Meta tags:
description= The Chef Infra Server API handles all communication between Chef Infra Client or Chef Workstation. The Chef Infra Server API is an authenticated REST API, which means all requests require authentication and authorization. The Chef Infra tools such as knife and chef-server commands use the Chef Infra Server API for you.
The authentication process ensures that Chef Infra Server only responds to requests made by trusted users or clients. Chef Infra Server uses public key encryption. You create the public and private keys when you configure Chef Infra Client or setup Chef Workstation.;
Headings (most frequently used words):
chef, infra, server, key, authentication, user, api, knife, public, and, private, keys, update, pair, for, authenticating, with, authorization, use, storage, debug, issues, reregister, client, validator, nodes, workstations, requests, from, manage, other, options,
Text of the page (most frequently used words):
chef (338), the (178), infra (151), server (113), and (78), key (78), #client (59), api (53), with (49), overview (46), knife (45), node (45), user (39), that (38), version (32), install (32), private (31), automate (30), builder (30), for (28), deployment (28), authentication (27), can (26), using (26), workstation (25), manage (24), about (24), configure (24), aws (24), nodes (23), use (21), config (21), file (20), habitat (20), this (18), users (18), supermarket (18), upgrade (18), from (17), request (17), data (17), print (17), public (16), keys (16), you (16), create (16), end (16), packages (16), prem (16), community (14), directory (14), then (14), get (14), reference (14), are (13), update (13), your (13), rest (13), managed (13), 360 (13), pair (12), new (12), system (12), platform (12), management (12), license (12), backend (12), authorization (11), requests (11), each (11), time (11), list (11), delete (11), settings (11), all (10), require (10), organizations (10), pem (10), following (10), log (10), method (10), compliance (10), backup (10), restore (10), effortless (10), recovery (10), saas (10), postgresql (10), started (10), opensearch (10), database (10), used (9), name (9), run (9), requirements (9), uses (9), resources (9), debug (8), authenticated (8), when (8), set (8), username (8), add (8), example (8), object (8), etc (8), configuration (8), ops (8), cookbooks (8), ctl (8), cloud (8), prerequisites (8), origin (8), disaster (8), desktop (8), guide (8), certificates (8), iam (8), page (7), validator (7), made (7), security (7), make (7), date (7), will (7), clients (7), chef_server_url (7), client_name (7), echo (7), headers (7), openssl (7), supported (7), migrate (7), other (6), reregister (6), feedback (6), expiration (6), runs (6), ruby (6), def (6), puts (6), config_file (6), path (6), pychef (6), timestamp (6), local (6), setup (6), audit (6), inspec (6), style (6), cookstyle (6), cluster (6), services (6), package (6), troubleshooting (6), logs (6), integrations (6), dashboard (6), applications (6), certificate (6), enterprise (6), not (5), policy (5), terms (5), licensing (5), options (5), storage (5), contents (5), which (5), ensures (5), only (5), more (5), subcommands (5), groups (5), verify (5), authenticate (5), option (5), during (5), node_name (5), roles (5), exit (5), content (5), application (5), premises (5), files (5), stores (5), infrastructure (5), download (5), first (5), saves (5), progress (4), trademarks (4), registered (4), its (4), see (4), any (4), their (4), how (4), support (4), github (4), commands (4), must (4), current (4), has (4), active (4), generated (4), store (4), available (4), usage (4), autoconfigure (4), chef_api_request (4), script (4), curl (4), sign (4), hashed_body (4), process (4), repo (4), send (4), downloads (4), uninstall (4), saml (4), ldap (4), resource (4), packs (4), profiles (4), service (4), apis (4), upgrades (4), monitor (4), quick (4), start (4), deprecations (4), cops (4), firewalls (4), ports (4), high (4), availability (4), core (4), origins (4), profile (4), minio (4), single (4), cookbook (4), enrollment (4), getting (4), migration (4), courier (4), tokens (4), jobs (4), app (4), integration (4), external (4), elasticsearch (4), amazon (4), a2ha (4), platforms (4), edition (4), product (3), names (3), one (3), does (3), 2025 (3), authenticating (3), issues (3), workstations (3), table (3), edit (3), tools (3), such (3), makes (3), rsa (3), built (3), base (3), information (3), check (3), associated (3), modify (3), credentials (3), optional (3), specify (3), also (3), generate (3), named (3), subcommand (3), number (3), correct (3), setting (3), most (3), like (3), http (3), returned (3), error (3), destroy (3), interact (3), methods (3), return (3), execute (3), machine (3), node_info (3), envr (3), environment (3), testoption (3), else (3), large (3), exist (3), home (3), cli (3), get_rest (3), https (3), com (3), shows (3), bash (3), auth_headers (3), printf (3), _chef_dir (3), enc (3), base64 (3), awk (3), canonical_request (3), accept (3), hashed_path (3), body (3), endpoint (3), function (3), remove (3), env (3), account (3), nodey (3), banner (3), validation (3), right (3), bags (3), custom (3), bootstrap (3), communicate (3), attempts (3), trusted (3), herein (2), software (2), corporation (2), subsidiaries (2), affiliates (2), rights (2), reserved (2), respective (2), owners (2), between (2), 2026 (2), improve (2), document (2), contact (2), every (2), authenticates (2), located (2), pairs (2), access (2), stored (2), properly (2), plugin (2), added (2), isn (2), plugins (2), been (2), old (2), open (2), match (2), specified (2), note (2), filename (2), save (2), editor (2), while (2), same (2), clock (2), fixed (2), different (2), initial (2), issue (2), register (2), there (2), common (2), wed (2), oct (2), 2011 (2), logging (2), enabled (2), look (2), found (2), ensure (2), 401 (2), may (2), response (2), silly_node (2), foobar (2), executeuserchoice (2), timeofrun (2), profileend (2), profilestart (2), now (2), call (2), kernel (2), fqdn (2), node_array (2), displaynodesdetail (2), false (2), displaynodesperenv (2), unknown (2), exiting (2), case (2), chomp (2), gets (2), eof (2), display (2), location (2), json (2), mixlib (2), signing_key_filename (2), clientname (2), import (2), directly (2), after (2), shell (2), curl_command (2), _chomp (2), length (2), hash (2), userid (2), dgst (2), sha1 (2), binary (2), really (2), helper (2), pwd (2), could (2), code (2), ways (2), need (2), api_endpoint (2), again (2), delete_rest (2), nodename (2), name_args (2), policyfiles (2), should (2), fails (2), exec (2), both (2), they (2), special (2), group (2), responds (2), encryption (2), environments (2), console (2), legacy (2), azure (2), remediation (2), release (2), notes (2), share (2), what (2), scaffolding (2), variables (2), pattern (2), attributehelper (2), attributedefault (2), useplatformhelpers (2), unnecessaryplatformcasestatement (2), unnecessaryoscheck (2), trueclassfalseclassresourceproperties (2), simplifyplatformmajorversioncheck (2), overlycomplexsupportsdependsmetadata (2), negatingonlyif (2), includerecipewithparentheses (2), immediatenotificationtiming (2), filemode (2), defaultcopyrightcomments (2), copyrightcommentformat (2), commentsentencespacing (2), commentformat (2), chefwhaaat (2), attributekeys (2), invalidlicensestring (2), insecurecookbookurl (2), includeresourceexamples (2), includeresourcedescriptions (2), includepropertydescriptions (2), emptymetadatafield (2), defaultmetadatamaintainer (2), sharing (2), sshprivatekey (2), unlessdefinedrequire (2), requirenethttps (2), legacypowershelloutmethods (2), gemspecrequirerubygems (2), gemspeclicense (2), usecreateifmissing (2), unnecessarynameproperty (2), unnecessarydesiredstate (2), suggestsmetadata (2), stringpropertywithnildefault (2), sensitivepropertyinresource (2), resourcewithnothingaction (2), replacesmetadata (2), recipemetadata (2), providesmetadata (2), propertywithrequiredanddefault (2), propertysplatregex (2), ohaiattributetostring (2), namepropertyisrequired (2), multipleplatformchecks (2), longdescriptionmetadata (2), groupingmetadata (2), doublecompiletime (2), customresourcewithallowedactions (2), conflictsmetadata (2), attributemetadata (2), aptrepositorynotifiesaptupdate (2), aptrepositorydistributiondefault (2), redundantcode (2), zipfileresource (2), windowszipfileusage (2), windowsscresource (2), windowsregistryuac (2), whyrunsupportedtrue (2), useszypperrepo (2), userequirerelative (2), usemultipackageinstalls (2), usecheflanguagesystemdhelper (2), usecheflanguageenvhelpers (2), usecheflanguagecloudhelpers (2), usebuildessentialresource (2), unnecessarymixlibshelloutrequire (2), unnecessarydependschef15 (2), unnecessarydependschef14 (2), sysctlparamresource (2), simplifyaptppasetup (2), shellouttochocolatey (2), shellouthelper (2), sevenziparchiveresource (2), setorreturninresources (2), respondtoresourcename (2), respondtoprovides (2), respondtoinmetadata (2), respondtocompiletime (2), resourcenamefrominitialize (2), resourceforcingcompiletime (2), providesfrominitialize (2), propertywithnameattribute (2), powershellscriptexpandarchive (2), powershellinstallwindowsfeature (2), powershellinstallpackage (2), powershellguardinterpreter (2), osxconfigprofileresource (2), opensslx509resource (2), opensslrsakeyresource (2), noderolesinclude (2), nodeinitpackage (2), minitesthandlerusage (2), macosxuserdefaults (2), libarchivefileresource (2), legacyberksfilesource (2), includingwindowsdefaultrecipe (2), includingohaidefaultrecipe (2), includingmixinshelloutinresources (2), includingaptdefaultrecipe (2), ifprovidesdefaultaction (2), foodcriticcomments (2), executetzutil (2), executesysctl (2), executesleep (2), executescexe (2), executeaptupdate (2), emptyresourceinitializemethod (2), dslincludeinresource (2), dependsonzyppercookbook (2), dependsonwindowsfirewallcookbook (2), dependsontimezonelwrpcookbook (2), dependsonopensslcookbook (2), dependsonlocalecookbook (2), dependsonkernelmodulecookbook (2), dependsonchocolateycookbooks (2), dependsonchefvaultcookbook (2), definitions (2), defineschefspecmatchers (2), defaultactionfrominitialize (2), declareactionclass (2), databaghelpers (2), customresourcewithattributes (2), cronmanageresource (2), crondfileortemplate (2), conditionalusingtest (2), classevalactionclass (2), chefgemnokogiri (2), allowedactionsfrominitialize (2), actionmethodinresource (2), modernize (2), searchforenvironmentsorroles (2), dependschefvault (2), cookbookusessearch (2), cookbookusesroles (2), cookbookusespolicygroups (2), cookbookusesenvironments (2), cookbookusesdatabags (2), chefvaultused (2), berksfile (2), windowsversionhelpers (2), windowstaskchangeaction (2), windowspackageinstallertypestring (2), windowsfeatureservermanagercmd (2), verifypropertyusesfileexpansion (2), useyamldump (2), usesruncommandhelper (2), usesdeprecatedmixins (2), useschefresthelpers (2), userdeprecatedsupportsproperty (2), useinlineresourcesdefined (2), useautomaticresourcename (2), searchusespositionalparameters (2), rubyblockcreateaction (2), ruby27keywordargumentwarnings (2), resourcewithoutunifiedtrue (2), resourceusesupdatedmethod (2), resourceusesproviderbasemethod (2), resourceusesonlyresourcename (2), resourceusesdslnamemethod (2), resourceoverridesprovidesmethod (2), resourceinheritsfromcompatresource (2), requirerecipe (2), powershellcookbookhelpers (2), policyfilecommunitysource (2), poisearchiveusage (2), partialsearchhelperusage (2), partialsearchclassusage (2), nodesetwithoutlevel (2), nodesetunless (2), nodeset (2), nodemethodsinsteadofattributes (2), nodedeepfetch (2), namepropertywithdefaultvalue (2), macosuserdefaultsglobalproperty (2), logresourcenotifications (2), localedeprecatedlcallproperty (2), librarianchefspec (2), legacyyumcookbookrecipes (2), legacynotifysyntax (2), launchddeprecatedhashproperty (2), includingyumdnfcompatrecipe (2), includingxmlrubyrecipe (2), hwrpwithoutunifiedtrue (2), hwrpwithoutprovides (2), foodcritictesting (2), foodcriticfile (2), executerelativecreateswithoutcwd (2), executepathproperty (2), erlcallresource (2), epicfail (2), eolauditmodeusage (2), easyinstallresource (2), deprecatedyumrepositoryproperties (2), deprecatedyumrepositoryactions (2), deprecatedwindowsversioncheck (2), deprecatedsudoactions (2), deprecatedshelloutmethods (2), deprecatedplatformmethods (2), deprecatedchefspecplatform (2), dependsonomnibusupdatercookbook (2), dependsonchefreportingcookbook (2), dependsonchefnginxcookbook (2), delivery (2), cookbooksdependsonself (2), cookbookdependsonpoise (2), cookbookdependsonpartialsearch (2), cookbookdependsoncompatresource (2), chocolateypackageuninstallaction (2), chefwindowsplatformhelper (2), chefsugarhelpers (2), chefspeclegacyrunner (2), chefspeccoveragereport (2), chefshellout (2), chefrewind (2), chefhandlerusessupports (2), chefhandlerrecipe (2), cheffile (2), chefdkgenerators (2), tmppath (2), supportsmustbefloat (2), serviceresource (2), scopedfileexist (2), resourcewithnoneaction (2), resourcesetsnameproperty (2), resourcesetsinternalproperties (2), propertywithouttype (2), powershellscriptdeletefile (2), powershellfileexists (2), opensslpasswordhelpers (2), octalmodeasstring (2), notifiesactionnotsymbol (2), nodenormalunless (2), nodenormal (2), metadatamissingversion (2), metadatamissingname (2), metadatamalformeddepends (2), malformedplatformvalueforplatformhelper (2), macosuserdefaultsinvalidtype (2), lazyinresourceguard (2), lazyevalnodeattributedefaults (2), invalidversionmetadata (2), invalidplatformvalueforplatformhelper (2), invalidplatformvalueforplatformfamilyhelper (2), invalidplatformmetadata (2), invalidplatformincase (2), invalidplatformhelper (2), invalidplatformfamilyincase (2), invalidplatformfamilyhelper (2), invalidnotificationtiming (2), invalidnotificationresource (2), invaliddefaultaction (2), invalidcookbookname (2), incorrectlibraryinjection (2), emptyresourceguard (2), dnfpackageallowdowngrades (2), cookbookusesnodesave (2), conditionalrubyshellout (2), chefapplicationfatal (2), blockguardwithonlystring (2), correctness (2), v25 (2), v26 (2), tuning (2), failure (2), tiered (2), installation (2), airgap (2), capacity (2), planning (2), plan (2), refresh (2), strategy (2), membership (2), rbac (2), rotate (2), ssl (2), certs (2), separate (2), scale (2), frontend (2), artifactory (2), artifact (2), warm (2), spare (2), connect (2), windows_update_settings (2), windows_power_management (2), windows_password_policy (2), windows_ie_esc (2), windows_firewall (2), windows_disk_encryption (2), windows_desktop_winrm_settings (2), windows_desktop_screensaver (2), windows_defender_exclusion (2), windows_defender (2), windows_choco_installer (2), windows_automatic_logout (2), windows_app_management (2), windows_admin_control (2), rescue_account (2), macos_power_management (2), macos_password_policy (2), macos_firewall (2), macos_disk_encryption (2), macos_desktop_screensaver (2), macos_automatic_software_updates (2), macos_automatic_logout (2), macos_app_management (2), macos_admin_control (2), windows (2), macos (2), zero (2), touch (2), redirect (2), sso (2), opsworks (2), skills (2), administration (2), guides (2), enroll (2), clis (2), non (2), san (2), best (2), practices (2), feature (2), flags (2), architecture (2), administrator (2), incident (2), servicenow (2), marketplace (2), scan (2), reports (2), eas (2), event (2), feed (2), teams (2), policies (2), actions (2), projects (2), lifecycle (2), feeds (2), notifications (2), cleanup (2), monitoring (2), centralize (2), report (2), ingestion (2), invalid (2), login (2), telemetry (2), session (2), timeout (2), disclosure (2), panel (2), collection (2), topics (2), manager (2), bastion (2), sudo (2), password (2), rds (2), vpc (2), cidr (2), load (2), balancer (2), faqs (2), performance (2), benchmarks (2), rotation (2), self (2), signed (2), view (2), bootstrapping (2), generation (2), place (2), existing (2), efs (2), back (2), filesystem (2), customer (2), airgapped (2), tutorial (2), shortcodes (2), front (2), matter (2), reuse (2), hugo (2), procedures (2), tables (2), headings (2), notices (2), markdown (2), lists (2), linking (2), formatting (2), house (2), contribute (2), docs (2), guidelines (2), contributions (2), commercial (2), versions (2), training (2), blog (2), main (2), certain, countries, appropriate, markings, contained, inclusion, imply, endorsement, affiliation, sponsorship, copyright, last, modified, january, cookie, privacy, trademark, site, map, thank, submit, fill, field, ask, still, stuck, help, yes, was, helpful, handles, communication, means, needs, prevents, accessing, shouldn, additional, functionality, many, members, several, them, maintained, endpoints, documentation, older, have, deleted, old_key_name, unwanted, reduce, risks, placing, don, expire, iso, 8601, format, creating, close, text, containing, sent, keyname, yyyy, ddthh, ssz, regenerate, displayed, standard, output, write, either, drifted, actual, than, minutes, syncing, network, protocol, ntp, happen, reasons, host, recently, changed, resolved, explicitly, executable, incorrect, deleting, running, attempt, happening, causes, occurs, likely, 0000, signing, entry, problems, determine, attempting, often, messages, command, unauthorized, failed, 0700, info, some, cases, receive, 403, another, way, objects, whenever, possible, returns, relevant, type, called, backtrace, join, message, calling, exception, rescue, taken, begin, run_list, chef_environment, platform_version, true, turl, tnode, list_by_environment, detail, slow, per, choose, stdout, level, log_level, from_file, mixin, xml_escape, chefserver, installed, previous, examples, assume, working, find, valid, manner, coderanger, api_request, calls, myapp, web1, python, library, meets, easily, saving, similar, esac, know, substr, int, rsautl, inkey, nhashed, chef_user, grep, org_name, needed, opscode, my_org, meat, potatoes, rice, vegetables, preference, newlines, elif, simply, hard, below, chosen, exists, looks, upward, cwd, until, hits, recursive, searches, usr, bin, requires, two, utilities, abstract, said, interacted, sections, describe, few, doing, interface, perform, operations, authorized, handled, automatically, something, deployments, administrators, who, responsible, managing, maintain, reached, february, longer, under, development, replacement, representative, upgrading, life, eol, warning, confirm, want, just, fatal, show_usage, implementation, mynodedelete, class, mycommands, module, put_rest, post_rest, details, description, hidden, optionally, upload, once, uploaded, applies, order, synchronized, control, git, treated, source, including, recipes, attributes, libraries, templates, everything, define, copied, manually, copy, locally, part, initially, installs, but, subsequent, locations, depending, completed, entire, assigns, future, doesn, yet, specific, leveraging, instance, changes, menu, search, skip,
Text of the page (random words):
ements install builder connect your workstation to builder configure overview example builder env config file configure disaster recovery or warm spare use artifactory as a package artifact store configure builder logs scale builder frontend separate backend services manage overview minio postgresql rotate ssl certs upgrade builder origins overview create an origin origin keys origin membership and rbac packages overview bootstrap core packages update packages troubleshooting saas builder about habitat saas builder create an account builder profile origins origin packages builder api supported packages habitat package refresh strategy core base 2025 packages chef infra client chef infra client 19 chef infra client 18 chef infra server overview infra server overview services plan chef infra server prerequisites capacity planning install install chef infra server install high availability airgap tiered installation upgrades upgrade ha cluster license usage configure chef server rb settings chef infra server optional settings chef backend rb settings server firewalls and ports security manage backup and restore backend failure recovery monitor tuning log files users authentication and authorization organizations groups server users reference chef server ctl chef backend ctl chef infra server api firewalls ports chef inspec version 7 1 version 7 0 version 6 8 version 5 24 version 5 23 resource packs chef workstation workstation v26 workstation v25 cookstyle about cookstyle cookstyle cops list cops chef correctness blockguardwithonlystring chefapplicationfatal conditionalrubyshellout cookbookusesnodesave dnfpackageallowdowngrades emptyresourceguard incorrectlibraryinjection invalidcookbookname invaliddefaultaction invalidnotificationresource invalidnotificationtiming invalidplatformfamilyhelper invalidplatformfamilyincase invalidplatformhelper invalidplatformincase invalidplatformmetadata invalidplatformvalueforplatformfamilyhelper invalidplatformvalueforplatformhelper invalidversionmetadata lazyevalnodeattributedefaults lazyinresourceguard macosuserdefaultsinvalidtype malformedplatformvalueforplatformhelper metadatamalformeddepends metadatamissingname metadatamissingversion nodenormal nodenormalunless notifiesactionnotsymbol octalmodeasstring opensslpasswordhelpers powershellfileexists powershellscriptdeletefile propertywithouttype resourcesetsinternalproperties resourcesetsnameproperty resourcewithnoneaction scopedfileexist serviceresource supportsmustbefloat tmppath chef deprecations chefdkgenerators cheffile chefhandlerrecipe chefhandlerusessupports chefrewind chefshellout chefspeccoveragereport chefspeclegacyrunner chefsugarhelpers chefwindowsplatformhelper chocolateypackageuninstallaction cookbookdependsoncompatresource cookbookdependsonpartialsearch cookbookdependsonpoise cookbooksdependsonself delivery dependsonchefnginxcookbook dependsonchefreportingcookbook dependsonomnibusupdatercookbook deprecatedchefspecplatform deprecatedplatformmethods deprecatedshelloutmethods deprecatedsudoactions deprecatedwindowsversioncheck deprecatedyumrepositoryactions deprecatedyumrepositoryproperties easyinstallresource eolauditmodeusage epicfail erlcallresource executepathproperty executerelativecreateswithoutcwd foodcriticfile foodcritictesting hwrpwithoutprovides hwrpwithoutunifiedtrue includingxmlrubyrecipe includingyumdnfcompatrecipe launchddeprecatedhashproperty legacynotifysyntax legacyyumcookbookrecipes librarianchefspec localedeprecatedlcallproperty logresourcenotifications macosuserdefaultsglobalproperty namepropertywithdefaultvalue nodedeepfetch nodemethodsinsteadofattributes nodeset nodesetunless nodesetwithoutlevel partialsearchclassusage partialsearchhelperusage poisearchiveusage policyfilecommunitysource powershellcookbookhelpers requirerecipe resourceinheritsfromcompatresource resourceoverridesprovidesmethod resourceusesdslnamemethod resourceusesonlyresourcename resourceusesproviderbasemethod resourceusesupdatedmethod resourcewithoutunifiedtrue ruby27keywordargumentwarnings rubyblockcreateaction searchusespositionalparameters useautomaticresourcename useinlineresourcesdefined userdeprecatedsupportsproperty useschefresthelpers usesdeprecatedmixins usesruncommandhelper useyamldump verifypropertyusesfileexpansion windowsfeatureservermanagercmd windowspackageinstallertypestring windowstaskchangeaction windowsversionhelpers chef effortless berksfile chefvaultused cookbookusesdatabags cookbookusesenvironments cookbookusespolicygroups cookbookusesroles cookbookusessearch dependschefvault searchforenvironmentsorroles chef modernize actionmethodinresource allowedactionsfrominitialize chefgemnokogiri classevalactionclass conditionalusingtest crondfileortemplate cronmanageresource customresourcewithattributes databaghelpers declareactionclass defaultactionfrominitialize defineschefspecmatchers definitions dependsonchefvaultcookbook dependsonchocolateycookbooks dependsonkernelmodulecookbook dependsonlocalecookbook dependsonopensslcookbook dependsontimezonelwrpcookbook dependsonwindowsfirewallcookbook dependsonzyppercookbook dslincludeinresource emptyresourceinitializemethod executeaptupdate executescexe executesleep executesysctl executetzutil foodcriticcomments ifprovidesdefaultaction includingaptdefaultrecipe includingmixinshelloutinresources includingohaidefaultrecipe includingwindowsdefaultrecipe legacyberksfilesource libarchivefileresource macosxuserdefaults minitesthandlerusage nodeinitpackage noderolesinclude opensslrsakeyresource opensslx509resource osxconfigprofileresource powershellguardinterpreter powershellinstallpackage powershellinstallwindowsfeature powershellscriptexpandarchive propertywithnameattribute providesfrominitialize resourceforcingcompiletime resourcenamefrominitialize respondtocompiletime respondtoinmetadata respondtoprovides respondtoresourcename setorreturninresources sevenziparchiveresource shellouthelper shellouttochocolatey simplifyaptppasetup sysctlparamresource unnecessarydependschef14 unnecessarydependschef15 unnecessarymixlibshelloutrequire usebuildessentialresource usecheflanguagecloudhelpers usecheflanguageenvhelpers usecheflanguagesystemdhelper usemultipackageinstalls userequirerelative useszypperrepo whyrunsupportedtrue windowsregistryuac windowsscresource windowszipfileusage zipfileresource chef redundantcode aptrepositorydistributiondefault aptrepositorynotifiesaptupdate attributemetadata conflictsmetadata customresourcewithallowedactions doublecompiletime groupingmetadata longdescriptionmetadata multipleplatformchecks namepropertyisrequired ohaiattributetostring propertysplatregex propertywithrequiredanddefault providesmetadata recipemetadata replacesmetadata resourcewithnothingaction sensitivepropertyinresource stringpropertywithnildefault suggestsmetadata unnecessarydesiredstate unnecessarynameproperty usecreateifmissing chef ruby gemspeclicense gemspecrequirerubygems legacypowershelloutmethods requirenethttps unlessdefinedrequire chef security sshprivatekey chef sharing defaultmetadatamaintainer emptymetadatafield includepropertydescriptions includeresourcedescriptions includeresourceexamples insecurecookbookurl invalidlicensestring chef style attributekeys chefwhaaat commentformat commentsentencespacing copyrightcommentformat defaultcopyrightcomments filemode immediatenotificationtiming includerecipewithparentheses negatingonlyif overlycomplexsupportsdependsmetadata simplifyplatformmajorversioncheck trueclassfalseclassresourceproperties unnecessaryoscheck unnecessaryplatformcasestatement useplatformhelpers inspec deprecations attributedefault attributehelper effortless pattern effortless overview quick start effortless audit effortless config variables and config what is scaffolding supermarket about supermarket share cookbooks private supermarket about private supermarket install configure backup and restore monitor log files upgrades reference supermarket ctl supermarket api release notes chef 360 platform chef automate chef backend chef download apis chef habitat chef infra client chef infra server chef inspec chef local license service chef manage chef migrate chef supermarket chef workstation chef compliance chef compliance audit profiles chef compliance remediation chef cloud resource packs aws cloud resources azure cloud resources legacy chef manage about the management console uninstall manage rb chef manage ctl active directory ldap configure saml clients cookbooks data bags environments nodes roles organizations groups users uninstall available on github downloads send feedback support authentication table of contents the chef infra server api handles all communication between chef infra client or chef workstation the chef infra server api is an authenticated rest api which means all requests require authentication and authorization the chef infra tools such as knife and chef server commands use the chef infra server api for you the authentication process ensures that chef infra server only responds to requests made by trusted users or clients chef infra server uses public key encryption you create the public and private keys when you configure chef infra client or setup chef workstation chef infra server stores the public key chef workstation saves the private key in chef chef infra client saves the private key in etc chef both chef infra client and chef workstation communicate with chef infra server using the chef infra server api each time that chef infra client or chef workstation makes a request to chef infra server they use a special group of http headers and sign the rest with their private key chef infra server then uses the public key to verify the headers and contents public and private keys every request made by chef infra client to the chef infra server must be an authenticated request using the chef infra server api and a private key when chef infra client makes a request to the chef infra server chef infra client authenticates each request using a private key located in etc chef client pem chef infra server key use the authentication process ensures that chef infra server only responds to requests made by trusted users or clients chef infra server uses public key encryption you create the public and private keys when you configure chef infra client or setup chef workstation chef infra server stores the public key chef workstation saves the private key in chef chef infra client saves the private key in etc chef both chef infra client and chef workstation communicate with chef infra server using the chef infra server api each time that chef infra client or chef workstation makes a request to chef infra server they use a special group of http headers and sign the rest with their private key chef infra server then uses the public key to verify the headers and contents chef infra client chef infra client authenticates with the chef infra server using rsa public key pairs each time a chef infra client needs access to data that is stored on the chef infra server this prevents any node from accessing data that it shouldn t and it ensures that only nodes that are properly registered with the chef infra server can be managed knife rsa public key pairs are used to authenticate knife with chef infra server every time knife attempts to access chef infra server this ensures that each instance of knife is properly registered with chef infra server and that only trusted users can make changes to the data knife can also use the knife exec subcommand to make specific authenticated requests to chef infra server knife plugins can also make authenticated requests to chef infra server by leveraging the knife exec subcommand chef validator the private key doesn t yet exist the first time that chef infra client runs from a new node during the first chef infra client run chef infra client uses the chef validator private key located in etc chef validation pem to register with chef infra server chef infra server assigns chef infra client a private key for all future authentication requests to the chef infra server chef infra client saves the private key on the node as etc chef client pem if the request to communicate with chef infra server with the chef validator key fails then the entire first chef infra client run fails after the first completed chef infra client run delete the chef validator private key at etc chef validation pem chef infra server key storage keys are stored in different locations depending on if the location is a node or a workstation nodes each node stores its private key locally this private key is generated as part of the bootstrap process that initially installs chef infra client on the node the first time chef infra client runs on that node it uses the chef validator to authenticate but then on each subsequent run it uses the private key generated for that client by the chef infra server workstations each workstation stores its private key in the user s chef directory this private key is generated by chef infra server and must be download from the server and copied to the chef directory manually if you require a new private key generate it with chef infra server and copy it to the chef directory again the chef repo is a directory on your workstation that stores everything you need to define your infrastructure with chef infra cookbooks including recipes attributes custom resources libraries and templates data bags policyfiles the chef repo directory should be synchronized with a version control system such as git all of the data in the chef repo should be treated like source code you ll use the chef and knife commands to upload data to the chef infra server from the chef repo directory once uploaded chef infra client uses that data to manage the nodes registered with the chef infra server and to ensure that it applies the right cookbooks policyfiles and settings to the right nodes in the right order the chef directory is a hidden directory that is used to store validation key files and optionally a config rb file chef infra server api authentication api requests a knife plugin is a set of one or more subcommands that can be added to knife to support additional functionality that isn t built in to the base set of knife subcommands many of the knife plugins are built by members of the chef community and several of them are built and maintained by chef a knife plugin can be used to make authenticated api requests to the chef infra server using the following methods method description rest delete_rest use to delete an object from the chef infra server rest get_rest use to get the details of an object on the chef infra server rest post_rest use to add an object to the chef infra server rest put_rest use to update an object on the chef infra server for example module mycommands class mynodedelete chef knife an implementation of knife node delete banner knife my node delete node_name def run if name_args length 1 show_usage ui fatal you must specify a node nam...
|
