- Server's install of Chef now floats on master.
- Server's install of knife-opc now floats on master.
- 2.1.0
- Versioned testing support for users, clients, and principals
- exposed 'server_api_version to tests.
- 1.8.0
- API v1 introduced, affecting users, clients, and principals endpoints.
- Remove install message from postinst package script
- Update chef-server-ctl key commands to use chef-client's Chef::Key object.
- Added rspec testing basics for chef-server-ctl commands
- Updated and added testing for key rotation related chef-server-ctl commands
- introduces server api versioning per chef-rfc/rfc-041. As of 1.7.0 the only supported version is 0.
- significant internal refactoring and cleanup
- tests for server api versioning, and by default pass x-ops-server-api-version to the server on all requests.
- use keys API for key rotation in chef-server-ctl, instead of direct database access.
- lua routing tests working again
- travis support enabled
- centos-7/rhel-7 enabled for local builds
- now floating on master
- Policyfile endpoint URLs updated to match Chef RFC 042
- Cookbook Artifacts endpoint for policyfiles
- Miscelaneous build improvements
- Search results respect ACLs.
- Use a cert instead of a public key for pivotal.
- No longer generate /etc/opscode/pivotal.cert as it is no longer used.
- Remove the public key we now use for bootstrapping (/etc/opscode/pivotal.pub) post bootstrap so that it only lives in the database.
- Disable jmxremote in solr4's Java options
- Configuration options for the key cache are now exposed in /etc/opscode/chef-server.rb
- Ensure keyfile is writable before creating a user.
- Add --input option to user-edit command
- Add user to billing-admins group with --admin is passed
- Print new private-key when user-edit results in a key generation
- Uses relx for Erlang application releases
- Upgraded to lager 2.1.1
- Uses relx for Erlang application releases
- Upgraded to lager 2.1.1
- Uses relx for Erlang application releases
- Upgraded to lager 2.1.1
- Updated to use public key instead of certificate for pivotal on bootstrap.
- Adds tests for keys named get
- Integrates chef-pedant into oc-chef-pedant.
- Adds tests for keys named delete and put
- Support to GET, PUT, and DELETE a named key
- Integrates schema into oc_erchef itself
- Adds policyfile validation support
- License and readme updates
- CVE-2015-0286: Segmentation fault in ASN1_TYPE_cmp fix
- CVE-2015-0287: ASN.1 structure reuse memory corruption fix
- CVE-2015-0289: PKCS7 NULL pointer dereferences fix
- CVE-2015-0293: DoS via reachable assert in SSLv2 servers fix
- CVE-2015-0209: Use After Free following d2i_ECPrivatekey error fix
- CVE-2015-0288: X509_to_X509_REQ NULL pointer deref fix
- Updated to webmachine 1.10.8
- Updated to webmachine 1.10.8
- New keys API tests
- New cookbook artifact API tests
- Keys API POST support: /organizations/$ORG/clients/$CLIENT/keys and /users/$USER/keys
- the fields
external_authentication_uidandrecovery_auth_enabledare now preserved on user PUT when they are not provided.
- New GET/POST
BASE_URL/cookbook_artifacts/NAME/IDENTIFIERendpoint - Updated to webmachine 1.10.8
- nginx bookshelf caching, enabled with
opscode_erchef['nginx_bookshelf_caching'] = :on - s3 URL expiry window setting,
opscode_erchef['s3_url_expiry_window_size'], which can have values in minutes (e.g."15m"), percentage (e.g."15%"), or just be:off. - Ensure shell metacharacters in arguments to chef-server-ctl user- and org- commands are properly handled.
- Pull in chef-client 12.0.3.
- Update rabbitmq cookbook to be compatible with modern chef-client.
- Update pivotal and knife-ec-backup knife configs to be compatible with modern chef-client.
- Use chef-client -z instead of chef-solo in the server.
- keys API: new GET support for
/users/$user/keysand/organizations/$org/clients/$client/keys - module epgsql brought up to current.
- Fix LDAP regressions related to multiple fields, anonymous bind, and group_dn
- Add incubation feature for policyfiles. Feature flag off by default.
- Add
s3_url_expiry_window_sizesetting for s3 URL caching.
- test support for keys API endpoint (GET)
- test support for policyfile endpoints
- Use chef-client -z instead of chef-solo.
- Reference chef-client via
base_path.
- Added keys table / key rotation support.
- Needed for ohai >= 2.
- Add preliminary systemd support
- Make it possible to pass arbitrary attrs to runit resources
- Updated chef-pedant to 1.0.41, oc-chef-pedant to 1.0.73. These versions have been updated to use RSpec 3.
- Added key management and rotation commands add-client-key, add-user-key, delete-user-key, delete-client-key, list-client-keys, and list-user-keys.
- Pulled in Chef 11.18.0. This will fix "ffi-yajl and yajl-ruby gems have incompatible C libyajl libs" warning when running chef-server-ctl commands.
- Ensure nginx restarts on frontends after lua-related changes
- Updated nginx's logrotate config with proper log ownership.
- Nginx logs $http_x_forwarded_for instead of $remote_addr if nginx['log_x_forwarded_for'] is true. The default is false
- Log an error and exit when DRBD mount attempts are exhausted rather than entering an infinite loop.
- Fix installation errors caused by PERL5LIB environment variable
- chef-server-ctl now returns non-zero exit codes for errors during user and organization-related commands.
- Use -D for --download-only option in chef12-upgrade-download command, avoiding option name conflict.
- add basic multikey/key rotation support. This is not yet exposed via
the REST API, but is being used within
oc_erchefitself.
- Updated
sqerlversion to pull in more currentepgsqldependency - Pulled repos
chef_db,chef_index,chef_objects,depsolver,oc_chef_authz, andoc_chef_wminto apps inoc_erchef. - Pulled
chef_wmintooc_chef_wm. - Updated integration tests, and got integration and unit tests running in Travis CI.
- Remove array merging in
chef_deep_merge, fixing incorrect search results for arrays.
- Updated mover to pull in oc_erchef since some dependencies where moved there.
- Use HTTPS instead of GIT to pull down dependencies in Makefile.
- merged
oc_erchefconfiguration sections forchef_wmintooc_chef_wm
- Fix bug that can cause long-running migrations to hang indefinitely
- Expose configurable value for database bulk fetch batch size to use during Solr 4 migrations
- Update to version 0.4.4 to patch a doorkeeper CSRF vulnerability
- update to version 2.2.17, with better failure case handling and increased timeouts.
- pin mixlib-shellout to 1.6.1
- pin mixlib-shellout to 1.6.1
- added new
group_dnldap attribute to require users to be in the named group. - Refactored superuser bootstrap process to use new chef-server-bootstrap repository instead of opscode-test, which pulled in a variety of now deprecated ruby repositories.
- Update location/name of Chef’s public GPG key.
- Fetch chef-server-ctl man page directly from chef-docs repo.
- Repository that replaces opscode-test, allowing us to deprecate several old ruby repositories.
- module
chef_wmmerged intooc_chef_wm - support for ldap user search including memberOf group,
via attribute
group_dn
- Restart logging service on log configuration change
- Make project-ctl configurable by name
- Exclude gz files from tail
- Add
ip_modeandnormalize_hostfor ipv6 configuration - Add configuration for queueing in pooler
- Expose
db_timeoutfor sqerl in Erchef, bifrost and mover as a parameter that can be set in the "/etc/opscode/chef-server.rb" file for convenience. By default there is a hard coded value of 5 seconds (5000ms) as per: sqerl_client.erl - Select appropriate default port for LDAP and LDAPS (when encryption is selected, as previously user had to manually add port to make it work).
- Expose
proxy_connect_timeoutfor Nginx when it connects to the backends, so it can be adjused. The hard coded default might not be sufficient in some cases. - Expose
folsom_graphiteconfiguration, default to disable - Move Postgres database stop/start out of migrations
- Gracefullly attempt to start the database during migrations
- Add ability to configure SQL query timeout for Erchef, bifrost and mover.
- Provide reasonable default for LDAP and LDAPS ports.
- Deprecate ldap "encryption" setting and replace with
ssl_enabled/tls_enabled. Add further validation and sanity checks around ldap settings, as well as deprecation warnings. - Add ability to configure timeout for connect() when connecting to backends.
- fix issue in which local mode auth was not handled correctly, preventing accounts on an LDAP server from being associated with existing Chef Server accounts when the login name differed.
- Modify test of local mode authentication to be correct
- Turn org creation validation off by default
- Add test for /organizations/:org_id/ANY/_acl endpoint
- Add coverage for /users/USER/organizations endpoint
- additional test for proper behavior when attempting to remove an org's admin.
- Update tests to reflect that clients no longer have C/U/D permissions on data bags by default.
- Fix for consistent return values in oc_erchef
- route /organizations/:org_id/ANY/_acl endpoint
- set default client ACLs for data bags to read-only. See Release Notes for i important related details.
- correct message logging in org-user association/disassociation process
- new /controls endpoint in support of upcoming client features
- revert functionality change where erchef version of /users/X/organizations endpoint no longer returned "guid" field. This field is used by internal products in our hosted environment and cannot yet be removed.
- fix regression in which organization user was partially removed even though removal was disallowed because user is an admin.
- update actions to support capture of acl activity
- Internal placeholder we used to indicate our hosted product switch from Erlang R15B03-1 to R16B03-1. Note that R16B03-1 has been included in CS12 since the first RC.
- update sqerl to use queuing-enabled pooler API
- update pooler to 1.3.3, which adds queueing support
- Add folsom-graphite dependency (used for runtime stats gathering)
- fix regression that broke org caching
- Org support in postgres
- Reindexing support to check redis flags
- Fix typo in darklaunch interrogation
- Set
VERSIONenvironment variable on database migrations to avoid conflict during upgrades
- changes to addon installs to default to lucid when current ubuntu codename isn't in the accepted list (to support installs on 14)
- added apt-transport-https package in case it was missing from the system (packagecloud requires it)
- created chef-server.rb during install to cut down on user confusion
- [opscode-omnibus-597] Limit postgresql shared memory usage to stay under SHMAX
- Change postgres effective_cache_size to 50% of available RAM instead of hard coding at 128MB
- updated references to omnibus-ruby repo to be omnibus
- changelog - fix markdown formatting errors
- changelog - added this changelog note
- [OC-11769] make oc_chef_authz a tunable in private-chef.rb
- Fix oc_chef_authz timeout tunable
- Make postgresql slow query logging configurable
- Fix missing resources on API HTML pages
- Fixed the default value for Postgres effective_cache_size
- Adjust perms to 0750 for all service's log dir
- Add and use new perms attribute
- Add an OmnibusHelper method to provide an owner and group hash
- Partition server start/stop in upgrade process
- Changed commands org-associate and org-dissociate to org-user-add and org-user-remove, respectively.
- Update password command to use knife-opc so as to work post-removal of mixlib-authorization.
- SRTP Memory Leak (CVE-2014-3513)
- Session Ticket Memory Leak (CVE-2014-3567)
- Build option no-ssl3 is incomplete (CVE-2014-3568)
- properly configure ldap under erchef, and add some safeguards against incorrect encryption configuration.
- oc_erchef updated to 0.27.4
- Bump the chef_max_version to 12 (this is the max chef client version that Chef Server will accept)
- expose license configuration options
- Add man page for chef-server-ctl.
- Correct gather-logs to point to chef-server.rb
- Disable SSLv3 support in nginx
- Added command line options to open-source-to-chef-server-12 upgrade for finer-grained control of migration process
- Improve error handling in org creation and deletion.
- Fixed pooler bug with regard to timed out pool member starts
- Add org info to actions
- ldap start_tls support
- ldap simple_tls support
- support for correctly looking up users by external auth id
- fix for GET of org users not returning correct state record, resulting in requests not properly terminating
- Fix meck dependency locking issue.
- Add support for Chef signed headers in Resource Owner Password Credentials flow
- Add new endpoint (/v1/me/organizations) to get the list of organizations for the user represented by a Bearer token
- Update doorkeeper gem to 1.4.0
- Add support for Resource Owner Password Credentials flow
- Clean up error handling for org user associations and invites migrations
- Fix backwards compatibility issues with oc_chef_authz intergration
- removed check for maximum client version (only checks for minimum, i.e., <10)
- updated server flavor from 'ec' to 'cs' (Chef Server) now that servers have been merged
- Restricted chef-server-ctl install to known Chef packages
- Correct show-config command/recipe to point at chef-server.rb instead of private-chef.rb
- Updated knife-opc config so that user / org / association commands now work if non-default ports are used.
- re-enable ctrl+c for chef-server-ctl commands by setting "client_fork false" in solo.rb
- Extended API with
add_command_under_category, that allows ctl projects to group commands under categories, resulting in more logical help output. - Added concept of hidden services that hides certain services from those listed in
chef-server-ctl status. - Any service (even hidden ones) can still be status checked via
chef-server-ctl status <service>. - opscode-chef-mover was added as a hidden service.
- add support for ssl version configuration
- Fix rspec deprecations
- Remove test of curl
- Ensure contents of install dir (
/opt/opscode) are owned by root. - Configure oc-chef-pedant ssl version to match nginx
- Change to using /etc/opscode/chef-server.rb from /etc/opscode/private-chef.rb
- Symlink private-chef.rb to chef-server.rb if private-chef.rb is present
- Erlang R16 support
- Update to latest cacerts as of 2014/08/20
- Add support for pluggable high availability system
- We use a sqitch based schema instead.
- We are pleased to announce that we have migrated all data over to sql.
- Updates org_migration_state table with migration_type and verification
- Update org_migration_state with support for solr 4 migration
- Cleans up reporting schema info table
- Clean up Makefile to preserve PATH variable
- Update password hash type for OSC password hash types
- Fix constraints for org_user_assocations and org_user_invites
- Add tables for organizations, org_user_associations, and org_user_invites
- Replaced R15, which was only used by the services we removed.
- Add support for tools to backup and restore from chef servers.
- Remove /system-recovery endpoint tests
- Enhance test coverage for user-org association
- Update acl, organization and association tests for ruby-erlang differences
- Add tests for
- authenticate_user endpoint
- users email validation
- superuser access
- certs in pubkey field for user
- default organization rewriting
- verify-password
- oc_authz_migrator is no longer needed
- Organizations in erchef and in sql
- organization association and invites in erchef and sql
- Initial low level work for organizations and associations in SQL
- Improve reindexing script
- ACL endpoint in erchef
- Add chef action data_payloads
- Add default organization support for OSC compatibility
- Add license endpoint support
- Add global placeholder org macro.
- System recovery endpoint work: Fix so recovery_authentication_enabled is correct for new users
- Add internal chef keygen cache to replace opscode-certificate service.
- do not force user key type to public on regeneration
- Bugfix for concurrent cookbook uploads
- Automatically upgrade user password salt algorithm on auth
- Cleanups for user password encryption
- Groups endpoing in sql and in erchef
- Update authenticate_endpoint for LDAP
- Update chef users email validation and filtering
- Add chef users endpoint.
- The last remaining endpoints (organizations, and user-org association and invites) are entirely implemented in erchef now.
- This is replaced by the keygen service in erchef.
- Organizations, user-org association, and user-org invite migrations from couchdb to SQL
- Migration of global containers and global groups from couchdb to SQL
- Backwards incompatible API change: Group creation (POST) ignores users and clients
- Containers and groups migration from couchDB to postgreSQL
- Bcrypt user migrations
- Solr4 migration
- Generalized migrate scripts and other code to be migration_type agnostic
- Improved support for non-org based migrations
- Update for Erlang R16
- Erchef no longer needs multi-phase organization create; direct creation is sufficient.
- Orgmapper is no longer useful after migrations to SQL are complete.
- Upgrade to solr 4.
- It is superceded by the opcsode-manage package
- Removed. Docs can be found at docs.opscode.com
- Introduce pluggable HA architecture as an alternative to DRBD
- [OC-10117] opscode-solr4 accepts Java-like memory attributes
- [OC-11669] keepalived safe mode
- Update is from 1.9.3-p484
- No longer needed because opscode-account is gone
- Renamed from private-chef-ctl
- Added chef-server-ctl upgrade command to support migrations from the open source chef 11 server
- Added tooling to manage users and orgs from the command line via knife-opc
- Added chef-server-ctl install command to install chef add-on packages (via web or local file)
- Clarify the use of the --path options for the
installsubcommand
- [OC-10470] Allow private-chef-ctl status to ignore disabled services.
- [OC-11574] private-chef-ctl service commands should be HA aware
- [OC-9877] exclude binary files and archives from *-ctl tail
- Ensure contents of install dir (
/opt/opscode) are owned by root.
- Update to 0.4.5
- Fix issue where 'private-chef' was being changed to 'private_chef' unexectedly in upstart/runit files
- Add Makefile for automating builds
- [CA-555] Update 11.1-stable oc_erchef with latest oc_chef_action
- [OC-11672] Upgrade PostgreSQL to 9.2.9
- [OC-11575] Don't start services by default in HA topology
- Update to 0.4.4
- Update to latest of oc_chef_action to get hostname from fqdn instead of inet
- Setting the CHEF_ACTIONS_MESSAGE_VERSION to 0.1.0
- Sets ['dark_launch']['actions'] = true
- Update to latest cacerts as of 2014-04-22
- Update embedded chef gem to 11.12.2
- Add authz API support
- Refactor PERL Postgres driver installation
- [analytics] Copy webui_priv into opscode-analytics if actions is enabled
- [OC-11297] Tweak partybus migration-level subscribes for a more reliable workaround
- [OC-11459] Allow opscode-manage to easily be moved off of 443
- [OC-11540] Fix invalid opscode-account config when forcing SSL
- [OC-11601] Fix a race condition that sometimes caused redis_lb to attempt to reconfigure itself before it was restarted.
- [OC-11668] Enable ipv6 in standalone mode
- [OC-11673] Tune PostgreSQL keepalive timeouts
- [OC-11710] Fix couchdb compaction log rotation
- Add bifrost_sql_database uri to orgmapper.conf
- [OC-11585] Allow ['lb']['upstream'] to have a custom setting
- [CHEF-3045] increase s3_url_ttl from 15m to 8h
- Use SSL port for lb_internal if non-SSL is disabled
- Lock down postgresql
- Add a gather-logs command to create a tarball of important logs and system information for Chef Support
- [OC-9877] Fix bug that included binary files and archives when using 'private-chef-ctl tail'
- Add Chef Identity Service (oc-id)
- Fix for CVE-2014-3512
- Fix for CVE-2014-3511
- Fix for CVE-2014-3510
- Fix for CVE-2014-3507
- Fix for CVE-2014-3506
- Fix for CVE-2014-3505
- Fix for CVE-2014-3509
- Fix for CVE-2014-5139
- Fix for CVE-2014-3508
- Upgrade to RabbitMQ 3.3.4
- [OC-11702] - fails to expand ACLs and groups when they contain groups that no longer exist
- [OC-11708] - fixes user association bug that relied on permissions of the last updater of the users group
- exit immediately on errors
- [OC-11499] Use more strict regular expression for IP check in ha-status
- [OC-3107] Ensure CouchDB compaction cron job does not run on passive backend.
- [OC-11601] Restart redis_lb immediately during reconfigure
- [OC-11490] Explicitly set keepalived directory ownership
- [OC-11297] EC 11 fresh install not saving migration state
- [OC-11656] Set explicit owner and group for services without them
- Address a PostgreSQL configuration error. The defect allows any local user on the system hosting the Chef Server’s PostgreSQL components full access to databases.
- [OC-11662] Separate redis_keepalive_timeout from redis_connection_timeout and increase their default values from 60ms to 1000 and 2000ms, respectively.
- [OC-11657] Bump default svwait timeout of 7 seconds to 30 seconds
- [OC-11382] keepalived restart interferes with upgrades
- [OC-8881] private-chef-ctl password does not work
- Update gather-logs and migration scripts to honor postsgresql['username']
- Address vulnerabilities CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-3470 https://www.openssl.org/news/secadv\_20140605.txt return code
- [OC-11581] private-chef-ctl test command should return the pedant return code
- rename oc_actionlog to actions
- Use dark launch to enable Chef Actions (default: off)
- Write out Actions configuration file for use by opscode-analytics
- Add tests for superuser password authentication
- Prevent password authentication for pivotal superuser
- Remove legacy chargify code
- Updated knifetests to work with the latest reporting API
- platform_family fixes to couchdb and drbd cookbooks
- Set random initial password for pivotal user on bootstrap
- new dep: libffi
- new dep: libarchive
- CVE-2014-0138: libcurl can in some circumstances re-use the wrong connection when asked to do transfers using other protocols than HTTP and FTP
- CVE-2014-0139: libcurl incorrectly validates wildcard SSL certificates containing literal IP addresses when built to use OpenSSL
- CVE-2014-1263: When asked to do a TLS connection (HTTPS, FTPS, IMAPS, etc) to a URL specified with an IP address instead of a name, libcurl built to use Darwinssl would wrongly not verify the server's name in the certificate
- CVE-2014-2522: When asked to do a TLS connection (HTTPS, FTPS, IMAPS, etc) to a URL specified with an IP address instead of a name, libcurl built to use Winssl would wrongly not verify the server's name in the certificate
- upgrade to version 11.10.4
- upgrade to r15b03-1
- upgrade to nokigiri 1.6.1
- CVE-2014-2525: Heap-based buffer overflow allows context-dependent attackers to execute arbitrary code
- add oc_chef_action to oc_erchef (support for opscode-analytics actions package)
- CVE-2014-0160: heartbeat extension allows remote attackers to obtain sensitive information from process memory
- fix USAG and organization creation for sql
- fix bug where billing-admins creation crashed for sql
- gracefully fail association request if org is in 504 mode
- speed up internal org-creation by removing Couchdb _all_dbs call
- check org _route endpoint for groups darklaunch during org creation
- fix schema constraint bug during LDAP user creation
- Ruby on Rails security updates
- upgrade to 9.2.8
- Increase postgresql max_connections to 350 to handle 4 node cluster
- Manage permissions for /var/log/opscode for non 0022 umasks
- Remove incorrect mention of
heartbeat_devicefromha-statusoutput.
- added CLI options for running /internal-organization endpoint tests
- added tag for running organization tests
- add association tests to tags list
- added test coverage for /organization and /internal-organization endpoints
- added association framework and tests
- Add ossp-uuid extension to Postgres 9.2
- Add libossp-uuid library for Postgres
- Configure oc_actionlog in oc_erchef and rabbit
- Remove :session and :environment from webui exception emails
- Add internal /_routes endpoint to load balancer
- remove banned/whitelist IP checking from OpenResty Lua config that breaks ipv6 clients
- [keepalived] update to 1.2.9 + patch for Centos 5.5
- [perl] generate an Omnibus-friendly CPAN config
- [openssl] CVE-2013-4353/CHEF-4939 - tls handshake causes null pointer in OpenSSL
- [berkshelf] update to 2.0.12
- [libyaml] CVE-2013-6393 - update libyaml to 0.1.5
- Add redis gem for reconfigure management of redis install
- Add Lua lpeg library for use in refactored openresty routing config
- Add back in for use in openresty routing config
- Remove request logging, which causes backups and crashing under heavy load
- Add containers table
- Add new enum type and columns for user password hash
- Add groups table
- Add index for opc_users(customer_id) (improves delete performance)
- [CHEF-4086] Add tests for cookbook version host header changes
- Add tests to validate newly created organizations
- Updates to /containers endpoint tests for ruby / erlang switching
- Updates to /groups endpoint tests for ruby / erlang switching
- Use IPV6-compatible rest-client gem for testing IPV6
- Add tests for /users/:user/_acl endpoint
- Update /principals endpoint tests for pushy updates
- Add IPV6 support
- Use shared opscoderl_wm to pull in webmachine dependency
- [CHEF-4086] Add configurable host for S3 pre-signed URLs
- Refactor chef_objects, chef_db, and chef_wm to support non-open-source features
- Add support for SQL/Erlang /containers endpoint (not migrated)
- Add support for SQL/Erlang /groups endpoint (not migrated)
- Convert all configuration fetching code to use envy library
- Remove REST API for darklaunch
- Add containers API docs to oc_erchef code base
- Remove caching of search-related database responses
- Remove fast_log and replace with lager
- Add IPV6 support
- Differentiate between 404s for missing principal vs. missing org
- Remove SQL switching code for migrated objects
- Support container objects in SQL
- Support group objects in SQL
- Remove obsolete clients controller
- Encrypt user passwords with bcrypt
- BUGFIX: allow non-admin users to leave organizations
- Remove UPDATE from containers API
- Add IPV6 support
- BUGFIX: fix Ace.new method in #update_user_ace
- BUGFIX: don't log password changes in plain text
- BUGFIX: /organizations API can't show billing admins group
- Ensure sqitch uses an Omnibus-specific CPAN config
- [keepalived] Adjust command syntax for 1.2.9
- [erchef / bookshelf] Add s3_external_url configuration
- [all] Add IPV6 address support
- [nginx] Add ipv6only option to listen directive
- [sysctl] Force net.ipv6.bindonly to 0
- [opscode-certificate] Run certificate service on front-ends
- [redis] Add redis back into EC build (name redis-lb)
- [enterprise-chef-server-schema] Add schema upgrade for bcrypt user password support
- [openresty] Add lua-based upstream routing
- [oc_bifrost] Use opscoderl_wm logging
- [oc_erchef] Replace fast_log with lager
- [oc_erchef] Remove deprecated use of db_type for sqerl config
- [configuration] Increment api_version for release 11.0.0 -> 11.1.0
- [opscode-certificate] Make sure :restart action occurs on all nodes
- [keepalived] Fixes for keepalived.conf to work with 1.2.9 unicast
- [bookshelf] Turn off request logging