Chef Product Feedback

Here you can create your product feature requests for the Chef engineering teams. You can comment and vote on your own requests, as well as those created by other members of the user community. Over time, we will update the status of your requests to one of the following:

Community feedback desired: Collecting comments and gauging community support for this idea
Acknowledged: This idea is now being evaluated for possible placement on the Chef product roadmap
Planned: A team within Chef has been assigned and work is expected to begin in the near term
Started: Work is in progress
Open RFC: A Chef Community RFC related to this idea has been opened; we encourage you to engage via the Chef community RFC process

Your votes are returned when the status of an idea moves to:

RFC accepted: A related RFC has been accepted for implementation by a member of the Chef Community
Completed: Work is complete
Declined: Chef has chosen not to add this idea to the product roadmap

Note that declined ideas are not dismissed with prejudice; declined status just means that even when ideas have merit, there are only enough engineering resources to complete a small subset of those good ideas in a timely fashion. Rather than leaving many ideas open to linger on the board, we decline items that we know will not receive the attention they deserve in an acceptable timeframe.

All interactions when using the customer feedback forums are subject to the Chef community guidelines. Please remember:

  • Be welcoming, inclusive, friendly, and patient.
  • Be considerate.
  • Be respectful.
  • Be professional.
  • Be careful in the words that you choose.
  • When we disagree, let’s all work together to understand why.

Requests for support should be directed to support@chef.io, or submit support requests by using our web-based ticket interface as described here.

How can we improve Chef?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Chef Compliance gives false positives in Ubuntu Level 1 profile

    After scanning some ubuntu servers with Chef compliance, I went through all critical issues trying to fix them developing a hardening cookbook for us. I've been able to fix all issues except three and would like to share some feedback.

    6.2.8 Ensure users' home directories permission are 750 or more restrictive.

    CIS document uses "/usr/bin/nologin" to filter home directories available in /etc/password while ubuntu-16.04-level-1 profile uses "/sbin/nologin". This returns more folders than expected like /bin or /dev and you can not add 750 permissions, because normal users won't be able to access /bin/bash or /dev/null for example.

    1.1.1.6 Ensure mounting…

    1 vote
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      acknowledged  ·  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
    • Knife should have support for DirectAuthorize dzdo in addition to sudo

      Due to security requirements, sudo is no longer allowed for use at some financial and government agencies; instead a tool called dzdo is used to elevate root privileges. In order to access other servers via SSH without using root, a similar option for dzdo that sudo has is required. This will allow these entities to continue to use Chef products.

      For more information on dzdo, http://community.centrify.com/t5/Centrify-Server-Suite/FAQ-What-is-DirectAuthorize-dzdo-dzwin/td-p/21193

      1 vote
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        acknowledged  ·  4 comments  ·  Chef DK  ·  Flag idea as inappropriate…  ·  Admin →
      • Generate Visual Landscape

        I'm really new to Chef. I was trying to implement something like a CMDB with capabilities to generate a visual map for landscapes & architecture.

        Sometimes you want to present to users some visual aids to understand which servers are part of one system, or which services are running in some hosts.

        Here are some drafts:
        https://codepen.io/tianmarin/full/vZKyxj/
        https://codepen.io/tianmarin/full/Pjzmwa/

        As ChefServer has lots of attributes, instead of generating an specific agent, i guess we can consume the Chef Server Node info (with custom resources) to generate this kind of maps.

        3 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          acknowledged  ·  1 comment  ·  Chef Server  ·  Flag idea as inappropriate…  ·  Admin →
        • Support for system-wide and per-user environment variables in env resource

          Windows has system-wide and per-user environment variables. Current documentation says nothing which one of them is created by env resource.
          I propose to:
          1) Add to env resource property(ies) to choose whether variable should be 'system' or for user, and to choose this user
          2) improve documentation on this topic

          3 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            acknowledged  ·  0 comments  ·  Chef Client  ·  Flag idea as inappropriate…  ·  Admin →
          • Consolidate DK CLIs

            There are a number of CLIs in the Chef DK. As an experienced user I'm comfortable with these, but for a new user this can be very confusing and a tough learning curve.

            The different CLIs use varying command options structures, full text options etc.

            I think we should restructure to a single chef CLI with all options relevant to this base. For example:

            chef server node list
            chef cookbook verify
            chef kitchen converge

            I'm not sure of the license implications as these are community projects, but if I look at how other projects such as Docker structure their CLI…

            5 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              acknowledged  ·  0 comments  ·  Chef DK  ·  Flag idea as inappropriate…  ·  Admin →
            • Add option for setting ChefDK as the default ruby path in the installer

              Coped from https://github.com/chef/chef-dk/issues/339.

              Add an install option to ChefDK installer to modify system PATH to include ChefDK paths (same as chef shell-init).

              1 vote
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                acknowledged  ·  0 comments  ·  Chef DK  ·  Flag idea as inappropriate…  ·  Admin →
              • Have the chefdk pull cacerts from the system cacerts instead of caching its own separate copy in /opt/chefdk/embedded/ssl/certs/cacert.pem

                By using the system cacert.pem (which is already modified as part of using custom internal CA generated certs for automate) it would greatly simplify using custom ssl certs and prevent strange, seemingly unrelated, errors from cropping up on automate build nodes.

                1 vote
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  acknowledged  ·  2 comments  ·  Chef DK  ·  Flag idea as inappropriate…  ·  Admin →
                • Use SHA256 to checksum uploaded cookbooks

                  Cookbook uploads to sandboxes currently require an MD5 checksum on each file. MD5 is an outdated and insecure algorithm explicitly disallowed by FIPS 140, meaning that services under certain compliance and security mandates cannot use it. This should be updated to SHA-256 or another secure algorithm, and any other instances of insecure algorithms should be updated as well.

                  10 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    acknowledged  ·  4 comments  ·  Chef Client  ·  Flag idea as inappropriate…  ·  Admin →
                  • Don't see your idea?

                  Feedback and Knowledge Base