Upgrade Chef Compliance

[edit on GitHub]


The standalone Chef Compliance server is deprecated. The standalone Chef Compliance server’s end-of-life date is December 31, 2018. Chef Automate 2 has all of the functionality of Chef Compliance Server and also includes newer out-of-the-box compliance profiles, an improved compliance scanner with total cloud scanning functionality, better visualizations, role-based access control and many other features not found in Chef Compliance Server.

The following sections describe the upgrade process for Chef Compliance.


This section describes the prereqs for the upgrade

  1. Previously installed Chef Compliance software.
  2. sudo or root access to the machine.


To upgrade to the latest version of Chef Compliance, do the following:

  1. Stop the services:

    chef-compliance-ctl stop
  2. Run dpkg or RPM Package Manager. For dpkg:

    dpkg -i /path/to/chef-compliance-<version>.deb

    For RPM Package Manager:

    rpm -Uvh /path/to/chef-compliance-<version>.rpm
  3. Start the database to allow connections during the reconfigure step:

    chef-compliance-ctl start postgresql
  4. Reconfigure the services:

    chef-compliance-ctl reconfigure


    Starting with Chef Compliance 1.1.9, the Chef MLSA must be accepted when reconfiguring the product. If the Chef MLSA has not already been accepted, the reconfigure process will prompt for a yes to accept it. Or run chef-compliance-ctl reconfigure --accept-license to automatically accept the license.

  5. Start the services:

    chef-compliance-ctl start
  6. Check the status of the services:

    chef-compliance-ctl status


The default directory where Chef Compliance is saving logs is: /var/log/chef-compliance/. It contains a directory for each service, but you can follow all the logs with this command:

sudo chef-compliance-ctl tail

This command can also be run for an individual service by specifying the name of the service in the command. For example:

sudo chef-compliance-ctl tail core