Skip to main content

Supermarket Integration

Chef Supermarket is the site for cookbooks. It provides a searchable cookbook repository and a friendly web UI. In this article, we will configure and integrate an existing private Supermarket with an Airgapped installation of Chef Automate.


  1. To start with the supermarket integration, firstly, use the chef-automate binary to create an Airgap Installation Bundle (.aib) for Automate on an internet-connected host. Refer to the System Requirement page for the hardware and software requirements. Refer to the Airgapped Installation page for the complete steps of airgapped installation. Once you are done with the deployment of Automate, following the steps below:

  2. Check the status of all the components using the following command:

    chef-automate status
  3. Create a user using the following command:

    chef-server-ctl command

    N.B. For more help on how to create user using the chef-server-ctl utility, refer this documentation.

Register Supermarket with Automate Embedded Chef Identity

When you install Chef Automate, it bundles the Chef-Server OC-ID component as an Oauth provider. Users can use the Oauth provider to log in to another application (e.g. Supermarket) using their Chef-Server credentials. Follow the steps below to register the applications to use OC-ID as a medium to log in to the respective applications. Once you finish the registration, you will be authorized to use Chef-Server login credentials to login to the application.

  1. Create a file to list down the details of the application you want to register with OC-ID. In the file ocid-apps.toml, mention the application’s name and the redirect_uri. The content of the created file should be in the following format:

            name = ""
            redirect_uri = ""

    Update the FQDN/Host Name of your supermarket website in the redirect_uri. Refer to the code below:

            name = "supermarket"
            redirect_uri = "https://<YOUR SUPERMARKET FQDN>/auth/chef_oauth2/callback"

    To add more than one application with the OC-ID service, keep repeating the above code in the file with the respective application details. For example:

            name = "application-1"
            redirect_uri = ""
            name = "application-2"
            redirect_uri = ""

    Using the above snippet, you can register two applications to the OC-ID.

  2. Now, patch the above configuration by running the below command:

    chef-automate config patch ocid-apps.toml

    Once the patch is successfully applied, the new application will get registered with Chef Identity.

  3. Verify whether the new configuration has been applied or not by running the following command:

    chef-automate config show

    The output of the above command should contain the values from the file you patched.

  4. Run the following ctl command to get the details of the applications registered with OC-ID.

    chef-automate config oc-id-show-app

    The output of the above command is as shown below:

    -   name: supermarket
        uid: 735c44e423787134839ce1bdb6b2ab8bd9eca5b656f0f4e69df3641ea494cdda
        secret: 4c371ceb46465b162c0b4a670573d80ac1d6adeebaa2638db53bb9f94d432340

Supermarket Configuration

To configure the supermarket in Chef Automate, follow the steps given below:

  1. SSH into the ec2 instance where the supermarket is installed. Then run the following commands:

    sudo su
    cd /etc/supermarket
  2. Update the supermarket.rb file in the /etc/supermarket directory with the application details retrieved from the automate instance after registering supermarket as an oauth application with OC-ID:

    default['supermarket']['chef_oauth2_app_id'] = "<uid>"
    default['supermarket']['chef_oauth2_secret'] = "<secret>"
    default['supermarket']['chef_oauth2_url'] = "<automate_url>"
    default['supermarket']['chef_oauth2_verify_ssl'] = false

    The flag chef_oauth2_verify_ssl value is boolean and should be based on whether you have a valid(non self-signed certificate) certificate for automate. If you have a valid certificate, set it as true, or else set it as false.

  3. Now, run the following reconfigure command to reflect the above changes in the running supermarket application:

    supermarket-ctl reconfigure
  4. Once reconfiguring is completed, visit the supermarket website on the browser. Refer to the image below:

    Supermarket Landing Page
  5. Hit the supermarket URL and select Sign In. You will be redirected to the Chef Identity page running inside Automate. Refer to the image below:

    Supermarket Sign In Page
  6. Sign in with the already created user credentials to authorize the supermarket app. Refer to the image below:

    Supermarket Credentials
  7. Authorize the supermarket to use your Chef account. Refer to the image below:

    Supermarket Authorization Page
  8. Once the supermarket application is successfully authorized, the screen looks like as shown in the below image:

    Supermarket Board

You have successfully logged in to the supermarket using the credentials of chef-server through the Chef Identity service running as part of Airgapped Automate.

Refer to the Configuration page, to check the optional settings for integration of private Supermarket in Chef Automate.

Edit this page on GitHub

Thank you for your feedback!


Search Results