chef-compliance.rb

[edit on GitHub]

_images/chef_automate_full.png

Danger

This documentation covers an outdated version of Chef Automate. See the Chef Automate site for current documentation. The new Chef Automate includes newer out-of-the-box compliance profiles, an improved compliance scanner with total cloud scanning functionality, better visualizations, role-based access control and many other features.

Warning

The standalone Chef Compliance server is deprecated. The standalone Chef Compliance server’s end-of-life date is December 31, 2018. Chef Automate 2 has all of the functionality of Chef Compliance Server and also includes newer out-of-the-box compliance profiles, an improved compliance scanner with total cloud scanning functionality, better visualizations, role-based access control and many other features not found in Chef Compliance Server.

The /etc/chef-compliance/chef-compliance.rb file is the default configuration file used by Chef Compliance.

If changes are made to this file, reconfigure the Chef Compliance server by running the following command:

$ chef-compliance-ctl reconfigure

Note

This feature is included as part of the Chef Automate license agreement and is available via subscription.

Settings

This configuration file has the following settings:

core.licensed_node_count
The number of node licenses. Default value: 25.
core.log_level
Changes the log level of Chef Compliance from the default value of 'debug', which is the most verbose. These are all the supported levels, sorted by verbosity: 'debug', 'info', 'notice', 'warning', 'error' and 'critical'. Requires Chef Compliance version 1.5.13 or newer.
fqdn
Sets the FQDN of the Chef Compliance server. By default, this is derived from your system’s hostname. Do not use the = to set the option. For example: fqdn 'chef-compliance.example.com'.
ssl.certificate
Full path to the SSL certificate file that is used by the Chef Compliance web UI. Default value: /var/opt/chef-compliance/ssl/ca/HOSTNAME.crt.
ssl.certificate_key
Full path to the ssl certificate key file to use by the Chef Compliance web UI. Default value: /var/opt/chef-compliance/ssl/ca/HOSTNAME.key.
verify_tls
Verify the TLS certificate when Chef Compliance connects locally to get the refresh token. Default value: false.

Here’s an example content for /etc/chef-compliance/chef-compliance.rb:

core.licensed_node_count 100
core.log_level      'info'
fqdn                'chef-compliance.example.com'
ssl.certificate     '/etc/chef-compliance/ssl/my.crt'
ssl.certificate_key '/etc/chef-compliance/ssl/my.key'
verify_tls          true

Note

You can see all available settings along with their default values in /etc/chef-compliance/chef-compliance-running.json.