Skip to main content

Upgrade Chef Infra Server

[edit on GitHub]

Each new release of Chef Infra Server improves reliability and updates 3rd party components to ensure the security of the server. It is important to keep Chef Infra Server up to date in order to ensure the secure and reliable operation of Chef Infra in your organization.

Warning

Before upgrading a production server make sure to upgrade a test server to confirm the process.

Upgrade Matrix

If running a Chef Infra Server 12.17.15 or later you can upgrade directly to the latest releases of Chef Infra Server 14. If you are running a release prior to 12.17.15 you must perform a stepped upgrade as outlined below.

Running VersionUpgrade To VersionRequires LicenseSupported Version
1314YesYes
12.17.1514YesNo
12.3.012.17.15NoNo
1112.3.0NoNo
Requires License
Chef Infra Server 13 and later are governed by the Chef EULA. You will be required to accept these terms when using Chef Infra Server for the first time by entering Yes when prompted.
Supported Release
Chef Infra Server 13 and later are currently supported Chef Software releases. Earlier releases are no longer supported as of 12/31/2020. For more information about supported Chef Software see the Supported Versions documentation.

Upgrading to 14.x

Chef Infra Server 14 moved from Solr to Elasticsearch as its search index. The Chef Infra Server 14 upgrade process requires downtime for stopping the server, installing the new package, and then upgrading the server, which will include an automatic Elasticsearch reindexing operation for existing Solr users. We estimate the reindexing operation will take 2 minutes for each 1000 nodes, but the it could take more time, depending on your server hardware and the complexity of your Chef data.

The Chef Infra Server 14 upgrade does not automatically reindex existing external Elasticsearch installations.

Upgrading to 12.17.15

Warning

Upgrade Chef Infra Server and any add-ons to compatible versions before setting insecure_addon_compat to false.

As of version 12.14, Chef Infra Server renders passwords inside of the /etc/opscode directory by default. If you are using Chef Infra Server without add-ons, or if you are using the latest add-ons versions, you can set insecure_addon_compat to false in `/etc/opscode/chef-server.rb. and Chef Infra Server will write all credentials to a single location.

For more information on password generation, including a list of supported add-on versions, see Chef Infra Server Credentials Management.

Upgrading to 12.3.0

If you are running a Chef Infra Server relese prior to 12.3.0 please contact Chef Support for additional guidance on upgrading your Chef Infra Server installation.

Chef Infra Server 14 Upgrade Process

Standalone Server

The Chef Infra Server 14 upgrade process requires downtime for stopping the server, installing the new package, and then upgrading the server, which will include an automatic Elasticsearch reindexing operation for existing Solr users. We estimate the reindexing operation will take 2 minutes for each 1000 nodes, but the it could take more time, depending on your server hardware and the complexity of your Chef data.

Standalone Upgrade Steps

  1. Back up your Chef Infra Server data before starting the upgrade process using knife-ec-backup.

  2. Confirm that the Chef Infra Server services are operational:

    chef-server-ctl reconfigure
    
  3. Download the desired Chef Infra Server version from the Chef Infra Server Downloads page.

  4. Stop the server:

    chef-server-ctl stop
    
  5. Install the Chef Infra Server package:

    To install with dpkg:

    dpkg -i /path/to/chef-server-core-<version>.deb
    

    To install with the RPM Package Manager:

    rpm -Uvh --nopostun /path/to/chef-server-core-<version>.rpm
    
  6. Upgrade the server and accept the Chef Software license by entering Yes at the prompt:

    chef-server-ctl upgrade
    

    To accept the license and upgrade in one command:

    CHEF_LICENSE='accept' chef-server-ctl upgrade
    
  7. Start Chef Infra Server:

    chef-server-ctl start
    
  8. Upgrade any Chef Infra Server add-ons.

  9. After the upgrade process is complete, test and verify that the server works properly.

  10. Clean up the server by removing the old data:

    chef-server-ctl cleanup
    

Chef Backend Install

The Chef Infra Server can operate in a high availability configuration that provides automated load balancing and failover for stateful components in the system architecture.

To upgrade your Chef Backend installation, see High Availability: Upgrade to Chef Backend 2.

Tiered Install

This section describes the upgrade process from a tiered server configuration.

The Chef Infra Server 14 upgrade process requires downtime for stopping the server, installing the new package, and then upgrading the server, which will include an automatic Elasticsearch reindexing operation for existing Solr users. We estimate the reindexing operation will take 2 minutes for each 1000 nodes, but the it could take more time, depending on your server hardware and the complexity of your Chef data.

Note

These instructions are intended for users of the Chef Infra Server tier topology. For the latest information on setting up a highly-available server cluster, see High Availability: Backend Cluster.

Tiered Upgrade Steps

To upgrade to Chef Infra Server on a tiered Chef Infra Server configuration, do the following:

  1. Back up the Chef Infra Server data before starting the upgrade process using knife-ec-backup.

  2. Confirm that the Chef Infra Server services are operational:

    chef-server-ctl reconfigure
    
  3. Download the desired Chef Infra Server version from the Chef Infra Server Downloads page, then copy it to each server.

  4. Stop all front end servers:

    chef-server-ctl stop
    
  5. Install the Chef Infra Server package on all servers:

    To install with dpkg:

    dpkg -i /path/to/chef-server-core-<version>.deb
    

    To install with the RPM Package Manager:

    rpm -Uvh --nopostun /path/to/chef-server-core-<version>.rpm
    
  6. Stop the back end server:

    chef-server-ctl stop
    
  7. Upgrade the server and accept the Chef Software license by entering Yes at the prompt:

    chef-server-ctl upgrade
    

    To accept the license and upgrade in one command:

    CHEF_LICENSE='accept' chef-server-ctl upgrade
    
  8. Copy the entire /etc/opscode directory from the back end server to all front end servers:

    scp -r /etc/opscode <each server's IP>:/etc
    
  9. Upgrade each of the front end servers:

    chef-server-ctl upgrade
    
  10. Run the following command on both the front end, and back end servers:

    chef-server-ctl start
    
  11. Upgrade any Chef Infra Server add-ons.

  12. After the upgrade process is complete, test and verify that the server works properly.

  13. Clean up the server by removing the old data:

chef-server-ctl cleanup

Upgrading Manage Add-On

Chef Manage is a management console for data bags, attributes, run-lists, roles, environments, and cookbooks from a web user interface.

Chef Infra Server 13 and 14 support the Chef Manage add-on. This add-on is deprecated and will reach EOL on December 31, 2021. After upgrading Chef Infra Server, reinstall the add-on and then reconfigure Chef Infra Server and the add-on.

Use Downloads.chef.io

The install subcommand downloads packages from https://downloads.chef.io by default. For systems that are not behind a firewall (and have connectivity to https://downloads.chef.io), these packages can be installed as described below.

  1. Install add-ons

    Install Chef Manage with:

    sudo chef-server-ctl install chef-manage
    
  2. Reconfigure the server

    sudo chef-server-ctl reconfigure
    
  3. Reconfigure add-ons

    Reconfigure Chef Manage with:

    sudo chef-manage-ctl reconfigure
    

Finally, accept the Chef License:

sudo chef-manage-ctl reconfigure --accept-license

Use Local Packages

Use the install subcommand with the --path option to install the Chef Manage (chef-manage) add-on for Chef Infra Server.

sudo chef-server-ctl install PACKAGE_NAME --path /path/to/package/directory

For example:

sudo chef-server-ctl install chef-manage --path /root/packages

The chef-server-ctl command will install the first chef-manage package found in the /root/packages directory.

Was this page helpful?