Chef Product Feedback

Here you can create your product feature requests for the Chef engineering teams. You can comment and vote on your own requests, as well as those created by other members of the user community. Over time, we will update the status of your requests to one of the following:

Community feedback desired: Collecting comments and gauging community support for this idea
Acknowledged: This idea is now being evaluated for possible placement on the Chef product roadmap
Planned: A team within Chef has been assigned and work is expected to begin in the near term
Started: Work is in progress
Open RFC: A Chef Community RFC related to this idea has been opened; we encourage you to engage via the Chef community RFC process

Your votes are returned when the status of an idea moves to:

RFC accepted: A related RFC has been accepted for implementation by a member of the Chef Community
Completed: Work is complete
Declined: Chef has chosen not to add this idea to the product roadmap

Note that declined ideas are not dismissed with prejudice; declined status just means that even when ideas have merit, there are only enough engineering resources to complete a small subset of those good ideas in a timely fashion. Rather than leaving many ideas open to linger on the board, we decline items that we know will not receive the attention they deserve in an acceptable timeframe.

All interactions when using the customer feedback forums are subject to the Chef community guidelines. Please remember:

  • Be welcoming, inclusive, friendly, and patient.
  • Be considerate.
  • Be respectful.
  • Be professional.
  • Be careful in the words that you choose.
  • When we disagree, let’s all work together to understand why.

Requests for support should be directed to support@chef.io, or submit support requests by using our web-based ticket interface as described here.

How can we improve Chef?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Ability to search the WebUI for a Unique Node Name

    Although you can search for a node name and get that node as a result, it's possible to also get results for other nodes if they have attributes with the same value as the search due to the attribute flattening that occurs (see https://github.com/chef/chef-server/issues/303). Even if you specify "name:<nodename>", it's possible that another node has a nested "name" attribute that can match this search, and can unexpectedly show up in search results.

    However, though these are flattened due to the search behavior, the UI gets back entire, structured node objects, so it would be trivial to add an additional…

    1 vote
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Flag idea as inappropriate…  ·  Admin →
    • launching ec2 instances with IAM roles only(like in AWS) without using the AWS credentials.

      In my organisation we want to use chef for infrastructure creation,infrastructure management and configuration management. For security reasons we do not generate AWS credentials(access key id and secret access key).
      Thus we would like that the knife commands or chef recipes are able to spin up ec2 instances as AWS CLI does i.e. by taking the credentials from the IAM role, so that we don't have to set the AWS credentials anywhere.

      11 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        0 comments  ·  Chef DK  ·  Flag idea as inappropriate…  ·  Admin →
      • Restrict supermarket access to authenticated chef users only

        As mentioned in another feedback post, we'd like to restrict the whole access to all supermarket cookbooks to only authenticated users and nodes.
        In my thoughts, there could be a login window when accessing the supermarket website (just like the chef automate server). So we can restrict the access on a regular public instance and allow only authenticated users and nodes the access.

        This procedere is needed due to our own development of chef cookbooks for us and customers.
        (Older Post on that: https://feedback.chef.io/forums/301644-chef-product-feedback/suggestions/12898983-private-supermarket-should-allow-upload-restrictio)

        1 vote
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          0 comments  ·  Supermarket  ·  Flag idea as inappropriate…  ·  Admin →
        • Generate Visual Landscape

          I'm really new to Chef. I was trying to implement something like a CMDB with capabilities to generate a visual map for landscapes & architecture.

          Sometimes you want to present to users some visual aids to understand which servers are part of one system, or which services are running in some hosts.

          Here are some drafts:
          https://codepen.io/tianmarin/full/vZKyxj/
          https://codepen.io/tianmarin/full/Pjzmwa/

          As ChefServer has lots of attributes, instead of generating an specific agent, i guess we can consume the Chef Server Node info (with custom resources) to generate this kind of maps.

          3 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            acknowledged  ·  1 comment  ·  Chef Server  ·  Flag idea as inappropriate…  ·  Admin →
          • Chef Compliance gives false positives in Ubuntu Level 1 profile

            After scanning some ubuntu servers with Chef compliance, I went through all critical issues trying to fix them developing a hardening cookbook for us. I've been able to fix all issues except three and would like to share some feedback.

            6.2.8 Ensure users' home directories permission are 750 or more restrictive.

            CIS document uses "/usr/bin/nologin" to filter home directories available in /etc/password while ubuntu-16.04-level-1 profile uses "/sbin/nologin". This returns more folders than expected like /bin or /dev and you can not add 750 permissions, because normal users won't be able to access /bin/bash or /dev/null for example.

            1.1.1.6 Ensure mounting…

            1 vote
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              acknowledged  ·  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
            • CI or API to update bulk cookbooks on supermarket with group of collaborators

              When many people or teams working with cookbooks and upload to supermarket it is a problem to upload a new version of cookbook if user is not in collaborative group, And that is a big problem if user left the company or team. It should be a way for bulk cookbook update with new collaborator or group.

              2 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                0 comments  ·  Supermarket  ·  Flag idea as inappropriate…  ·  Admin →
              • Support for system-wide and per-user environment variables in env resource

                Windows has system-wide and per-user environment variables. Current documentation says nothing which one of them is created by env resource.
                I propose to:
                1) Add to env resource property(ies) to choose whether variable should be 'system' or for user, and to choose this user
                2) improve documentation on this topic

                3 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  acknowledged  ·  0 comments  ·  Chef Client  ·  Flag idea as inappropriate…  ·  Admin →
                • Knife should have support for DirectAuthorize dzdo in addition to sudo

                  Due to security requirements, sudo is no longer allowed for use at some financial and government agencies; instead a tool called dzdo is used to elevate root privileges. In order to access other servers via SSH without using root, a similar option for dzdo that sudo has is required. This will allow these entities to continue to use Chef products.

                  For more information on dzdo, http://community.centrify.com/t5/Centrify-Server-Suite/FAQ-What-is-DirectAuthorize-dzdo-dzwin/td-p/21193

                  1 vote
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    acknowledged  ·  4 comments  ·  Chef DK  ·  Flag idea as inappropriate…  ·  Admin →
                  • Knife node should support policyfile

                    Currently there is no way to set a node's policy name and group centrally in an automated way. knife node edit opens an editor window so can't be used from a script. The only other option is to edit the client.rb on each node.

                    We need a knife node policy set command to mirror knife node run_list

                    3 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      0 comments  ·  Chef DK  ·  Flag idea as inappropriate…  ·  Admin →

                      Thanks for sharing this idea with us!

                      We definitely see that there’s value in being able to edit the policy fields on the node object, similar to the way that run_lists can currently be edited.

                    • Consolidate DK CLIs

                      There are a number of CLIs in the Chef DK. As an experienced user I'm comfortable with these, but for a new user this can be very confusing and a tough learning curve.

                      The different CLIs use varying command options structures, full text options etc.

                      I think we should restructure to a single chef CLI with all options relevant to this base. For example:

                      chef server node list
                      chef cookbook verify
                      chef kitchen converge

                      I'm not sure of the license implications as these are community projects, but if I look at how other projects such as Docker structure their CLI…

                      5 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        acknowledged  ·  0 comments  ·  Chef DK  ·  Flag idea as inappropriate…  ·  Admin →
                      • Better experience for Supermarket administrators to change the visibility of quality metrics

                        Problem

                        As of Supermarket 3.1.0, changing the visibility of a quality metric requires an administrator to log into a supermarket web host, run the application console, and call ActiveRecord methods on models to select and update. Metric visibility _can_ be changed, but there are limitations:

                        * the authorization and ability to make the change is only to administrators who have shell and sudo access to the supermarket host, _not_ to users who have accounts within the supermarket application itself and have been granted admin rights
                        * the console is a dangerous place; while the steps to make a change are…

                        1 vote
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          community feedback desired  ·  0 comments  ·  Supermarket  ·  Flag idea as inappropriate…  ·  Admin →
                        • Add resources to support compressed files

                          The Chef client today does not contain any native resources to extract or manage compressed files. This requires the use of third party Ruby gems and cookbooks which are not included with the Chef client and do not all support the same platform. Having built in resources to help extract or manage compressed files would help with developing code to support multiple platforms.

                          8 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            community feedback desired  ·  2 comments  ·  Chef DSL  ·  Flag idea as inappropriate…  ·  Admin →
                          • Hide password in command line.

                            Syntax of user creation command requires password to be typed in command line:

                            # chef-server-ctl user-create
                            FATAL: Wrong number of arguments
                            USAGE: knife opc user create USERNAME FIRST_NAME [MIDDLE_NAME] LAST_NAME EMAIL PASSWORD

                            The same situation with Chef installation https://docs.chef.io/install_server.html item 5 leads to saving clear text passwords in bash history. Could you please add option to enter password instead of adding it as a parameter?

                            4 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              community feedback desired  ·  0 comments  ·  Chef Server  ·  Flag idea as inappropriate…  ·  Admin →
                            • Chef Backend HA Supports DR

                              This idea is about letting people who run chef-backend also keep an automatically-synced, remote replica of their datastore in a remote datacenter for disaster recovery scenarios.

                              I was wondering if there is a way to do this. I have my chef-backend cluster in EC2. If I want to make an exact clone of the backend and spin up a new cluster, can I take an EBS snapshot of one of the cluster members and attach a new volume that’s created from said snapshot to the new cluster? The new cluster would be spun up in the usual way and have…

                              4 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                community feedback desired  ·  1 comment  ·  Chef Server  ·  Flag idea as inappropriate…  ·  Admin →
                              • Automatically update chocolatey package when chefdk updates

                                In my large windows-based organization, when people are on different chefdk versions it causes a lot of confusion. I've encouraged people to use chocolatey to deal with this, but the process to release chocolatey chefdk packages is manual and therfore not in sync with Chef's release cycle. I would love for there to be an automated process that released the ChefDK to chocolatey the same time it was released publicly.

                                6 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  community feedback desired  ·  3 comments  ·  Chef DK  ·  Flag idea as inappropriate…  ·  Admin →
                                • Chef support for Cloudformation and terraform

                                  Instead of doing chef provisioning calling fog to do AWS changes you should rather support cloudformation and terraform.
                                  If you google ansible cloud formation you can see how ansible do it and chef should do similar.
                                  Basically we need a cookbook for cloudformation, which already exists in the chef supermarket (https://supermarket.chef.io/cookbooks/cloudformation) but it is very old. Need to enhance this and provide similar functionality to ansible cloudformation module.
                                  similarly a cookbook to run terraform could be created.

                                  1 vote
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    community feedback desired  ·  1 comment  ·  Chef Client  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Add option for setting ChefDK as the default ruby path in the installer

                                    Coped from https://github.com/chef/chef-dk/issues/339.

                                    Add an install option to ChefDK installer to modify system PATH to include ChefDK paths (same as chef shell-init).

                                    1 vote
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      acknowledged  ·  0 comments  ·  Chef DK  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Download complete contents of remote directory or URL

                                      One of resources I would like to be native to Chef is to be able to download the entire contents of a remote directory or URL. This is particularly useful with windows as installation normally involves multiple files and folders.

                                      1 vote
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        community feedback desired  ·  1 comment  ·  Chef Server  ·  Flag idea as inappropriate…  ·  Admin →
                                      • `chef-server-ctl reindex --all-orgs -w` should provide more information on success/failure

                                        When migrating search data from solr to elasticsearch running a reindex doesn't provide information about the success and number of objects. Knowing that the correct object count in solr was successfully moved and indexed in elasticsearch would give customers greater assurance that they can proceed with the data in elasticsearch.

                                        Example chef-server.rb
                                        topology 'standalone'

                                        rabbitmq['enable'] = false
                                        opscode_expander['enable'] = false

                                        opscode_solr4['external'] = true
                                        opscode_solr4['external_url'] = 'http://x.x.x.x:9200';
                                        opscode_erchef['search_provider'] = 'elasticsearch'
                                        opscode_erchef['search_queue_mode'] = 'batch'

                                        chef-server-ctl reconfigure

                                        # reindex data
                                        chef-server-ctl reindex --all-orgs -w

                                        1 vote
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          I agree to the terms of service
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          community feedback desired  ·  0 comments  ·  Chef Server  ·  Flag idea as inappropriate…  ·  Admin →
                                        • "Starter Kit" customization

                                          I am defining a process for new users to access our Chef server. I am directing them to the "Starter Kit" to ease the process of rolling things out to their machines. Now, here is where the idea comes in.
                                          It would be nice to be able to customize some of the data contained within the "Starter Kit" that these users will download. This would allow me to, bake in some customization's I feel necessary while simultaneously reducing config for their local systems.

                                          1 vote
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            I agree to the terms of service
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            community feedback desired  ·  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4
                                          • Don't see your idea?

                                          Feedback and Knowledge Base