Upgrading Chef Server and Chef Client on Nodes to Patch Heartbleed Vulnerability

April 11, 2014

Recently with the CVE-2014-0160 (“Heartbleed”) vulnerability in certain versions of OpenSSL, I had to upgrade my Open Source Chef Server and Nodes. Below are some notes on how I went about the upgrade to the latest version.

*Obviously you should test this for yourself on non production if possible

To upgrade the Open Source Chef Server
*I found the appropriate version at http://www.getchef.com/chef/install/ for myself in this case 11.0.12 the latest
*The tar was just to backup the old chef files as a precaution

bash-$ wget https://opscode-omnibus-packages.s3.amazonaws.com/el/6/x86_64/chef-server-11.0.12-1.el6.x86_64.rpm
bash-$ tar -czf ~/"chef-server-`date +%F`.backup.tar.gz" /etc/chef-server
bash-$ yum remove chef-server
bash-$ yum install chef-server-11.0.12-1.el6.x86_64.rpm
bash-$ chef-server-ctl reconfigure
bash-$ chef-server-ctl restart

To upgrade the Chef Client on my Nodes
*This is to go to the latest in this case 11.12.2

bash-$ chef-client -version
Chef: 11.8.0
bash-$ curl -L https://www.opscode.com/chef/install.sh | sudo bash
bash-$ chef-client -version
Chef: 11.12.2

Leave a Reply