Skip to main content

Data Collection without Chef Infra Server

[edit on GitHub]


Previous step: Setup Data Collection

If you do not use a Chef Infra Server in your environment (if you only use chef-solo, for example), you can configure your Chef Infra Clients to send their run data to Automate directly.

To enable this functionality, you must perform the following steps:

  • Configure a Data Collector token in Chef Automate (see prior section)
  • Add Chef Automate SSL certificate to trusted_certs directory
  • Configure Chef Infra Client to use the Data Collector endpoint in Chef Automate

Add Chef Automate certificate to trusted_certs directory


This step only applies to self-signed SSL certificates. If you are using an SSL certificate signed by a valid certificate authority, you may skip this step.

Chef requires that the self-signed Chef Automate SSL certificate (HOSTNAME.crt) is located in the /etc/chef/trusted_certs directory on any node that wants to send data to Chef Automate. This directory is the location into which SSL certificates are placed when a node has been bootstrapped with Chef Infra Client.

To fetch the certificate onto your workstation, use knife ssl fetch and pass in the URL of the Chef Automate server. You can then use utilities such as scp or rsync to copy the downloaded cert files from your .chef/trusted_certs directory to the /etc/chef/trusted_certs directory on the nodes in your infrastructure that will be sending data directly to the Chef Automate server.

Configure Chef Infra Client to use the Data Collector endpoint in Chef Automate


Chef version 12.12.15 or greater is required.

The data collector functionality is used by Chef Infra Client to send node and converge data to Chef Automate. This feature works for the following: Chef Infra Client, and both the default and legacy modes of Chef solo.

To send node, converge, and compliance data to Chef Automate, modify your Chef config (that is client.rb, solo.rb, or add an additional config file in an appropriate directory, such as client.d) to contain the following configuration:

data_collector.server_url ''
data_collector.token 'TOKEN'
profiles['root_url'] = ''

where is the fully-qualified domain name of your Chef Automate server and TOKEN is the token value you configured in the earlier step.

Additional Configuration Options:

data_collector.modeThe mode in which the data collector is allowed to operate. This can be used to run data collector only when running as Chef solo but not when using Chef Infra Client.:solo, :client, or :both:both
data_collector.raise_on_failureWhen the data collector cannot send the "starting a run" message to the data collector server, the data collector will be disabled for that run. In some situations, such as highly-regulated environments, it may be more reasonable to Prevents data collection when the data collector cannot send the "starting a run" message to the data collector server. In these situations, setting this value to true will cause the Chef run to raise an exception before starting any converge activities.true, falsefalse
data_collector.organizationA user-supplied organization string that can be sent in payloads generated by the data collector when Chef is run in Solo mode. This allows users to associate their Solo nodes with faux organizations without the nodes being connected to an actual Chef Infra Server.stringnone

Next Steps