Data Collection without Chef Server

[edit on GitHub]

Important

Previous step: Setup Data Collection

If you do not use a Chef server in your environment (if you only use `chef-solo`, for example), you can configure your Chef clients to send their run data to Automate directly.

To enable this functionality, you must perform the following steps:

  • Configure a Data Collector token in Chef Automate (see prior section)
  • Add Chef Automate SSL certificate to trusted_certs directory
  • Configure Chef Client to use the Data Collector endpoint in Chef Automate

Add Chef Automate certificate to trusted_certs directory

Note

This step only applies to self-signed SSL certificates. If you are using an SSL certificate signed by a valid certificate authority, you may skip this step.

Chef requires that the self-signed Chef Automate SSL certificate (HOSTNAME.crt) is located in the /etc/chef/trusted_certs directory on any node that wants to send data to Chef Automate. This directory is the location into which SSL certificates are placed when a node has been bootstrapped with chef-client.

To fetch the certificate onto your workstation, use knife ssl fetch and pass in the URL of the Chef Automate server. You can then use utilities such as scp or rsync to copy the downloaded cert files from your .chef/trusted_certs directory to the /etc/chef/trusted_certs directory on the nodes in your infrastructure that will be sending data directly to the Chef Automate server.

Configure Chef Client to use the Data Collector endpoint in Chef Automate

Note

Chef version 12.12.15 or greater is required.

The data collector functionality is used by the Chef client to send node and converge data to Chef Automate. This feature works for the following: Chef client, and both the default and legacy modes of Chef solo.

To send node, converge, and compliance data to Chef Automate, modify your Chef config (that is client.rb, solo.rb, or add an additional config file in an appropriate directory, such as client.d) to contain the following configuration:

data_collector.server_url "https://my-automate-server.mycompany.com/data-collector/v0/"
data_collector.token "TOKEN"
profiles['root_url'] = 'https://my-automate-server.mycompany.com'

where my-automate-server.mycompany.com is the fully-qualified domain name of your Chef Automate server and TOKEN is the token value you configured in the earlier step.

Additional Configuration Options:

Configuration Description Options Default
data_collector.mode The mode in which the data collector is allowed to operate. This can be used to run data collector only when running as Chef solo but not when using Chef client. :solo, :client, or :both :both
data_collector.raise_on_failure When the data collector cannot send the “starting a run” message to the data collector server, the data collector will be disabled for that run. In some situations, such as highly-regulated environments, it may be more reasonable to Prevents data collection when the data collector cannot send the “starting a run” message to the data collector server. In these situations, setting this value to true will cause the Chef run to raise an exception before starting any converge activities. true, false false
data_collector.organization A user-supplied organization string that can be sent in payloads generated by the data collector when Chef is run in Solo mode. This allows users to associate their Solo nodes with faux organizations without the nodes being connected to an actual Chef server. string none