Data Collection without Chef Server¶
Important
Previous step: Setup Data Collection
If you do not use a Chef server in your environment (if you only use `chef-solo`
, for example), you can configure your Chef clients to send their run data to Automate directly.
To enable this functionality, you must perform the following steps:
- Configure a Data Collector token in Chef Automate (see prior section)
- Add Chef Automate SSL certificate to
trusted_certs
directory- Configure Chef Client to use the Data Collector endpoint in Chef Automate
Add Chef Automate certificate to trusted_certs
directory¶
Note
This step only applies to self-signed SSL certificates. If you are using an SSL certificate signed by a valid certificate authority, you may skip this step.
Chef requires that the self-signed Chef Automate SSL certificate (HOSTNAME.crt
) is located in the /etc/chef/trusted_certs
directory on any node that wants to send data to Chef Automate. This directory is the location into which SSL certificates are placed when a node has been bootstrapped with chef-client.
To fetch the certificate onto your workstation, use knife ssl fetch
and pass in the URL of the Chef Automate server. You can then use utilities such as scp
or rsync
to copy the downloaded cert files from your .chef/trusted_certs
directory to the /etc/chef/trusted_certs
directory on the nodes in your infrastructure that will be sending data directly to the Chef Automate server.
Configure Chef Client to use the Data Collector endpoint in Chef Automate¶
Note
Chef version 12.12.15 or greater is required.
The data collector functionality is used by the Chef client to send node and converge data to Chef Automate. This feature works for the following: Chef client, and both the default and legacy modes of Chef solo.
To send node, converge, and compliance data to Chef Automate, modify your Chef config (that is
client.rb
, solo.rb
, or add an additional config file in an appropriate directory, such as client.d
) to contain the following configuration:
data_collector.server_url "https://my-automate-server.mycompany.com/data-collector/v0/"
data_collector.token "TOKEN"
profiles['root_url'] = 'https://my-automate-server.mycompany.com'
where my-automate-server.mycompany.com
is the fully-qualified domain name of your Chef Automate server and
TOKEN
is the token value you configured in the earlier step.
Additional Configuration Options:¶
Configuration | Description | Options | Default |
---|---|---|---|
data_collector.mode |
The mode in which the data collector is allowed to operate. This can be used to run data collector only when running as Chef solo but not when using Chef client. | :solo , :client , or :both |
:both |
data_collector.raise_on_failure |
When the data collector cannot send the “starting a run” message to the data collector server, the data collector will be disabled for that run. In some situations, such as highly-regulated environments, it may be more reasonable to Prevents data collection when the data collector cannot send the “starting a run” message to the data collector server. In these situations, setting this value to true will cause the Chef run to raise an exception before starting any converge activities. |
true , false |
false |
data_collector.organization |
A user-supplied organization string that can be sent in payloads generated by the data collector when Chef is run in Solo mode. This allows users to associate their Solo nodes with faux organizations without the nodes being connected to an actual Chef server. | string |
none |