Do you think IIT Guwahati certified course can help you in your career?
Introduction
Chef Automate is an enterprise dashboard as well as an analytic tool which enables cross-team collaborations with actionable insights for configuration and compliance. It helps change how the user Automate everything in the Stack. It offers real-time data across environments, powerful auditing capabilities, actionable insights, etc.
Component Overview
Some of the major components of Chef Automate 2 architecture are mentioned below:
Automate gateway
It serves as an application layer of Chef Automate’s architecture. All of the public-facing requests go through the gateway, and the process of authentication/authorization occurs here.
Deployment Service
This service is responsible for collecting the initial service configuration from the user. It performs all the activities that are required to set up the Chef Automate initially. It also manages the configuration patches as well.
Configuration Management Service
This service is responsible for serving all the configuration management-related information to API and user interface, including Chef Infra Server action data and Chef Infra Client run data.
Ingest Service
This service is the main ingress event handler for configuration management-related events. It also manages the data that is related to domains like cleanup, migration, and index initialization.
Compliance Service
This service is responsible for handling InSpec as well as scans job-related data, which also includes event ingestion and reporting.
Notification Service
This service is responsible for sending notifications which are based upon configured rules in response to events.
License Control Service
This service is responsible for providing policy information to the rest of the system that is derived from the license file. It also includes telemetry configuration.
AuthZ Service
This service is responsible for providing the API to determine what all actions a requestor is allowed to take on in Chef Automate.
AuthN Service
This service is responsible for providing the API to verify whether a requestor is allowed to interact with Chef Automate or not.
Teams Service
This service is an API for defining local teams that are used as a part of the authorization model for Chef Automate.
Session Service
This service is present and stands between the browser and Dex. It acts as an OpenID Connect client to Dex and also uses the Authorization Code Grant Flow.
Secrets Service
This service securely stores all the credentials for the other services.
Chef Automate API
Now, we will look at the various chef automate API commands:
Authentication
The Chef Automate API uses an API token which is passed in the header of the API request. If the user wants to create an admin token and set it as an environment variable, use the below command:
export TOKEN=`chef-automate iam token create <TOKEN-NAME> --admin`
An admin token has access to the entire Chef Automate API for an unlimited duration. The user needs to pass the token as part of the API call.
If the user wants to create API tokens that have limited permissions, then the user can do so by using their admin token to create a standard token. The user then can write a policy that exactly defines the API access for that standard token.
Reporting
Now, we will discuss the list control command in detail:
List Controls
It lists the controls from the last run and has optional filtering. It also supports filtering pagination but does not support sorting. By default, it is limited to 100.
Authorization Action
compliance:controlItems:list
Request Body Schema
filters: these represent the criteria used to filter the controls that are returned.
size: it represents the maximum number of controls that are to be returned.
text: it is the term which is used to match the resources on.
Report Manager
Now, we will discuss the list download report requests in detail:
List Download Report Requests
It returns the details of all the downloaded report requests that the user places.
Authorization Action
reportmanager:requests:list
Node Managers
Now, we will discuss create a node manager command in detail:
Create a Node Manager
It creates a node manager with the given name, credential id or credential data and type mentioned.
Authorization Action
infra:nodeManagers:create
Request Body Schema
account_id: it represents the account id which is associated with the node manager.
credential_data: it overrides the values in credential_id. This is used when the user has not yet created node credentials and provided credential data.
data_added: it represents the date at which the node manager was created.
name: it represents the user-defined name given to the node manager.
status: it represents the status of the node manager.
type: it represents the type of the node manager
credential_id: it is the UUID of the credential with the information that the user needs to connect to aws, azure, or GCP.
id: it is the UUID of the node manager
Event Feed
Now, we will discuss the List Summary Data of Events command in detail:
List Summary Data of Events
It returns the data that populates the guitar strings visual that are on the top of the event feed.
Authorization Action
event:events:list
Query Parameters
start: it represents the earliest events to return.
end: it represents the latest events to return.
timezone: it represents the user’s timezone to apply to the request.
filter: it represents the filters that are to be applied to the request.
Secrets
Now, we will discuss the create a secret command in detail:
Create a secret
It is used to create a secret. It requires values for name, type, and data.
Authorization Action
Secrets:secrets:create
Request Body Schema
data: it represents the secret data/
id: it is the UUID.
last_modified: it represents the timestamp, which denotes the last time the secret was modified.
name: it is the user-specified name for the secret.
tags: these are the tags which are associated with the secret.
IAM Users
The IAM local users aren’t attached to external identity providers.
Update self
It is to update a local user’s own name or password. If, in case, the password is to be changed, then both ‘password’ and ‘previous_password’ are required.
Authorization Action
iam:usersSelf:update
Path Parameters
id: it is the ID of the user. It can’t be changed. It is used to sign in.
Request Body Schema
name: it represents the display name for the local user.
password: it is the new password for the user. It is used by the user to sign in.
previous_password: it is the previous password for the user. It is optional, but if included, then it also requires the password field.
Chef Automate CLI Commands
Some of the Chef Automate CLI commands are mentioned below:
chef-automate
It is a helpful utility used to deploy as well as manage Chef Automate.
Usage
chef-automate COMMAND [flags]
chef-automate backup
Usage
chef-automate backup COMMAND [flags]
chef-automate config
Usage
chef-automate config COMMAND [flags]
chef-automate config patch
It applies partial Chef Automate configuration to the deployment. It takes the partial configuration, merges it with the existing configuration and applies it.
It manages the Chef Automate’s external certificate authority. It is used for establishing TLS/SSL communication with the automate.
Usage
ef-automate external-cert COMMAND [flags]
chef-automate iam
Usage
chef-automate iam COMMAND [flags]
chef-automate license apply
It applies the Chef Automate license token.
Usage
chef-automate license apply LICENSE [flags]
chef-automate license nodeRunReport
Usage
chef-automate license nodeRunReport [flags]
chef-automate preflight-check
It performs preflight check in order to verify host meets installation criteria.
Usage
chef-automate preflight-check [flags]
Feature Flags
To turn the beta, legacy, or in-development features on or off using the beta, lega, or feat flags. In order to open the feature flags window, simply select anywhere on the Chef Automate interface and enter feat, lega, or beta. The user can toggle their desired feature to either ‘ON’ or ‘OFF’ that position.
Frequently Asked Questions
Which service handles InSpec and scans job-related data?
The Compliance Service handles InSpec and scans job-related data.
Which service manages the users local to Chef Automate?
The Users Service manages the users local to Chef Automate.
Which command is used to enable the debug output?
The ‘-d’ command is used to enable the debug output.
Conclusion
In this article, we have extensively discussed the Chef Automate Basics.
If you wish to enhance your skills in Data Structures and Algorithms, Competitive Programming, JavaScript, etc., you should check out our Guided path column at Coding Ninjas Studio. We at Coding Ninjas Studio organize many contests in which you can participate. You can also prepare for the contests and test your coding skills by giving the mock test series available. In case you have just started the learning process, and your dream is to crack major tech giants like Amazon, Microsoft, etc., then you should check out the most frequently asked problems and the interview experiences of your seniors that will surely help you in landing a job in your dream company.
27+ registered 
