a SQL - backend, such as in a high availability setup, you must set - `storage_type` to `:sql`: - - ```ruby - bookshelf['storage_type'] = :sql - ``` - -`bookshelf['stream_download']` - -: Enable stream downloading of cookbooks. This setting (when `true`) - typically results in improved cookbook download performance, - especially with the memory usage of the **bookshelf** service and - the behavior of load balancers and proxies in-between Chef Infra - Client and the Chef Infra Server. Default value: `true`. - -`bookshelf['sql_connection_user']` - -: The PostgreSQL user name in `'username@hostname'` format (e.g. - `'bookshelf@my_postgresql.postgres.database.azure.com'`), where - `username` would normally equal the value of `bookshelf['sql_user']` - (default: `'bookshelf'`). This setting is **required** in an - external Azure PostgreSQL database-as-a-service configuration. If - set to `nil`, Chef Infra Server assumes that the database is not on - Azure and the PostgreSQL connection will be made using the value - specified in `bookshelf['sql_user']`. Default value: `nil`. - -`bookshelf['vip']` - -: The virtual IP address. This may point at an external storage - location, such as Amazon EC2. See [AWS external bookshelf - settings]({{< relref "/server#aws-settings" >}}) for - more information on configuring external bookshelf. Default value: - `127.0.0.1`. - -### bootstrap - -This configuration file has the following settings for `bootstrap`: - -`bootstrap['enable']` - -: Indicates whether an attempt to bootstrap the Chef Infra Server is - made. Generally only enabled on systems that have bootstrap enabled - via a `server` entry. Default value: `true`. - -### compliance forwarding - -The configuration file has the following settings for forwarding -`compliance` requests using the Chef Infra Server authentication system. - -`profiles['root_url']` - -: If set, any properly signed requests arriving at - `/organizations/ORGNAME/owners/OWNER/compliance` will be forwarded - to this URL. This is expected to be a fully qualified resource, e.g. - `http://compliance.example.org/owners/OWNER/compliance`. - -### dark_launch - -This configuration file has the following settings for `dark_launch`: - -`dark_launch['actions']` - -: Enable Chef actions. Default value: `true`. - -`dark_launch['add_type_and_bag_to_items']` - -: Default value: `true`. - -`dark_launch['new_theme']` - -: Default value: `true`. - -`dark_launch['private-chef']` - -: Default value: `true`. - -`dark_launch['quick_start']` - -: Default value: `false`. - -`dark_launch['reporting']` - -: Enable Reporting, which performs data collection during a Chef Infra - Client run. Default value: `true`. - -`dark_launch['sql_users']` - -: Default value: `true`. - -### data_collector - -This configuration file has the following settings for `data_collector`: - -`data_collector['root_url']` - -: The fully qualified URL to the data collector server API. When - present, it will enable the data collector in **opscode-erchef**. - This also enables Chef Infra Server authenticated forwarding any properly - signed requests arriving at `/organizations/ORGNAME/data-collector` - to this URL with the data collector token appended. This is also - target for requests authenticated and forwarded by the - `/organizations/ORGNAME/data-collector` endpoint. For the forwarding - to work correctly the `data_collector['token']` field must also be - set. For example, if the data collector in Chef Automate is being - used, the URI would look like: - `http://my_automate_server.example.org/data-collector/v0/`. - -`data_collector['proxy']` - -: If set to `true`, Chef Infra Server will proxy all requests sent to - `/data-collector` to the configured Chef Automate - `data_collector['root_url']`. Note that *this route* does not check - the request signature and add the right data_collector token, but - just proxies the Chef Automate endpoint **as-is**. Default value: `nil`. - -`data_collector['token']` - -: Deprecated. Use `chef-server-ctl set-secret data_collector token` from - the [Secrets Management]({{< relref "/server/ctl_chef_server#secrets-management" >}}) - commands. - - Legacy configuration for shared data collector security token. When - configured, the token will be passed as an HTTP header named - `x-data-collector-token` which the server can choose to accept or - reject. - -`data_collector['timeout']` - -: The amount of time (in milliseconds) before a request to the data - collector API times out. Default value: 30000. - -`data_collector['http_init_count']` - -: The initial worker count for the HTTP connection pool that is used - by the data collector. Default value: 25. - -`data_collector['http_max_count']` - -: The maximum worker count for the HTTP connection pool that is used - by the data collector. Default value: 100. - -`data_collector['http_max_age']` - -: The maximum connection worker age (in seconds) for the HTTP - connection pool that is used by the data collector. Default value: - "{70, sec}". - -`data_collector['http_cull_interval']` - -: The maximum cull interval (in minutes) for the HTTP connection pool - that is used by the data collector. Default value: "{1, min}". - -`data_collector['http_max_connection_duration']` - -: The maximum connection duration (in seconds) for the HTTP connection - pool that is used by the data collector. Default value: "{70, sec}". - -`data_collector['ibrowse_options']` - -: An array of comma-separated key-value pairs of ibrowse options for - the HTTP connection pool that is used by the data collector. Default - value: "\[{connect_timeout, - 10000}\]". - -`data_collector['health_check']` - -: A boolean that controls whether the data collector health is - included in the overall health at the `_status` endpoint. When set - to `true`, Chef Infra Server will report that healthy front end Chef - HA cluster members have failed when the data_collector\['root_url'\] cannot be reached. As a result, the load balancer - will remove those members from the load balancer pool. Default - value: true\`. - -### estatsd - -This configuration file has the following settings for `estatsd`: - -`estatsd['dir']` - -: The working directory. The default value is the recommended value. - Default value: `'/var/opt/opscode/estatsd'`. - -`estatsd['enable']` - -: Enable a service. Default value: `true`. - -`estatsd['log_directory']` - -: The directory in which log data is stored. The default value is the - recommended value. Default value: `'/var/log/opscode/estatsd'`. - -`estatsd['port']` - -: The port on which the service is to listen. Default value: `9466`. - -`estatsd['protocol']` - -: Use to send application statistics with StatsD protocol formatting. - Set this value to `statsd` to apply StatsD protocol formatting. - -`estatsd['vip']` - -: The virtual IP address. Default value: `'127.0.0.1'`. - -### lb / lb_internal - -This configuration file has the following settings for `lb`: - -`lb['api_fqdn']` - -: The FQDN for the Chef Infra Server. FQDNs must always be in lowercase. Default value: `node['fqdn']`. - -`lb['ban_refresh_interval']` - -: Default value: `600`. - -`lb['bookshelf']` - -: Default value: `127.0.0.1`. - -`lb['cache_cookbook_files']` - -: Default value: `false`. - -`lb['chef_max_version']` - -: The maximum version of Chef Infra Client that is allowed to access - the Chef Infra Server via the Chef Infra Server API. Default value: - `11`. - -`lb['chef_min_version']` - -: The minimum version of Chef Infra Client that is allowed to access - the Chef Infra Server via the Chef Infra Server API. Default value: - `10`. - -`lb['chef_server_webui']` - -: Default value: `127.0.0.1`. - -`lb['debug']` - -: Default value: `false`. - -`lb['enable']` - -: Enable a service. Default value: `true`. - -`lb['erchef']` - -: Default value: `127.0.0.1`. - -`lb['maint_refresh_interval']` - -: Default value: `600`. - -`lb['redis_connection_pool_size']` - -: Default value: `250`. - -`lb['redis_connection_timeout']` - -: The amount of time (in milliseconds) to wait before timing out. - Default value: `1000`. - -`lb['redis_keepalive_timeout']` - -: The amount of time (in milliseconds) to wait before timing out. - Default value: `2000`. - -`lb['upstream']['bookshelf']` - -: The default value is the recommended value. Default value: - `[ '127.0.0.1' ]`. - -`lb['upstream']['oc_bifrost']` - -: The default value is the recommended value. Default value: - `[ '127.0.0.1' ]`. - -`lb['upstream']['opscode_erchef']` - -: The default value is the recommended value. Default value: - `[ '127.0.0.1' ]`. - -`lb['upstream']['opscode_solr4']` - -: The default value is the recommended value. Default value: - `[ '127.0.0.1' ]`. - -`lb['vip']` - -: The virtual IP address. Default value: `127.0.0.1`. - -`lb['web_ui_fqdn']` - -: FQDNs must always be in lowercase. Default value: `node['fqdn']`. - -`lb['xdl_defaults']['503_mode']` - -: The default value is the recommended value. Default value: `false`. - -`lb['xdl_defaults']['couchdb_acls']` - -: The default value is the recommended value. Default value: `true`. - -`lb['xdl_defaults']['couchdb_association_requests']` - -: The default value is the recommended value. Default value: `true`. - -`lb['xdl_defaults']['couchdb_associations']` - -: The default value is the recommended value. Default value: `true`. - -`lb['xdl_defaults']['couchdb_containers']` - -: The default value is the recommended value. Default value: `true`. - -`lb['xdl_defaults']['couchdb_groups']` - -: The default value is the recommended value. Default value: `true`. - -`lb['xdl_defaults']['couchdb_organizations']` - -: The default value is the recommended value. Default value: `true`. - -And for the internal load balancers: - -`lb_internal['account_port']` - -: Default value: `9685`. - -`lb_internal['chef_port']` - -: Default value: `9680`. - -`lb_internal['enable']` - -: Default value: `true`. - -`lb_internal['oc_bifrost_port']` - -: Default value: `9683`. - -`lb_internal['vip']` - -: The virtual IP address. Default value: `'127.0.0.1'`. - -### ldap - -{{< reusable_text_versioned file="config_rb_server_settings_ldap" >}} - -### nginx - -This configuration file has the following settings for `nginx`: - -`nginx['cache_max_size']` - -: The `max_size` parameter used by the Nginx cache manager, which is - part of the `proxy_cache_path` directive. When the size of file - storage exceeds this value, the Nginx cache manager removes the - least recently used data. Default value: `5000m`. - -`nginx['client_max_body_size']` - -: The maximum accepted body size for a client request, as indicated by - the `Content-Length` request header. Default value: `250m`. - -`nginx['dir']` - -: The working directory. The default value is the recommended value. - Default value: `/var/opt/opscode/nginx`. - -`nginx['enable']` - -: Enable a service. Default value: `true`. - -`nginx['enable_ipv6']` - -: Enable Internet Protocol version 6 (IPv6) addresses. Default value: - `false`. - -`nginx['enable_non_ssl']` - -: Allow port 80 redirects to port 443. Set to - `true`, to enable SSL termination by the front-end hardware load balancers for WebUI and API endpoints. Default value: `false`. - -{{< note spaces=4 >}} -Chef Infra Server versions earlier than 14.5 configured with `nginx['enable_non_ssl'] = false` and `fips = true` require `export CSC_LB_URL=https://127.0.0.1` to run the command `chef-server-ctl reindex ` -{{< /note >}} - -`nginx['enable_stub_status']` - -: Enables the Nginx `stub_status` module. See - `nginx['stub_status']['allow_list']`, - `nginx['stub_status']['listen_host']`, - `nginx['stub_status']['listen_port']`, and - `nginx['stub_status']['location']`. Default value: `true`. - -`nginx['gzip']` - -: Enable gzip compression. Default value: `on`. - -`nginx['gzip_comp_level']` - -: The compression level used with gzip, from least amount of - compression (`1`, fastest) to the most (`2`, slowest). Default - value: `2`. - -`nginx['gzip_http_version']` - -: Enable gzip depending on the version of the HTTP request. Default - value: `1.0`. - -`nginx['gzip_proxied']` - -: The type of compression used based on the request and response. - Default value: `any`. - -`nginx['gzip_types']` - -: Enable compression for the specified MIME-types. Default value: - - ```ruby - [ 'text/plain', - 'text/css', - 'application/x-javascript', - 'text/xml', 'application/xml', - 'application/xml+rss', - 'text/javascript', - 'application/json' - ] - ``` - -`nginx['keepalive_timeout']` - -: The amount of time (in seconds) to wait for requests on a HTTP - keepalive connection. Default value: `65`. - -`nginx['log_directory']` - -: The directory in which log data is stored. The default value is the - recommended value. Default value: `/var/log/opscode/nginx`. - -`nginx['log_rotation']` - -: The log rotation policy for this service. Log files are rotated when - they exceed `file_maxbytes`. The maximum number of log files in the - rotation is defined by `num_to_keep`. Default value: - `{ 'file_maxbytes' => 104857600, 'num_to_keep' => 10 }` - -`nginx['log_x_forwarded_for']` - -: Log \$http_x_forwarded_for ("X-Forwarded-For") instead of - \$remote_addr if `true`. Default value `false`. - -`nginx['non_ssl_port']` - -: The port on which the WebUI and API are bound for non-SSL - connections. Default value: `80`. Use `nginx['enable_non_ssl']` to - enable or disable SSL redirects on this port number. Set to `false` - to disable non-SSL connections. - -`nginx['sendfile']` - -: Copy data between file descriptors when `sendfile()` is used. - Default value: `on`. - -`nginx['server_name']` - -: The FQDN for the server. FQDNs must always be in lowercase. Default value: `node['fqdn']`. - -`nginx['ssl_certificate']` - -: The SSL certificate used to verify communication over HTTPS. Default - value: `nil`. - -`nginx['ssl_certificate_key']` - -: The certificate key used for SSL communication. Default value: - `nil`. - -`nginx['ssl_ciphers']` - -: The list of supported cipher suites that are used to establish a - secure connection. To favor AES256 with ECDHE forward security, drop - the `RC4-SHA:RC4-MD5:RC4:RSA` prefix. See [this - link](https://www.openssl.org/docs/man1.1.1/man1/ciphers.html) for more - information. For example: - - ```ruby - nginx['ssl_ciphers'] = HIGH: ... :!PSK - ``` - -`nginx['ssl_company_name']` - -: The name of your company. Default value: `YouCorp`. - -`nginx['ssl_country_name']` - -: The country in which your company is located. Default value: `US`. - -`nginx['ssl_email_address']` - -: The default email address for your company. Default value: - `you@example.com`. - -`nginx['ssl_locality_name']` - -: The city in which your company is located. Default value: `Seattle`. - -`nginx['ssl_organizational_unit_name']` - -: The organization or group within your company that is running the - Chef Infra Server. Default value: `Operations`. - -`nginx['ssl_port']` - -: Default value: `443`. - -`nginx['ssl_protocols']` - -: The SSL protocol versions that are enabled for the Chef Infra Server API. - Starting with Chef Infra Server 14.3, this value defaults to `'TLSv1.2'` for - enhanced security. Previous releases defaulted to `'TLSv1 TLSv1.1 TLSv1.2'`, - which allowed for less secure SSL connections. TLS 1.2 is supported on - Chef Infra Client 10.16.4 and later on Linux, Unix, and macOS, and on Chef - Infra Client 12.8 and later on Windows. If it is necessary to support these older end-of-life - Chef Infra Client releases, set this value to `'TLSv1.1 TLSv1.2'`. - - ```ruby - nginx['ssl_protocols'] = 'TLSv1.2' - ``` - - Default value: `TLSv1.2`. - -`nginx['ssl_state_name']` - -: The state, province, or region in which your company is located. - Default value: `WA`. - -`nginx['strict_host_header']` - -: Whether nginx should only respond to requests where the Host header - matches one of the configured FQDNs. Default value: `false`. - -`nginx['stub_status']['allow_list']` - -: The IP address on which accessing the `stub_status` endpoint is - allowed. Default value: `["127.0.0.1"]`. - -`nginx['stub_status']['listen_host']` - -: The host on which the Nginx `stub_status` module listens. Default - value: `"127.0.0.1"`. - -`nginx['stub_status']['listen_port']` - -: The port on which the Nginx `stub_status` module listens. Default - value: `"9999"`. - -`nginx['stub_status']['location']` - -: The name of the Nginx `stub_status` endpoint used to access data - generated by the Nginx `stub_status` module. Default value: - `"/nginx_status"`. - -`nginx['tcp_nodelay']` - -: Enable the Nagle buffering algorithm. Default value: `on`. - -`nginx['tcp_nopush']` - -: Enable TCP/IP transactions. Default value: `on`. - -`nginx["time_format"]` - -: The time format of nginx `access.log`. Possible values : `"time_iso8601"` (ex: [2020-10-21T07:22:00+00:00]), `"time_local"` (ex: [07/Jun/2018:01:05:11 +0900]). - - Default value : `"time_iso8601"`. - - **New in Chef Infra Server 14.1** - -`nginx['url']` - -: Default value: `https://#{node['fqdn']}`. - -`nginx['use_implicit_hosts']` - -: Automatically add localhost and any - local IP addresses to the configured FQDNs. Useful in combination - with `nginx['strict_host_header']`. Default value: `true`. - -`nginx['show_welcome_page']` - -: Determines whether or not the default nginx welcome page is shown. - Default value: `true`. - -`nginx['worker_connections']` - -: The maximum number of simultaneous clients. Use with - `nginx['worker_processes']` to determine the maximum number of - allowed clients. Default value: `10240`. - -`nginx['worker_processes']` - -: The number of allowed worker processes. Use with - `nginx['worker_connections']` to determine the maximum number of - allowed clients. Default value: `node['cpu']['total'].to_i`. - -`nginx['x_forwarded_proto']` - -: The protocol used to connect to the server. Possible values: `http` - and `https`. This is the protocol used to connect to the Chef Infra - Server by a Chef Infra Client or a workstation. Default value: - `'https'`. - -`nginx['hsts_max_age']` - -: Time duration in seconds till which the browser caches the `HSTS` information. - Possible values: greater than or equal to `31536000` and less than or equal to `63072000`. - Default value: `31536000` (1 year). - -`nginx['nginx_no_root']` - -: Boolean, default `false`. Specifies that `nginx` processes, including the `master` process, should not - run as the `root` user on a system and will instead run as `user['username']` (defaults to `opscode`). - **REQUIRES** that `nginx['ssl_port']` and `nginx['non_ssl_port']` options are configured to non-privileged - ports greater than `1024` or that the local system is otherwise allowed to bind to privileged ports - with the user `user['username']`. - - **New in Chef Infra Server 14.10* - -### oc_bifrost - -{{< reusable_text_versioned file="server_services_bifrost" >}} - -This configuration file has the following settings for `oc_bifrost`: - -`oc_bifrost['db_pool_size']` - -: The number of open connections to PostgreSQL that are maintained by - the service. This value should be increased if failures indicate - that the **oc_bifrost** service ran out of connections. This value - should be tuned in conjunction with the - `postgresql['max_connections']` setting for PostgreSQL. Default - value: `20`. - -`oc_bifrost['dir']` - -: The working directory. The default value is the recommended value. - Default value: `/var/opt/opscode/oc_bifrost`. - -`oc_bifrost['enable']` - -: Enable a service. Default value: `true`. - -`oc_bifrost['enable_request_logging']` - -: Use to configure request logging for the `oc_bifrost` service. - Default value: `true`. - -`oc_bifrost['extended_perf_log']` - -: Default value: `true`. - -`oc_bifrost['listen']` - -: The IP address on which the service is to listen. Default value: - `'127.0.0.1'`. - -`oc_bifrost['log_directory']` - -: The directory in which log data is stored. The default value is the - recommended value. Default value: `/var/log/opscode/oc_bifrost`. - -`oc_bifrost['log_rotation']` - -: The log rotation policy for this service. Log files are rotated when - they exceed `file_maxbytes`. The maximum number of log files in the - rotation is defined by `num_to_keep`. Default value: - - ```ruby - { 'file_maxbytes' => 104857600, 'num_to_keep' => 10 } - ``` - -`oc_bifrost['port']` - -: The port on which the service is to listen. Default value: `9463`. - -`oc_bifrost['sql_connection_user']` - -: The PostgreSQL user name in `'username@hostname'` format (e.g. - `'bifrost@my_postgresql.postgres.database.azure.com'`), where - `username` would normally equal the value of - `oc_bifrost['sql_user']` (default: `'bifrost'`). This setting is - **required** in an external Azure PostgreSQL database-as-a-service - configuration. If set to `nil`, Chef Infra Server assumes that the - database is not on Azure and the PostgreSQL connection will be made - using the value specified in `oc_bifrost['sql_user']`. Default - value: `nil`. - -`oc_bifrost['sql_password']` - -: The password for the `sql_user`. Default value: **generated**. - - To override the default value, use the [Secrets - Management]({{< relref "/server/ctl_chef_server#secrets-management" >}}) - command: `chef-server-ctl set-secret oc_bifrost sql_password`. - -`oc_bifrost['sql_ro_password']` - -: The password for the `sql_ro_user`. Default value: **generated**. - - To override the default value, use the [Secrets - Management]({{< relref "/server/ctl_chef_server#secrets-management" >}}) - command: `chef-server-ctl set-secret oc_bifrost sql_ro_password`. - -`oc_bifrost['sql_ro_user']` - -: Default value: `'bifrost_ro'`. - -`oc_bifrost['sql_user']` - -: The user with permission to publish data. Default value: - `'bifrost'`. - -`oc_bifrost['superuser_id']` - -: Default value: **generated**. - -`oc_bifrost['vip']` - -: The virtual IP address. Default value: `'127.0.0.1'`. - -### oc_chef_authz - -The **opscode-authz** service is used to handle authorization requests -from oc_erchef to oc_bifrost in the Chef Infra Server. - -This configuration file has the following settings for `oc_chef_authz`: - -`oc_chef_authz['http_cull_interval']` - -: Default value: `'{1, min}'`. - -`oc_chef_authz['http_init_count']` - -: Default value: `25`. - -`oc_chef_authz['http_max_age']` - -: Default value: `'{70, sec}'`. - -`oc_chef_authz['http_max_connection_duration']` - -: Default value: `'{70, sec}'`. - -`oc_chef_authz['http_max_count']` - -: Default value: `100`. - -`oc_chef_authz['ibrowse_options']` - -: The amount of time (in milliseconds) to wait for a connection to be - established. Default value: `'[{connect_timeout, 5000}]'`. - -`oc_chef_authz['max_connection_request_limit']` - -: The maximum number of requests allowed per connection. - Default value: `100`. - -### oc-chef-pedant - -This configuration file has the following settings for `oc-chef-pedant`: - -`oc_chef_pedant['debug_org_creation']` - -: Run tests with full output. Default value: `false`. - -`oc_chef_pedant['dir']` - -: The working directory. The default value is the recommended value. - Default value: - - ```ruby - '/var/opt/opscode/oc-chef-pedant' - ``` - -`oc_chef_pedant['log_directory']` - -: The directory in which log data is stored. The default value is the - recommended value. Default value: - - ```ruby - '/var/log/opscode/oc-chef-pedant' - ``` - -`oc_chef_pedant['log_http_requests']` - -: Log HTTP requests in a file named `http-traffic.log` that is located - in the path specified by `log_directory`. Default value: `true`. - -`oc_chef_pedant['log_rotation']` - -: The log rotation policy for this service. Log files are rotated when - they exceed `file_maxbytes`. The maximum number of log files in the - rotation is defined by `num_to_keep`. Default value: - - ```ruby - { 'file_maxbytes' => 104857600, 'num_to_keep' => 10 } - ``` - -### oc-id - -{{< reusable_text_versioned file="server_services_oc_id" >}} - -This configuration file has the following settings for `oc-id`: - -`oc_id['administrators']` - -: An array of Chef Infra Server user names who may add applications to - the identity service. For example, `['user1', 'user2']`. Default - value: `[ ]`. - -`oc_id['applications']` - -: A Hash that contains OAuth 2 application information. Default value: - `{ }`. - - {{< readfile file="content/server/reusable/md/config_ocid_application_hash_supermarket.md" >}} - -`oc_id['db_pool_size']` - -: The number of open connections to PostgreSQL that are maintained by - the service. Default value: `'20'`. - -`oc_id['dir']` - -: The working directory. The default value is the recommended value. - Default value: none. - -`oc_id['enable']` - -: Enable a service. Default value: `true`. - -`oc_id['email_from_address']` - -: Outbound email address. Defaults to the `'from_email'` value. - -`oc_id['log_directory']` - -: The directory in which log data is stored. The default value is the - recommended value. Default value: `'/var/opt/opscode/oc_id'`. - -`oc_id['log_rotation']` - -: The log rotation policy for this service. Log files are rotated when - they exceed `file_maxbytes`. The maximum number of log files in the - rotation is defined by `num_to_keep`. Default value: - - ```ruby - { 'file_maxbytes' => 104857600, 'num_to_keep' => 10 } - ``` - -`oc_id['origin']` - -: The FQDN for the server that is sending outbound email. FQDNs must - always be in lowercase. Defaults to the `'api_fqdn'` value, which - is the FQDN for the Chef Infra Server. - -`oc_id['num_to_keep']` - -: The number of log files to keep. Default value: `10`. - -`oc_id['port']` - -: The port on which the service is to listen. Default value: `9090`. - -`oc_id['sql_connection_user']` - -: The PostgreSQL user name in `'username@hostname'` format (e.g. - `'oc_id@my_postgresql.postgres.database.azure.com'`), where - `username` would normally equal the value of `oc_id['sql_user']` - (default: `'od_id'`). This setting is **required** in an external - Azure PostgreSQL database-as-a-service configuration. If set to - `nil`, Chef Infra Server assumes that the database is not on Azure - and the PostgreSQL connection will be made using the value specified - in `oc_id['sql_user']`. Default value: `nil`. - -`oc_id['sql_database']` - -: The name of the database. Default value: `oc_id`. - -`oc_id['sql_password']` - -: The password for the `sql_user`. Default value: **generated**. - - To override the default value, use the [Secrets - Management]({{< relref "/server/ctl_chef_server#secrets-management" >}}) - command: `chef-server-ctl set-secret oc_id sql_password`. - -`oc_id['sql_user']` - -: The user with permission to write to `sql_database`. Default value: - `oc_id`. - -`oc_id['vip']` - -: The virtual IP address. Default value: `'127.0.0.1'`. - -### opscode-erchef - -{{< reusable_text_versioned file="server_services_erchef" >}} - -This configuration file has the following settings for `opscode-erchef`: - -`opscode_erchef["allow_email_update_only_from_manage"]` - -: Set to `true`, users can only update their email from the Chef management console. - Set to `false`, users can update their email using knife and the Chef management console. - - Default value : `false`. - - **New in Chef Infra Server 14.5** - -`opscode_erchef['auth_skew']` - -: Default value: `900`. - -`opscode_erchef['authz_fanout']` - -: Default value: `20`. - -`opscode_erchef['authz_timeout']` - -: The amount of time (in seconds) before a request to the - **oc_bifrost** service times out. Default value: `2000`. - -`opscode_erchef['base_resource_url']` - -: The base URL to which the service is to return links to API - resources. Use `:host_header` to ensure the URL is derived from the - host header of the incoming HTTP request. Default value: - `:host_header`. - -`opscode_erchef['bulk_fetch_batch_size']` - -: The number of nodes that may be deserialized. Currently only applies - to the `/search` endpoint in the Chef Infra Server API. The default - value is the recommended value. Default value: `5`. - -`opscode_erchef['cache_ttl']` - -: Default value: `3600`. - -`opscode_erchef['cleanup_batch_size']` - -: Default value: `0`. - -`opscode_erchef['couchdb_max_conn']` - -: Default value: `'100'`. - -`opscode_erchef['db_pool_size']` - -: The number of open connections to PostgreSQL that are maintained by - the service. Default value: `20`. - -`opscode_erchef['depsolver_timeout']` - -: The amount of time (in milliseconds) to wait for cookbook dependency - problems to be solved. Default value: `'5000'`. - -`opscode_erchef['depsolver_worker_count']` - -: The number of Ruby processes for which cookbook dependency problems - are unsolved. Use the `pgrep -fl depselector` command to verify the - number of depsolver workers that are running. If you are seeing 503 - service unavailable errors, increase this value. Default value: - `'5'`. - -`opscode_erchef['dir']` - -: The working directory. The default value is the recommended value. - Default value: `/var/opt/opscode/opscode-erchef`. - -`opscode_erchef['enable']` - -: Enable a service. Default value: `true`. - -`opscode_erchef['enable_actionlog']` - -: Use to enable Chef actions, a premium feature of the Chef Infra - Server. Default value: `false`. - -`opscode_erchef['enable_request_logging']` - -: Use to configure request logging for the `opscode_erchef` service. - Default value: `true`. - -`opscode_erchef['ibrowse_max_pipeline_size']` - -: Default value: `1`. - -`opscode_erchef['ibrowse_max_sessions']` - -: Default value: `256`. - -`opscode_erchef['enable_ibrowse_traces']` - -: Use to configure ibrowse logging for the `opscode_erchef` service. - Default value: `false`. - -`opscode_erchef["include_version_in_status"]` - -: Set to `true` to include `server_version` as part of the `/_status` endpoint. - - Default value : `false`. - - **New in Chef Infra Server 14.1** - -`opscode_erchef['listen']` - -: The IP address on which the service is to listen. Default value: - `127.0.0.1`. - -`opscode_erchef['log_directory']` - -: The directory in which log data is stored. The default value is the - recommended value. Default value: `/var/log/opscode/opscode-erchef`. - -`opscode_erchef['log_rotation']` - -: The log rotation policy for this service. Log files are rotated when - they exceed `file_maxbytes`. The maximum number of log files in the - rotation is defined by `num_to_keep`. Default value: - - ```ruby - { 'file_maxbytes' => 104857600, 'num_to_keep' => 10 } - ``` - -`opscode_erchef['max_cache_size']` - -: Default value: `10000`. - -`opscode_erchef['max_request_size']` - -: When the request body size is greater than this value, a - `413 Request Entity Too Large` error is returned. Default value: - `2000000`. - -`opscode_erchef['nginx_bookshelf_caching']` - -: Whether Nginx is used to cache cookbooks. When `:on`, Nginx serves - up the cached content instead of forwarding the request. Default - value: `:off`. - -`opscode_erchef['port']` - -: The port on which the service is to listen. Default value: `8000`. - -`opscode_erchef['reindex_batch_size']` - -: The number of items to fetch from the database and send to the - search index at a time. Default value: `10`. - -`opscode_erchef['reindex_sleep_min_ms']` - -: The minimum number of milliseconds to sleep before retrying a failed - attempt to index an item. Retries are delayed a random number of - miliseconds between `reindex_sleep_min_ms` and - `reindex_sleep_max_ms`. Set both this and `reindex_sleep_max_ms` to - 0 to retry without delay. Default value: `500` - -`opscode_erchef['reindex_sleep_max_ms']` - -: The maximum number of milliseconds to sleep before retrying a failed - attempt to index an item. Retries are delayed a random number of - miliseconds between `reindex_sleep_min_ms` and - `reindex_sleep_max_ms`. Set both this and `reindex_sleep_min_ms` to - 0 to retry without delay. Default value: `2000` - -`opscode_erchef['reindex_item_retries']` - -: The number of times to retry sending an object for indexing in the - case of failure. Default value: `3` - -`opscode_erchef['root_metric_key']` - -: Default value: `chefAPI`. - -`opscode_erchef['s3_bucket']` - -: The name of the Amazon Simple Storage Service (S3) bucket. This may - point at external storage locations, such as Amazon EC2. See [AWS - external bookshelf - settings]({{< relref "/server#aws-settings" >}}) for - more information on configuring external bookshelf. - -`opscode_erchef['s3_parallel_ops_fanout']` - -: Default value: `20`. - -`opscode_erchef['s3_parallel_ops_timeout']` - -: Default value: `5000`. - -`opscode_erchef['s3_url_expiry_window_size']` - -: The frequency at which unique URLs are generated. This value may be - a specific amount of time, i.e. `15m` (fifteen minutes) or a - percentage of the value of `s3_url_ttl`, i.e. `10%`. Default value: - `:off`. - -`opscode_erchef['s3_url_ttl']` - -: The amount of time (in seconds) before connections to the server - expire. If node bootstraps are timing out, increase this setting. - Default value: `28800`. - -`opscode_erchef['s3_url_type']` - -: The URL style to use (`path` or `vhost`) when connecting to S3. - Mainly used to manually override the default setting. Note that - Amazon may eliminate path-style URLs on some or all S3 buckets - in the future. Default value: `vhost`. - -`opscode_erchef['sql_connection_user']` - -: The PostgreSQL user name in `'username@hostname'` format (e.g. - `'opscode_chef@my_postgresql.postgres.database.azure.com'`), where - `username` would normally equal the value of - `opscode-erchef['sql_user']` (default: `'opscode_chef'`). This - setting is **required** in an external Azure PostgreSQL - database-as-a-service configuration. If set to `nil`, Chef Infra - Server assumes that the database is not on Azure and the PostgreSQL - connection will be made using the value specified in - `opscode_erchef['sql_user']`.Default value: `nil`. - -`opscode_erchef['strict_search_result_acls']` - -: {{< reusable_text_versioned file="settings_strict_search_result_acls" >}} - -`opscode_erchef['udp_socket_pool_size']` - -: Default value: `20`. - -`opscode_erchef['umask']` - -: Default value: `0022`. - -`opscode_erchef['validation_client_name']` - -: Default value: `chef-validator`. - -`opscode_erchef['vip']` - -: The virtual IP address. Default value: `127.0.0.1`. - -`opscode_erchef['cbv_cache_enabled']` - -: Enable cookbook version response caching by setting this to `true`. If you frequently see - very long response times from `cookbook_versions` when under load, this is worth enabling. - Enabling this makes it possible for a client to receive stale results. When a cookbook is updated - in place (without incrementing the version), and the old response has not expired from the cache, - the Infra Server will give the old response to the client. Subsequent client runs will receive the - updated response. Default value: `false`. - -`opscode_erchef['cbv_cache_item_ttl']` - -: The maximum time in milliseconds that Chef Infra Server will keep any given cookbook version response in the cache when - when `cbv_cache_enabled` is enabled. - Default value: `30000`. - -{{< note >}} -Be careful if increasing this number - requests for a given set of cookbook versions will be stale if the resolved cookbook versions are updated before the cache entry times out. This will -not occur if you increment the version of a cookbook with every cookbook update, which is the recommended approach to updating cookbooks. -{{< /note >}} - -`opscode_erchef['search_queue_mode']` - -: The search index queue mode . Default value: `batch`. - -`opscode_erchef['search_provider']` - -: The search index provider. Default value: `elasticsearch`. - -`opscode_erchef['search_auth_username']` - -: The OpenSearch username. Default value: `opensearch_user`. - -`opscode_erchef['search_auth_password']` - -: The OpenSearch password. Default value: `nil`. - -### OpenSearch - -This configuration file has the following settings for `opensearch`: - -`opensearch['enable']` - -: Enable the service. Default value: `true`. - -`opensearch['dir']` - -: The working directory. The default value is the recommended value. Default value: `/var/opt/opscode/opensearch` - -`opensearch['data_dir']` - -: The paths used to store data. Default value: `/var/opt/opscode/elasticsearch/data` - -`opensearch['plugins_directory']` - -: The default location of the plugins directory depends on which package you install. Default value: `/var/opt/opscode/opensearch/plugins` - -`opensearch['scripts_directory']` - -: The default location of the scripts directory depends on which package you install. Default value: `/var/opt/opscode/opensearch/scripts` - -`opensearch['temp_directory']` - -: By default, OpenSearch uses a private temporary directory that the startup script creates immediately below the system temporary directory. Default value: `/var/opt/opscode/opensearch/tmp` - -`opensearch['log_directory']` - -: The directory in which log data is stored. The default value is the recommended value. Default value: `/var/log/opscode/opensearch` - -`opensearch['log_rotation']['file_maxbytes']` - -: The log rotation policy for this service. Log files are rotated when they exceed `file_maxbytes`. Default value: `104857600`. - -`opensearch['log_rotation']['num_to_keep']` - -: The log rotation policy for this service. `num_to_keep` specifies the maximum number of log files in the rotation. Default value: `10`. - -`opensearch['vip']` - -: The virtual IP address for the machine on which Apache Solr is running. Default value: `127.0.0.1` - -`opensearch['listen']` - -: The IP address for the machine on which Apache Solr is running. Default value: `127.0.0.1` - -`opensearch['port']` - -: The port on which the service is listening. Default value: `9200` - -`opensearch['enable_gc_log']` - -: Enable or disable GC logging. Default value: `false` - -`opensearch['initial_cluster_join_timeout']` - -: Default value: `90` - -`opensearch['jvm_opts']` - -: Default values are set based on [JVM configuration options](https://github.com/elastic/elasticsearch/blob/6.8/distribution/src/config/jvm.options). - - {{< note spaces=4 >}} - - Each item in this list will be placed as is into the `java_opts` config file. Entries are set in chef-server.rb as: - - ```ruby - opensearch.jvm_opts = [ - "-xoption1", - "-xoption2", - ... - "optionN" - ] - ``` - - {{< /note >}} - -`opensearch['heap_size']` - -: The amount of memory (in MBs) available to OpenSearch. If there is not enough memory available, search queries made by nodes to OpenSearch may fail. The amount of memory that must be available also depends on the number of nodes in the organization, the frequency of search queries, and other characteristics that are unique to each organization. In general, as the number of nodes increases, so does the amount of memory. The default value should work for many organizations with fewer than 25 nodes. For an organization with several hundred nodes, the amount of memory that is required often exceeds 3GB. Default value is is equivalent to 25% of the system memory or 1024 MB, whichever is greater. - - {{< note spaces=4 >}} - - If `heap_size` is also specified directly in `java_opts`, it will be ignored in favor of the chef-server.rb values or the defaults as calculated here. Only use chef-server.rb to set `heap_size`. It will raise an error if the system memory is less than 4 GB. This value is bounded between 1 GB - 28 GB. - - {{< /note >}} - -`opensearch['new_size']` - -: Defaults to the larger of 1/16th of the `heap_size` or 32 MB. - - {{< note spaces=4 >}} - - If `new_size` is also specified directly in `java_opts`, it will be ignored in favor of the chef-server.rb values or the defaults calculated here. Only use chef-server.rb to set `new_size`. - - {{< /note >}} - -### External OpenSearch - -`opensearch['external']` - -: Enable external `opensearch` service by setting to `true`. Default value: `false`. - -`opensearch['external_url']` - -: The external OpenSearch URL. Example: `http://127.0.0.1:9200`. Default value: `nil` - -{{< note >}} -Chef Infra Server supports OpenSearch only as an external indexing provider. You must provide values for `external` and `external_url` under this configuration. -{{< /note >}} - -### Elasticsearch - -This configuration file has the following settings for `elasticsearch`: - -`elasticsearch['enable']` - -: Enable a service. Default value: `true`. - -`elasticsearch['dir']` - -: The working directory. The default value is the recommended value. Default value: `/var/opt/opscode/elasticsearch` - -`elasticsearch['data_dir']` - -: The paths used to store data. Default value: `/var/opt/opscode/elasticsearch/data` - -`elasticsearch['plugins_directory']` - -: The default location of the plugins directory depends on which package you install. Default value: `/var/opt/opscode/elasticsearch/plugins` - -`elasticsearch['scripts_directory']` - -: The default location of the scripts directory depends on which package you install. Default value: `/var/opt/opscode/elasticsearch/scripts` - -`elasticsearch['temp_directory']` - -: By default, Elasticsearch uses a private temporary directory that the startup script creates immediately below the system temporary directory. Default value: `/var/opt/opscode/elasticsearch/tmp` - -`elasticsearch['log_directory']` - -: The directory in which log data is stored. The default value is the recommended value. Default value: `/var/log/opscode/elasticsearch` - -`elasticsearch['log_rotation']['file_maxbytes']` - -: The log rotation policy for this service. Log files are rotated when they exceed file_maxbytes. Default value for 'file_maxbytes': `104857600` - -`elasticsearch['log_rotation']['num_to_keep']` - -: The log rotation policy for this service. The maximum number of log files in the rotation is defined by num_to_keep. Default value for 'num_to_keep': => `10` - -`elasticsearch['vip']` - -: The virtual IP address for the machine on which Apache Solr is running. Default value: `127.0.0.1` - -`elasticsearch['listen']` - -: The IP address for the machine on which Apache Solr is running. Default value: `127.0.0.1` - -`elasticsearch['port']` - -: The port on which the service is to listen. Default value: `9200` - -`elasticsearch['enable_gc_log']` - -: Enable or disable GC logging. Default value: `false` - -`elasticsearch['initial_cluster_join_timeout']` - -: Default value: `90` - -`elasticsearch['jvm_opts']` - -: Default values are set based on [JVM configuration options](https://github.com/elastic/elasticsearch/blob/6.8/distribution/src/config/jvm.options). - -{{< note >}} - -Each item in this list will be placed as is into the java_opts config file. Entries are set in chef-server.rb as: - -```ruby - elasticsearch.jvm_opts = [ - "-xoption1", - "-xoption2", - ... - "optionN" - ] -``` - -{{< /note >}} - -`elasticsearch['heap_size']` - -: The amount of memory (in MBs) available to Elasticsearch. If there is not enough memory available, search queries made by nodes to Elasticsearch may fail. The amount of memory that must be available also depends on the number of nodes in the organization, the frequency of search queries, and other characteristics that are unique to each organization. In general, as the number of nodes increases, so does the amount of memory. The default value should work for many organizations with fewer than 25 nodes. For an organization with several hundred nodes, the amount of memory that is required often exceeds 3GB. Default value is is equivalent to 25% of the system memory or 1024 MB, whichever is greater. - -{{< note >}} - -If new_size or heap_size is also specified directly in java_opts, it will be ignored in favor of the chef-server.rb values or the defaults as calculated here. Only use chef-server.rb to set heap and new sizes. Learn more about [Elasticsearch heap-size](https://www.elastic.co/guide/en/elasticsearch/reference/current/heap-size.html). It will error out if the system memory is less than 4 GB. This value is bounded between 1 GB - 28 GB. - -{{< /note >}} - -`elasticsearch['new_size']` - -: Defaults to the larger of 1/16th the heap_size and 32 MB. - -{{< note >}} - -If new_size or heap_size is also specified directly in java_opts, it will be ignored in favor of the chef-server.rb values or the defaults as calculated here. Only use chef-server.rb to set heap and new sizes. Learn more about [Elasticsearch heap-size documentation](https://www.elastic.co/guide/en/elasticsearch/reference/current/heap-size.html). - -{{< /note >}} - -### postgresql - -{{< reusable_text_versioned file="server_services_postgresql" >}} - -This configuration file has the following settings for `postgresql`: - -`postgresql['checkpoint_completion_target']` - -: A completion percentage that is used to determine how quickly a - checkpoint should finish in relation to the completion status of the - next checkpoint. For example, if the value is `0.5`, then a - checkpoint attempts to finish before 50% of the next checkpoint is - done. Default value: `0.5`. - -`postgresql['checkpoint_segments']` - -: The maximum amount (in megabytes) between checkpoints in log file - segments. Default value: `3`. - -`postgresql['checkpoint_timeout']` - -: The amount of time (in minutes) between checkpoints. Default value: - `5min`. - -`postgresql['checkpoint_warning']` - -: The frequency (in seconds) at which messages are sent to the server - log files if checkpoint segments are being filled faster than their - currently configured values. Default value: `30s`. - -`postgresql['data_dir']` - -: The directory in which on-disk data is stored. The default value is - the recommended value. Default value: - `/var/opt/opscode/postgresql/#{node['private_chef']['postgresql']['version']}/data`. - -`postgresql['db_connection_superuser']` - -: The PostgreSQL superuser name in `'username@hostname'` format (e.g. - `'opscode_pgsql@my_postgresql.postgres.database.azure.com'`), where - `username` would normally equal the value of - `postgresql['db_superuser']` with any dashes replaced by - underscores. This setting is **required** in an external Azure - PostgreSQL database-as-a-service configuration. If set to `nil`, - Chef Infra Server assumes that the database is not on Azure and the - PostgreSQL connection will be made using the value specified in - `postgresql['db_superuser']`. Default value: `nil`. - -`postgresql['db_superuser']` - -: Default value: `opscode-pgsql`. If `username` is set, set - `db_superuser` to the same value. - -`postgresql['db_superuser_password']` - -: Password for the DB superuser. Default value: **generated**. - - To override the default value, use the [Secrets - Management]({{< relref "/server/ctl_chef_server#secrets-management" >}}) - command: `chef-server-ctl set-db-superuser-password`. - -`postgresql['dir']` - -: The working directory. The default value is the recommended value. - Default value: - `/var/opt/opscode/postgresql/#{node['private_chef']['postgresql']['version']}`. - -`postgresql['effective_cache_size']` - -: The size of the disk cache that is used for data files. Default - value: 50% of available RAM. - -`postgresql['enable']` - -: Enable a service. Default value: `true`. - -`postgresql['home']` - -: The home directory for PostgreSQL. Default value: - `/var/opt/opscode/postgresql`. - -`postgresql['keepalives_count']` - -: The maximum number of keepalive proves that should be sent before - dropping a connection. Default value: `2`. - -`postgresql['keepalives_idle']` - -: The amount of time (in seconds) a connection must remain idle before - keepalive probes will resume. Default value: `60`. - -`postgresql['keepalives_interval']` - -: The amount of time (in seconds) between probes. Default value: `15`. - -`postgresql['listen_address']` - -: The connection source to which PostgreSQL is to respond. Default - value: `localhost`. - -`postgresql['log_directory']` - -: The directory in which log data is stored. The default value is the - recommended value. Default value: - `/var/log/opscode/postgresql/#{node['private_chef']['postgresql']['version']}`. - -`postgresql['log_min_duration_statement']` - -: When to log a slow PostgreSQL query statement. Possible values: `-1` - (disabled, do not log any statements), `0` (log every statement), or - an integer greater than zero. When the integer is greater than zero, - this value is the amount of time (in milliseconds) that a query - statement must have run before it is logged. Default value: `-1`. - -`postgresql['log_rotation']` - -: The log rotation policy for this service. Log files are rotated when - they exceed `file_maxbytes`. The maximum number of log files in the - rotation is defined by `num_to_keep`. Default value: - `{ 'file_maxbytes' => 104857600, 'num_to_keep' => 10 }` - -`postgresql['max_connections']` - -: The maximum number of allowed concurrent connections. Default value: - `350`. - -`postgresql['md5_auth_cidr_addresses']` - -: Use instead of `trust_auth_cidr_addresses` to encrypt passwords - using MD5 hashes. Default value: `[ '127.0.0.1/32', '::1/128' ]`. - -`postgresql['port']` - -: The port on which the service is to listen. Default value: `5432`. - -`postgresql['shared_buffers']` - -: The amount of memory that is dedicated to PostgreSQL for data - caching. Default value: - `#{(node['memory']['total'].to_i / 4) / (1024)}MB`. - -`postgresql['shell']` - -: Default value: `/bin/sh`. - -`postgresql['shmall']` - -: The total amount of available shared memory. Default value: - `4194304`. - -`postgresql['shmmax']` - -: The maximum amount of shared memory. Default value: `17179869184`. - -`postgresql['sslmode']` - -: SSL encryption mode between the Chef Infra Server and PostgreSQL. - Valid settings are `'disable'` and `'require'`. Default value: - `'disable'`. - -`postgresql['trust_auth_cidr_addresses']` - -: Use for clear-text passwords. See `md5_auth_cidr_addresses`. Default - value: `'127.0.0.1/32', '::1/128'`. - -`postgresql['user_path']` - -: Default value: `/opt/opscode/embedded/bin:/opt/opscode/bin:$PATH`. - -`postgresql['username']` - -: The PostgreSQL account user name. Default value: `opscode-pgsql`. If - setting this value, must set `db_superuser` to the same value. - -`postgresql['version']` - -: The (currently) hardcoded version of PostgreSQL. Default value: - `'9.2'`. - -`postgresql['vip']` - -: The virtual IP address. Default value: `127.0.0.1`. - -`postgresql['work_mem']` - -: The size (in megabytes) of allowed in-memory sorting. Default value: - `8MB`. - -`postgresql['pg_upgrade_timeout']` - -: The timeout value (in seconds) for PostgreSQL upgrade. Default value: - `7200`. - -### redis_lb - -{{< reusable_text_versioned file="server_services_redis" >}} - -This configuration file has the following settings for `redis_lb`: - -`redis_lb['activerehashing']` - -: Enable active rehashing. Default value: `'no'`. - -`redis_lb['aof_rewrite_min_size']` - -: The minimum size of the append-only file. Only files larger than - this value are rewritten. Default value: `'16mb'`. - -`redis_lb['aof_rewrite_percent']` - -: The size of the current append-only file, as compared to the base - size. The append-only file is rewritten when the current file - exceeds the base size by this value. Default value: `'50'`. - -`redis_lb['appendfsync']` - -: The frequency at which the operating system writes data on-disk, - instead of waiting for more data. Possible values: `no` (don't - fsync, let operating system flush data), `always` (fsync after every - write to the append-only log file), and `everysec` (fsync only once - time per second). Default value: `'always'`. - -`redis_lb['appendonly']` - -: Dump data asynchronously on-disk or to an append-only log file. Set - to `yes` to dump data to an append-only log file. Default value: - `'no'`. - -`redis_lb['bind']` - -: Bind Redis to the specified IP address. Default value: - `'127.0.0.1'`. - -`redis_lb['data_dir']` - -: The directory in which on-disk data is stored. The default value is - the recommended value. Default value: - `'/var/opt/opscode/redis_lb/data'`. - -`redis_lb['databases']` - -: The number of databases. Default value: `'16'`. - -`redis_lb['dir']` - -: The working directory. The default value is the recommended value. - Default value: `'/var/opt/opscode/redis_lb'`. - -`redis_lb['enable']` - -: Enable a service. Default value: `true`. - -`redis_lb['ha']` - -: Run the Chef Infra Server in a high availability topology. When - `topology` is set to `ha`, this setting defaults to `true`. Default - value: `false`. - -`redis_lb['keepalive']` - -: The amount of time (in seconds) to wait for requests on a - connection. Default value: `'60'`. - -`redis_lb['log_directory']` - -: The directory in which log data is stored. The default value is the - recommended value. Default value: `'/var/log/opscode/redis_lb'`. - -`redis_lb['log_rotation']` - -: The log rotation policy for this service. Log files are rotated when - they exceed `file_maxbytes`. The maximum number of log files in the - rotation is defined by `num_to_keep`. Default value: - - ```ruby - { 'file_maxbytes' => 104857600, 'num_to_keep' => 10 } - ``` - -`redis_lb['loglevel']` - -: The level of logging to be stored in a log file.. Possible values: - `debug`, `notice`, `verbose`, and `warning`. Default value: - `'notice'`. - -`redis_lb['maxmemory']` - -: The maximum amount of memory (in bytes). Default value: `'8m'`. - -`redis_lb['maxmemory_policy']` - -: The policy applied when the maximum amount of memory is reached. - Possible values: `allkeys-lru` (remove keys, starting with those - used least frequently), `allkeys-random` (remove keys randomly), - `noeviction` (don't expire, return an error on write operation), - `volatile-lru` (remove expired keys, starting with those used least - frequently), `volatile-random` (remove expired keys randomly), and - `volatile-ttl` (remove keys, starting with nearest expired time). - Default value: `'noeviction'`. - -`redis_lb['port']` - -: The port on which the service is to listen. Default value: - `'16379'`. - -`redis_lb['save_frequency']` - -: Set the save frequency. Pattern: - `{ "seconds" => "keys", "seconds" => "keys", "seconds" => "keys" }`. - Default value: - - ```ruby - { '900' => '1', '300' => '10', '60' => '1000' } - ``` - - Which saves the database every 15 minutes if at least one key - changes, every 5 minutes if at least 10 keys change, and every 60 - seconds if 10000 keys change. - -`redis_lb['timeout']` - -: The amount of time (in seconds) a client may be idle before timeout. - Default value: `'300'`. - -`redis_lb['vip']` - -: The virtual IP address. Default value: `'127.0.0.1'`. - -`redis_lb['password']` - -: Legacy configuration setting for the Redis password. Default value: - **generated**. - - To override the default value, use the [Secrets - Management]({{< relref "/server/ctl_chef_server#secrets-management" >}}) - command: `chef-server-ctl set-secret redis_lb password`. - -### upgrades - -This configuration file has the following settings for `upgrades`: - -`upgrades['dir']` - -: The working directory. The default value is the recommended value. - Default value: `'/var/opt/opscode/upgrades'`. - -### user - -This configuration file has the following settings for `user`: - -`user['home']` - -: The home directory for the user under which Chef Infra Server - services run. Default value: `/opt/opscode/embedded`. - -`user['shell']` - -: The shell for the user under which Chef Infra Server services run. - Default value: `/bin/sh`. - -`user['username']` - -: The user name under which Chef Infra Server services run. Default - value: `opscode`. - -### required_recipe - -`required_recipe` is a feature that allows an administrator to specify a -recipe that will be run by all Chef Infra Clients that connect to it, -regardless of the node's run list. This feature is targeted at expert -level practitioners who are delivering isolated configuration changes to -the target systems, such as self-contained agent software. Further -explanation of the feature can be found in -[Chef Infra Client Development Docs](https://github.com/chef/chef/blob/main/docs/dev/design_documents/server_enforced_recipes.md). - -This configuration file has the following settings for -`required_recipe`: - -`required_recipe["enable"]` - -: Whether the feature is enabled. Default value: `false`. - -`required_recipe["path"]` - -: The location of the recipe to serve. The file must be owned by the - root user and group, and may not be group or world-writeable. - Default value: `nil`. diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/index.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/index.md deleted file mode 100644 index 2ae2541c48..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/index.md +++ /dev/null @@ -1,3 +0,0 @@ -+++ -headless = true -+++ \ No newline at end of file diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/config_add_condition.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/config_add_condition.md deleted file mode 100644 index 5351c32bdc..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/config_add_condition.md +++ /dev/null @@ -1,13 +0,0 @@ -Use a `case` statement to apply different values based on whether the -setting exists on the front-end or back-end servers. Add code to the -server configuration file similar to the following: - -```ruby -role_name = ChefServer['servers'][node['fqdn']]['role'] -case role_name -when 'backend' - # backend-specific configuration here -when 'frontend' - # frontend-specific configuration here -end -``` diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/config_rb_server_settings_ldap.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/config_rb_server_settings_ldap.md deleted file mode 100644 index c9c78c48e9..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/config_rb_server_settings_ldap.md +++ /dev/null @@ -1,197 +0,0 @@ - -  - -
- -

Warning

- -
- -The following settings **MUST** be in the config file for LDAP -authentication to Active Directory to work: - -- `base_dn` -- `bind_dn` -- `group_dn` -- `host` - -If those settings are missing, you will get authentication errors and be -unable to proceed. - -
- -
- -This configuration file has the following settings for `ldap`: - -`ldap['base_dn']` - -: The root LDAP node under which all other nodes exist in the - directory structure. For Active Directory, this is typically - `cn=users` and then the domain. For example: - - ```ruby - 'OU=Employees,OU=Domain users,DC=example,DC=com' - ``` - - Default value: `nil`. - -`ldap['bind_dn']` - -: The distinguished name used to bind to the LDAP server. The user the - Chef Infra Server will use to perform LDAP searches. This is often - the administrator or manager user. This user needs to have read - access to all LDAP users that require authentication. The Chef Infra - Server must do an LDAP search before any user can log in. Many - Active Directory and LDAP systems do not allow an anonymous bind. If - anonymous bind is allowed, leave the `bind_dn` and `bind_password` - settings blank. If anonymous bind is not allowed, a user with `READ` - access to the directory is required. This user must be specified as - an LDAP distinguished name similar to: - - ```ruby - 'CN=user,OU=Employees,OU=Domainuser,DC=example,DC=com' - ``` - -
-

Note

-
- - If you need to escape characters in a distinguished name, such as - when using Active Directory, they must be [escaped with a backslash - escape - character](https://social.technet.microsoft.com/wiki/contents/articles/5312.active-directory-characters-to-escape.aspx). - - ```ruby - 'CN=example\\user,OU=Employees,OU=Domainuser,DC=example,DC=com' - ``` - -
-
- - Default value: `nil`. - -`ldap['bind_password']` - -: Deprecated. Use `chef-server-ctl set-secret ldap bind_password` from the - [Secrets Management](/ctl_chef_server.html#ctl-chef-server-secrets-management) - commands. - - Legacy configuration for the password of the binding user. The - password for the user specified by `ldap['bind_dn']`. Leave this - value and `ldap['bind_dn']` unset if anonymous bind is sufficient. - Default value: `nil`. - - ```bash - chef-server-ctl set-secret ldap bind_password - Enter ldap bind_password: (no terminal output) - Re-enter ldap bind_password: (no terminal output) - ``` - - Remove a set password via - - ```bash - chef-server-ctl remove-secret ldap bind_password - ``` - -`ldap['group_dn']` - -: The distinguished name for a group. When set to the distinguished - name of a group, only members of that group can log in. This feature - filters based on the `memberOf` attribute and only works with LDAP - servers that provide such an attribute. In OpenLDAP, the `memberOf` - overlay provides this attribute. For example, if the value of the - `memberOf` attribute is `CN=abcxyz,OU=users,DC=company,DC=com`, then - use: - - ```ruby - ldap['group_dn'] = 'CN=abcxyz,OU=users,DC=company,DC=com' - ``` - -`ldap['host']` - -: The name (or IP address) of the LDAP server. The hostname of the - LDAP or Active Directory server. Be sure the Chef Infra Server is - able to resolve any host names. Default value: `ldap-server-host`. - -`ldap['login_attribute']` - -: The LDAP attribute that holds the user's login name. Use to specify - the Chef Infra Server user name for an LDAP user. Default value: - `sAMAccountName`. - -`ldap['port']` - -: An integer that specifies the port on which the LDAP server listens. - The default value is an appropriate value for most configurations. - Default value: `389` or `636` when `ldap['encryption']` is set to - `:simple_tls`. - -`ldap['ssl_enabled']` - -: Cause the Chef Infra Server to connect to the LDAP server using SSL. - Default value: `false`. Must be `false` when `ldap['tls_enabled']` - is `true`. - -
-

Note

-
- - It's recommended that you enable SSL for Active Directory. - -
-
- -
-

Note

-
- - Previous versions of the Chef Infra Server used the - `ldap['ssl_enabled']` setting to first enable SSL, and then the - `ldap['encryption']` setting to specify the encryption type. These - settings are deprecated. - -
-
- -`ldap['system_adjective']` - -: A descriptive name for the login system that is displayed to users - in the Chef Infra Server management console. If a value like - "corporate" is used, then the Chef management console user interface - will display strings like "the corporate login server", "corporate - login", or "corporate password." Default value: `AD/LDAP`. - -
-

Warning

-
- - This setting is **not** used by the Chef Infra Server. It is used - only by the Chef management console. - -
-
- -`ldap['timeout']` - -: The amount of time (in seconds) to wait before timing out. Default - value: `60000`. - -`ldap['tls_enabled']` - -: Enable TLS. When enabled, communication with the LDAP server is done - via a secure SSL connection on a dedicated port. When `true`, - `ldap['port']` is also set to `636`. Default value: `false`. Must be - `false` when `ldap['ssl_enabled']` is `true`. - -
-

Note

-
- - Previous versions of the Chef Infra Server used the - `ldap['ssl_enabled']` setting to first enable SSL, and then the - `ldap['encryption']` setting to specify the encryption type. These - settings are deprecated. - -
-
diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/config_rb_server_summary.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/config_rb_server_summary.md deleted file mode 100644 index 019229038a..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/config_rb_server_summary.md +++ /dev/null @@ -1,8 +0,0 @@ -The `/etc/opscode/chef-server.rb` file contains all of the non-default -configuration settings used by the Chef Infra Server. The default -settings are built into the Chef Infra Server configuration and should -only be added to the `chef-server.rb` file to apply non-default values. -These configuration settings are processed when the -`chef-server-ctl reconfigure` command is run. The `chef-server.rb` file -is a Ruby file, which means that conditional statements can be used -within it. diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/notes_config_rb_server_must_reconfigure.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/notes_config_rb_server_must_reconfigure.md deleted file mode 100644 index e224908d32..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/notes_config_rb_server_must_reconfigure.md +++ /dev/null @@ -1,5 +0,0 @@ -When changes are made to the chef-server.rb file the Chef Infra Server must be reconfigured by running the following command: - -```bash -chef-server-ctl reconfigure -``` \ No newline at end of file diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/notes_server_aws_cookbook_storage.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/notes_server_aws_cookbook_storage.md deleted file mode 100644 index 0ad8df3c7c..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/notes_server_aws_cookbook_storage.md +++ /dev/null @@ -1,3 +0,0 @@ -To [configure the server for external cookbook -storage](/server/#aws-settings), updates are made to -settings for both the **bookshelf** and **opscode-erchef** services. \ No newline at end of file diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_services_bifrost.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_services_bifrost.md deleted file mode 100644 index 4ba0e07281..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_services_bifrost.md +++ /dev/null @@ -1,2 +0,0 @@ -The **oc_bifrost** service ensures that every request to view or manage -objects stored on the Chef Infra Server is authorized. diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_services_bookshelf.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_services_bookshelf.md deleted file mode 100644 index e1cd6c0881..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_services_bookshelf.md +++ /dev/null @@ -1,4 +0,0 @@ -The **bookshelf** service is an Amazon Simple Storage Service -(S3)-compatible service that is used to store cookbooks, including all -of the files---recipes, templates, and so on---that are associated with -each cookbook. diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_services_erchef.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_services_erchef.md deleted file mode 100644 index d277fe53e8..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_services_erchef.md +++ /dev/null @@ -1,11 +0,0 @@ -The **opscode-erchef** service is an Erlang-based service that is used -to handle Chef Infra Server API requests to the following areas within -the Chef Infra Server: - -- Cookbooks -- Data bags -- Environments -- Nodes -- Roles -- Sandboxes -- Search diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_services_oc_id.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_services_oc_id.md deleted file mode 100644 index 4082e755ef..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_services_oc_id.md +++ /dev/null @@ -1,6 +0,0 @@ -The **oc-id** service enables OAuth 2.0 authentication to the Chef Infra -Server by external applications, including Chef Supermarket. OAuth 2.0 -uses token-based authentication, where external applications use tokens -that are issued by the **oc-id** provider. No special -credentials---`webui_priv.pem` or privileged keys---are stored on the -external application. diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_services_postgresql.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_services_postgresql.md deleted file mode 100644 index e8611bd0e8..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_services_postgresql.md +++ /dev/null @@ -1 +0,0 @@ -The **postgresql** service is used to store node, object, and user data. diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_services_rabbitmq.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_services_rabbitmq.md deleted file mode 100644 index edb7c2248b..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_services_rabbitmq.md +++ /dev/null @@ -1,3 +0,0 @@ -The **rabbitmq** service is used to provide the message queue that is -used by the Chef Infra Server to get search data to Apache Solr so that -it can be indexed for search. diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_services_redis.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_services_redis.md deleted file mode 100644 index c9634cfd88..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_services_redis.md +++ /dev/null @@ -1,2 +0,0 @@ -Key-value store used in conjunction with Nginx to route requests and -populate request data used by the Chef Infra Server. diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_tuning_bookshelf.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_tuning_bookshelf.md deleted file mode 100644 index 21f57331c8..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_tuning_bookshelf.md +++ /dev/null @@ -1,6 +0,0 @@ -The following setting is often modified from the default as part of the -tuning effort for the **bookshelf** service: - -`bookshelf['vip']` - -: The virtual IP address. Default value: `node['fqdn']`. diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_tuning_erchef.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_tuning_erchef.md deleted file mode 100644 index 5591c2ec00..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_tuning_erchef.md +++ /dev/null @@ -1,22 +0,0 @@ -The following settings are often modified from the default as part of -the tuning effort for the **opscode-erchef** service: - -`opscode_erchef['db_pool_size']` - -: The number of open connections to PostgreSQL that are maintained by - the service. If failures indicate that the **opscode-erchef** - service ran out of connections, try increasing the - `postgresql['max_connections']` setting. If failures persist, then - increase this value (in small increments) and also increase the - value for `postgresql['max_connections']`. Default value: `20`. - -`opscode_erchef['s3_url_ttl']` - -: The amount of time (in seconds) before connections to the server - expire. If Chef Infra Client runs are timing out, increase this - setting to `3600`, and then adjust again if necessary. Default - value: `900`. - -`opscode_erchef['strict_search_result_acls']` - -: {{< reusable_text_versioned "settings_strict_search_result_acls" >}} diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_tuning_expander.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_tuning_expander.md deleted file mode 100644 index 146441cafc..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_tuning_expander.md +++ /dev/null @@ -1,12 +0,0 @@ -The following setting is often modified from the default as part of the -tuning effort for the **opscode-expander** service: - -`opscode_expander['nodes']` - -: The number of allowed worker processes. The **opscode-expander** - service runs on the back-end and feeds data to the **opscode-solr** - service, which creates and maintains search data used by the Chef - Infra Server. Additional memory may be required by these worker - processes depending on the frequency and volume of Chef Infra Client - runs across the organization, but only if the back-end machines have - available CPU and RAM. Default value: `2`. diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_tuning_general.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_tuning_general.md deleted file mode 100644 index 8ec7e38865..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_tuning_general.md +++ /dev/null @@ -1,27 +0,0 @@ -The following settings are typically added to the server configuration -file (no equal sign is necessary to set the value): - -`api_fqdn` - -: The FQDN for the Chef Infra Server. This setting is not in the - server configuration file by default. When added, its value should - be equal to the FQDN for the service URI used by the Chef Infra - Server. FQDNs must always be in lowercase. - For example: `api_fqdn "chef.example.com"`. - -`bootstrap` - -: Default value: `true`. - -`ip_version` - -: Use to set the IP version: `"ipv4"` or `"ipv6"`. When set to - `"ipv6"`, the API listens on IPv6 and front end and back end - services communicate via IPv6 when a high availability configuration - is used. When configuring for IPv6 in a high availability - configuration, be sure to set the netmask on the IPv6 `backend_vip` - attribute. Default value: `"ipv4"`. - -`notification_email` - -: Default value: `info@example.com`. diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_tuning_nginx.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_tuning_nginx.md deleted file mode 100644 index a4d4e99ff1..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_tuning_nginx.md +++ /dev/null @@ -1,65 +0,0 @@ -The following settings are often modified from the default as part of -the tuning effort for the **nginx** service and to configure the Chef -Infra Server to use SSL certificates: - -`nginx['ssl_certificate']` - -: The SSL certificate used to verify communication over HTTPS. Default - value: `nil`. - -`nginx['ssl_certificate_key']` - -: The certificate key used for SSL communication. Default value: - `nil`. - -`nginx['ssl_ciphers']` - -: The list of supported cipher suites that are used to establish a - secure connection. To favor AES256 with ECDHE forward security, drop - the `RC4-SHA:RC4-MD5:RC4:RSA` prefix. For example: - - ```ruby - nginx['ssl_ciphers'] = "HIGH:MEDIUM:!LOW:!kEDH: \ - !aNULL:!ADH:!eNULL:!EXP: \ - !SSLv2:!SEED:!CAMELLIA: \ - !PSK" - ``` - -`nginx['ssl_protocols']` - -: The SSL protocol versions that are enabled for the Chef Infra Server API. - Starting with Chef Infra Server 14.3, this value defaults to `'TLSv1.2'` for - enhanced security. Previous releases defaulted to `'TLSv1 TLSv1.1 TLSv1.2'`, - which allowed for less secure SSL connections. TLS 1.2 is supported on - Chef Infra Client 10.16.4 and later on Linux, Unix, and macOS, and on Chef - Infra Client 12.8 and later on Windows. If it is necessary to support these - older end-of-life Chef Infra Client releases, set this value to `'TLSv1.1 TLSv1.2'`. - - ```ruby - nginx['ssl_protocols'] = 'TLSv1.2' - ``` - -
-

Note

-
- - See for more - information about the values used with the `nginx['ssl_ciphers']` and - `nginx['ssl_protocols']` settings. - -
-
- - For example, after copying the SSL certificate files to the Chef Infra - Server, update the `nginx['ssl_certificate']` and - `nginx['ssl_certificate_key']` settings to specify the paths to those - files, and then (optionally) update the `nginx['ssl_ciphers']` and - `nginx['ssl_protocols']` settings to reflect the desired level of - hardness for the Chef Infra Server: - - ```ruby - nginx['ssl_certificate'] = '/etc/pki/tls/private/name.of.pem' - nginx['ssl_certificate_key'] = '/etc/pki/tls/private/name.of.key' - nginx['ssl_ciphers'] = 'HIGH:MEDIUM:!LOW:!kEDH:!aNULL:!ADH:!eNULL:!EXP:!SSLv2:!SEED:!CAMELLIA:!PSK' - nginx['ssl_protocols'] = 'TLSv1.2' - ``` diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_tuning_postgresql.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_tuning_postgresql.md deleted file mode 100644 index 423bbef08a..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_tuning_postgresql.md +++ /dev/null @@ -1,34 +0,0 @@ -The following setting is often modified from the default as part of the tuning effort for the **postgresql** service: - -`postgresql['max_connections']` - -: The maximum number of allowed concurrent connections. This value should only be tuned when the `opscode_erchef['db_pool_size']` value used by the **opscode-erchef** service is modified. Default value: `350`. - If there are more than two front end machines in a cluster, the - `postgresql['max_connections']` setting should be increased. The - increased value depends on the number of machines in the front end, - but also the number of services that are running on each of these - machines. - - - Each front end machine always runs the **oc_bifrost** and - **opscode-erchef** services. - - The Reporting add-on adds the **reporting** service. - - Each of these services requires 25 connections, above the default - value. - - Use the following formula to help determine what the increased value - should be: - - ```ruby - new_value = current_value + [ - (# of front end machines - 2) * (25 * # of services) - ] - ``` - - For example, if the current value is 350, there are four front end - machines, and all add-ons are installed, then the formula looks - like: - - ```ruby - 550 = 350 + [(4 - 2) * (25 * 4)] - ``` diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_tuning_solr.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_tuning_solr.md deleted file mode 100644 index ad1551f9e9..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_tuning_solr.md +++ /dev/null @@ -1,3 +0,0 @@ -The following sections describe ways of tuning the **opscode-solr4** -service to improve performance around large node sizes, available -memory, and update frequencies. diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_tuning_solr_available_memory.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_tuning_solr_available_memory.md deleted file mode 100644 index c13f016fc2..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_tuning_solr_available_memory.md +++ /dev/null @@ -1,27 +0,0 @@ -Use the following configuration setting to help ensure that Apache Solr -does not run out of memory: - -`opscode_solr4['heap_size']` - -: The amount of memory (in MBs) available to Apache Solr. If there is - not enough memory available, search queries made by nodes to Apache - Solr may fail. The amount of memory that must be available also - depends on the number of nodes in the organization, the frequency of - search queries, and other characteristics that are unique to each - organization. In general, as the number of nodes increases, so does - the amount of memory. - -If Apache Solr is running out of memory, the -`/var/log/opscode/opscode-solr4/current` log file will contain a message -similar to: - -```bash -SEVERE: java.lang.OutOfMemoryError: Java heap space -``` - -The default value for `opscode_solr4['heap_size']` should work for many -organizations, especially those with fewer than 25 nodes. For -organizations with more than 25 nodes, set this value to 25% of system -memory or `1024`, whichever is smaller. For very large configurations, -increase this value to 25% of system memory or `4096`, whichever is -smaller. This value should not exceed `8192`. diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_tuning_solr_large_node_sizes.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_tuning_solr_large_node_sizes.md deleted file mode 100644 index 6dec8e687d..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_tuning_solr_large_node_sizes.md +++ /dev/null @@ -1,59 +0,0 @@ -The maximum field length setting for Apache Solr should be greater than -any expected node object file sizes in order for them to be successfully -added to the search index. If a node object file is greater than the -maximum field length, the node object will be indexed up to the maximum, -but the part of the file past that limit will not be indexed. If this -occurs, it will seem as if nodes disappear from the search index. To -ensure that large node file sizes are indexed properly, verify the -following configuration settings: - -`nginx['client_max_body_size']` - -: The maximum accepted body size for a client request, as indicated by - the `Content-Length` request header. When the maximum accepted body - size is greater than this value, a `413 Request Entity Too Large` - error is returned. Default value: `250m`. - -and - -`opscode_erchef['max_request_size']` - -: When the request body size is greater than this value, a 413 Request - Entity Too Large error is returned. Default value: `2000000`. - -to ensure that those settings are not part of the reasons for incomplete -indexing, and then update the following setting so that its value is -greater than the expected node file sizes: - -`opscode_solr4['max_field_length']` - -: The maximum field length (in number of tokens/terms). If a field - length exceeds this value, Apache Solr may not be able to complete - building the index. Default value: `100000` (increased from the - Apache Solr default value of `10000`). - -Use the `wc` command to get the byte count of a large node object file. -For example: - -```bash -wc -c NODE_NAME.json -``` - -and then ensure there is a buffer beyond that value. For example, verify -the size of the largest node object file: - -```bash -wc -c nodebsp2016.json -``` - -which returns `154516`. Update the `opscode_solr4['max_field_length']` -setting to have a value greater than the returned value. For example: -`180000`. - -If you don't have a node object file available then you can get an -approximate size of the node data by running the following command on a -node. - -```bash -ohai | wc -c -``` diff --git a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_tuning_solr_update_frequency.md b/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_tuning_solr_update_frequency.md deleted file mode 100644 index 6d9a8d6886..0000000000 --- a/_vendor/github.com/chef/chef-server/docs-chef-io/content/server/v14/reusable_text/server_tuning_solr_update_frequency.md +++ /dev/null @@ -1,24 +0,0 @@ -At the end of every Chef Infra Client run, the node object is saved to -the Chef Infra Server. From the Chef Infra Server, each node object is -then added to the `SOLR` search index. This process is asynchronous. By -default, node objects are committed to the search index every 60 seconds -or per 1000 node objects, whichever occurs first. - -When data is committed to the Apache Solr index, all incoming updates -are blocked. If the duration between updates is too short, it is -possible for the rate at which updates are asked to occur to be faster -than the rate at which objects can be actually committed. - -Use the following configuration setting to improve the indexing -performance of node objects: - -`opscode_solr4['commit_interval']` - -: The frequency (in seconds) at which node objects are added to the - Apache Solr search index. Default value: `60000` (every 60 seconds). - -`opscode_solr4['max_commit_docs']` - -: The frequency (in documents) at which node objects are added to the - Apache Solr search index. Default value: `1000` (every 1000 - documents). diff --git a/_vendor/modules.txt b/_vendor/modules.txt index 7f7a9983e4..b68e6ebf82 100644 --- a/_vendor/modules.txt +++ b/_vendor/modules.txt @@ -1,7 +1,7 @@ # github.com/chef/automate/components/docs-chef-io v0.0.0-20231211091719-675a588cf45d # github.com/chef/desktop-config/docs-chef-io v0.0.0-20230711052355-bad26ce3ac0b # github.com/habitat-sh/habitat/components/docs-chef-io v0.0.0-20230808222519-d0c20bbe8c45 -# github.com/chef/chef-server/docs-chef-io v0.0.0-20231127093116-305bca610b36 +# github.com/chef/chef-server/docs-chef-io v0.0.0-20240110155437-6cd481103560 # github.com/inspec/inspec/docs-chef-io v0.0.0-20231116093529-690d036f8af1 # github.com/inspec/inspec-alicloud/docs-chef-io v0.0.0-20220614123852-e453ba687370 # github.com/inspec/inspec-aws/docs-chef-io v0.0.0-20220228151600-69aa036b1527 diff --git a/go.mod b/go.mod index 9359df4e96..df73868a7c 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,7 @@ go 1.18 require ( github.com/chef/automate/components/docs-chef-io v0.0.0-20231211091719-675a588cf45d // indirect - github.com/chef/chef-server/docs-chef-io v0.0.0-20231127093116-305bca610b36 // indirect + github.com/chef/chef-server/docs-chef-io v0.0.0-20240110155437-6cd481103560 // indirect github.com/chef/chef-workstation/docs-chef-io v0.0.0-20231204171850-c0bc9926378a // indirect github.com/chef/compliance-profiles/docs-chef-io v0.0.0-20231031143423-5ffd549d4a19 // indirect github.com/chef/compliance-remediation-2022/docs-chef-io v0.0.0-20230809063034-95b117807a75 // indirect diff --git a/go.sum b/go.sum index 6c53c95232..575fbed5a9 100644 --- a/go.sum +++ b/go.sum @@ -3,8 +3,8 @@ github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/chef/automate/components/docs-chef-io v0.0.0-20231211091719-675a588cf45d h1:nn49oLfseVTQUqwfogcFzo4f1HdhKfM7IE3C5IZ2UIA= github.com/chef/automate/components/docs-chef-io v0.0.0-20231211091719-675a588cf45d/go.mod h1:juvLC7Rt33YOCgJ5nnfl4rWZRAbSwqjTbWmcAoA0LtU= -github.com/chef/chef-server/docs-chef-io v0.0.0-20231127093116-305bca610b36 h1:yognvfb/VxihujSLSPmu3mFZ+fXgzDv/L4+84W9TA1o= -github.com/chef/chef-server/docs-chef-io v0.0.0-20231127093116-305bca610b36/go.mod h1:gMSa25GUHmLimA0gjvRd3hs1buOBqkKPrdHzHvaJauY= +github.com/chef/chef-server/docs-chef-io v0.0.0-20240110155437-6cd481103560 h1:1fbTdNlat08FZ9xTSEnyBmTFrVj1O75bwo3x6Iaab40= +github.com/chef/chef-server/docs-chef-io v0.0.0-20240110155437-6cd481103560/go.mod h1:gMSa25GUHmLimA0gjvRd3hs1buOBqkKPrdHzHvaJauY= github.com/chef/chef-workstation/docs-chef-io v0.0.0-20231204171850-c0bc9926378a h1:3Yo2eavBf3KWbUcDq71I1wsOPSjeGL9/MvB8bhMw0Ys= github.com/chef/chef-workstation/docs-chef-io v0.0.0-20231204171850-c0bc9926378a/go.mod h1:gvoh6ov1YU98CVzBEWzEZeCLTRunfQ6r1VO7M3LFE9U= github.com/chef/compliance-profiles/docs-chef-io v0.0.0-20231031143423-5ffd549d4a19 h1:EH5D0WGIvEi2m87pSHKdQPXCuiVrBHcyIenonB3YpTM=