chef-compliance.rb¶
Warning
The standalone Chef Compliance server is deprecated. The standalone Chef Compliance server’s end-of-life date is December 31, 2018. Chef Automate 2 has all of the functionality of Chef Compliance Server and also includes newer out-of-the-box compliance profiles, an improved compliance scanner with total cloud scanning functionality, better visualizations, role-based access control and many other features not found in Chef Compliance Server.
The /etc/chef-compliance/chef-compliance.rb
file is the default configuration file used by Chef Compliance.
If changes are made to this file, reconfigure the Chef Compliance server by running the following command:
$ chef-compliance-ctl reconfigure
Note
This feature is included as part of the Chef Automate license agreement and is available via subscription.
Settings¶
This configuration file has the following settings:
core.licensed_node_count
- The number of node licenses. Default value:
25
. core.log_level
- Changes the log level of Chef Compliance from the default value of
'debug'
, which is the most verbose. These are all the supported levels, sorted by verbosity:'debug'
,'info'
,'notice'
,'warning'
,'error'
and'critical'
. Requires Chef Compliance version1.5.13
or newer. fqdn
- Sets the FQDN of the Chef Compliance server. By default, this is derived from your system’s hostname. Do not use the
=
to set the option. For example:fqdn 'chef-compliance.example.com'
. ssl.certificate
- Full path to the SSL certificate file that is used by the Chef Compliance web UI. Default value:
/var/opt/chef-compliance/ssl/ca/HOSTNAME.crt
. ssl.certificate_key
- Full path to the ssl certificate key file to use by the Chef Compliance web UI. Default value:
/var/opt/chef-compliance/ssl/ca/HOSTNAME.key
. verify_tls
- Verify the TLS certificate when Chef Compliance connects locally to get the refresh token. Default value:
false
.
Here’s an example content for /etc/chef-compliance/chef-compliance.rb
:
core.licensed_node_count 100
core.log_level 'info'
fqdn 'chef-compliance.example.com'
ssl.certificate '/etc/chef-compliance/ssl/my.crt'
ssl.certificate_key '/etc/chef-compliance/ssl/my.key'
verify_tls true
Note
You can see all available settings along with their default values in /etc/chef-compliance/chef-compliance-running.json
.