Data Collection without Chef Infra Server
Important
If you do not use a Chef Infra Server in your environment (if you only
use chef-solo, for example), you can configure your Chef Infra Clients
to send their run data to Automate directly.
To enable this functionality, you must perform the following steps:
- Configure a Data Collector token in Chef Automate (see prior section)
- Add Chef Automate SSL certificate to
trusted_certsdirectory - Configure Chef Infra Client to use the Data Collector endpoint in Chef Automate
Add Chef Automate certificate to trusted_certs directory
Note
Chef requires that the self-signed Chef Automate SSL certificate
(HOSTNAME.crt) is located in the /etc/chef/trusted_certs directory
on any node that wants to send data to Chef Automate. This directory is
the location into which SSL certificates are placed when a node has been
bootstrapped with Chef Infra Client.
To fetch the certificate onto your workstation, use knife ssl fetch
and pass in the URL of the Chef Automate server. You can then use
utilities such as scp or rsync to copy the downloaded cert files
from your .chef/trusted_certs directory to the
/etc/chef/trusted_certs directory on the nodes in your infrastructure
that will be sending data directly to the Chef Automate server.
Configure Chef Infra Client to use the Data Collector endpoint in Chef Automate
Note
The data collector functionality is used by Chef Infra Client to send node and converge data to Chef Automate. This feature works for the following: Chef Infra Client, and both the default and legacy modes of Chef solo.
To send node, converge, and compliance data to Chef Automate, modify
your Chef config (that is client.rb, solo.rb, or add an additional
config file in an appropriate directory, such as client.d) to contain
the following configuration:
data_collector.server_url "https://my-automate-server.mycompany.com/data-collector/v0/"
data_collector.token "TOKEN"
profiles['root_url'] = 'https://my-automate-server.mycompany.com'
where my-automate-server.mycompany.com is the fully-qualified domain
name of your Chef Automate server and TOKEN is the token value you
configured in the earlier step.
Additional Configuration Options:
| Configuration | Description | Options | Default |
|---|---|---|---|
data_collector.mode | The mode in which the data collector is allowed to operate. This can be used to run data collector only when running as Chef solo but not when using Chef Infra Client. | :solo, :client, or :both | :both |
data_collector.raise_on_failure | When the data collector cannot send the "starting a run" message to the data collector server, the data collector will be disabled for that run. In some situations, such as highly-regulated environments, it may be more reasonable to Prevents data collection when the data collector cannot send the "starting a run" message to the data collector server. In these situations, setting this value to true will cause the Chef run to raise an exception before starting any converge activities. | true, false | false |
data_collector.organization | A user-supplied organization string that can be sent in payloads generated by the data collector when Chef is run in Solo mode. This allows users to associate their Solo nodes with faux organizations without the nodes being connected to an actual Chef Infra Server. | string | none |