Data Collection without Chef Infra Server
If you do not use a Chef Infra Server in your environment (if you only
chef-solo, for example), you can configure your Chef Infra Clients
to send their run data to Automate directly.
To enable this functionality, you must perform the following steps:
- Configure a Data Collector token in Chef Automate (see prior section)
- Add Chef Automate SSL certificate to
- Configure Chef Infra Client to use the Data Collector endpoint in Chef Automate
Add Chef Automate certificate to
Chef requires that the self-signed Chef Automate SSL certificate
HOSTNAME.crt) is located in the
on any node that wants to send data to Chef Automate. This directory is
the location into which SSL certificates are placed when a node has been
bootstrapped with Chef Infra Client.
To fetch the certificate onto your workstation, use
knife ssl fetch
and pass in the URL of the Chef Automate server. You can then use
utilities such as
rsync to copy the downloaded cert files
.chef/trusted_certs directory to the
/etc/chef/trusted_certs directory on the nodes in your infrastructure
that will be sending data directly to the Chef Automate server.
Configure Chef Infra Client to use the Data Collector endpoint in Chef Automate
The data collector functionality is used by Chef Infra Client to send node and converge data to Chef Automate. This feature works for the following: Chef Infra Client, and both the default and legacy modes of Chef solo.
To send node, converge, and compliance data to Chef Automate, modify
your Chef config (that is
solo.rb, or add an additional
config file in an appropriate directory, such as
client.d) to contain
the following configuration:
data_collector.server_url 'https://my-automate-server.mycompany.com/data-collector/v0/' data_collector.token 'TOKEN' profiles['root_url'] = 'https://my-automate-server.mycompany.com'
my-automate-server.mycompany.com is the fully-qualified domain
name of your Chef Automate server and
TOKEN is the token value you
configured in the earlier step.
Additional Configuration Options:
|The mode in which the data collector is allowed to operate. This can be used to run data collector only when running as Chef solo but not when using Chef Infra Client.|
|When the data collector cannot send the "starting a run" message to the data collector server, the data collector will be disabled for that run. In some situations, such as highly-regulated environments, it may be more reasonable to Prevents data collection when the data collector cannot send the "starting a run" message to the data collector server. In these situations, setting this value to |
|A user-supplied organization string that can be sent in payloads generated by the data collector when Chef is run in Solo mode. This allows users to associate their Solo nodes with faux organizations without the nodes being connected to an actual Chef Infra Server.|