Skip to main content

chef-automate CLI

[edit on GitHub]

Warning

Chef Automate 4.x will not be available for download before the end of September 2022. We are working on making the upgrade process a seamless experience. Until then, you can download Chef Automate 3.0.49. Please get in touch with support for more information.

Chef Automate CLI Commands

chef-automate

A helpful utility to deploy and manage Chef Automate. Docs: https://docs.chef.io/automate/cli_chef_automate/ Patents: https://www.chef.io/patents

Usage

chef-automate COMMAND [flags]

Flags

-d, --debug
Enable debug output (default: false)
-h, --help
help for chef-automate (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also

Manage applications observability features
Chef Automate backup
Chef Automate configuration
Deploy Chef Automate
Manage Chef Automate's external certificate
Gather system diagnostics and logs
Chef Automate iam commands
Info about Automate HA
Chef Automate infrastructure
Initialize default config
Initialize default config for Automate HA
Manage Chef Automate's internal certificate authority
Chef Automate license management
Put Chef Automate into or out of maintenance mode
Migrate from Chef Automate v1
Watch the status of the migration to Chef Automate 2
Perform preflight check
Provision Automate HA infra.
restart deployment services
Set secrets to Automate HA
Retrieve the versions of the individual Chef Automate services
SSH into Automate HA servers
Start Chef Automate
Retrieve Chef Automate status
Stop deployment
Tail Chef Automate logs
Run Automate HA smoke tests
Uninstall Chef Automate
upgrade automate to the latest version
Show CLI version
Set workspace env for Automate HA.

chef-automate airgap

Usage

chef-automate airgap COMMAND [flags]

Flags

-h, --help
help for airgap (default: false)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also

chef-automate airgap bundle

Usage

chef-automate airgap bundle COMMAND [flags]

Flags

-h, --help
help for bundle (default: false)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also

chef-automate airgap bundle create

Usage

chef-automate airgap bundle create [/path/to/bundle.aib] [flags]

Flags

-c, --channel
Release channel to pull packages from
-h, --help
help for create (default: false)
-m, --manifest
Path to a release manifest.json
-r, --retries
Number of times to retry failed hab package downloads (default: 2)
--retry-delay
Number of seconds to wait between retries (exponential backoff is used if not provided) (default: -1)
--version
Chef Automate version to create an airgap bundle for
-w, --workspace
Path to workspace storage location where temporary data will be stored
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also

chef-automate airgap bundle info

Usage

chef-automate airgap bundle info /path/to/bundle.aib [flags]

Flags

-h, --help
help for info (default: false)
--verbose
Output full AIB metadata (default: false)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also

chef-automate applications

Usage

chef-automate applications COMMAND [flags]

Flags

-h, --help
help for applications (default: false)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also

Chef Automate CLI
Remove services from the applications database
Show services in the applications database

chef-automate applications remove-svcs

Remove services from the applications database. You must fully decommission services by retiring physical hardware, terminating the VM or container, or by using 'hab svc unload', before using the 'remove-svcs' command. Services that are incompletely decommissioned will send a health-check at the appointed time and Automate will re-add them to the services database.

Usage

chef-automate applications remove-svcs [flags]

Flags

--all
Delete all services in the database. This flag must be given if no other filter is given. (default: false)
-a, --application
Select only services where the application name matches the given pattern
-b, --buildstamp
Select only services where the buildstamp matches the given pattern
-c, --channel
Select only services where the subscribed channel matches the given pattern
-D, --disconnected
Select only services that are disconnected (default: false)
-e, --environment
Select only services where the application environment matches the given pattern
-g, --group
Select only services where the group name (suffix) matches the given pattern
-h, --help
help for remove-svcs (default: false)
-o, --origin
Select only services where the origin matches the given pattern
-n, --service-name
Select only services where the name matches the given pattern
-s, --site
Select only services where the site matches the given pattern
-v, --version
Select only services where the package version matches the given pattern
-y, --yes
Delete the services without a confirmation prompt (default: false)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also

Manage applications observability features

chef-automate applications show-svcs

Display a list of the habitat services stored in the applications database.

Usage

chef-automate applications show-svcs [flags]

Flags

-a, --application
Select only services where the application name matches the given pattern
-b, --buildstamp
Select only services where the buildstamp matches the given pattern
-c, --channel
Select only services where the subscribed channel matches the given pattern
-D, --disconnected
Select only services that are disconnected (default: false)
-e, --environment
Select only services where the application environment matches the given pattern
-g, --group
Select only services where the group name (suffix) matches the given pattern
-h, --help
help for show-svcs (default: false)
-o, --origin
Select only services where the origin matches the given pattern
-n, --service-name
Select only services where the name matches the given pattern
-s, --site
Select only services where the site matches the given pattern
-v, --version
Select only services where the package version matches the given pattern
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also

Manage applications observability features

chef-automate backup

Usage

chef-automate backup COMMAND [flags]

Flags

--gcs-credentials-path
The path to the GCP service account json file
-h, --help
help for backup (default: false)
--no-progress
Don't follow operation progress (default: false)
-r, --request-timeout
API request timeout for deployment-service in seconds (default: 20)
--s3-access-key
The S3 access key ID
--s3-endpoint
The S3 region endpoint URL
--s3-secret-key
The S3 secret access key
--s3-session-token
The S3 session token when assuming an IAM role
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also

Chef Automate CLI
cancel the running backup operation
create a backup of Chef Automate
delete backups of Chef Automate
Ensure the hab user has the required permissions on the given path
Chef Automate shared object integrity
list all Chef Automate backups
restore a Chef Automate backup
show the Chef Automate backup details
show the Chef Automate backup runner status

chef-automate backup cancel

Cancel the currently running backup create, delete, or restore operation

Usage

chef-automate backup cancel [flags]

Flags

-h, --help
help for cancel (default: false)
-t, --wait-timeout
How long to wait for a operation to complete before raising an error (default: 60)
-d, --debug
Enable debug output (default: false)
--gcs-credentials-path
The path to the GCP service account json file
--no-check-version
Disable version check (default: false)
--no-progress
Don't follow operation progress (default: false)
-r, --request-timeout
API request timeout for deployment-service in seconds (default: 20)
--result-json
Write command result as JSON to PATH
--s3-access-key
The S3 access key ID
--s3-endpoint
The S3 region endpoint URL
--s3-secret-key
The S3 secret access key
--s3-session-token
The S3 session token when assuming an IAM role

See Also

Chef Automate backup

chef-automate backup create

Create a backup of Chef Automate

Usage

chef-automate backup create [flags]

Flags

-h, --help
help for create (default: false)
-t, --wait-timeout
How long to wait for a operation to complete before raising an error (default: 43200)
-d, --debug
Enable debug output (default: false)
--gcs-credentials-path
The path to the GCP service account json file
--no-check-version
Disable version check (default: false)
--no-progress
Don't follow operation progress (default: false)
-r, --request-timeout
API request timeout for deployment-service in seconds (default: 20)
--result-json
Write command result as JSON to PATH
--s3-access-key
The S3 access key ID
--s3-endpoint
The S3 region endpoint URL
--s3-secret-key
The S3 secret access key
--s3-session-token
The S3 session token when assuming an IAM role

See Also

Chef Automate backup

chef-automate backup delete

Delete one or many backups of Chef Automate that match the space separated strings of backup IDs

Usage

chef-automate backup delete ID [ID2 IDN...] [flags]

Flags

-h, --help
help for delete (default: false)
-t, --wait-timeout
How long to wait for a operation to complete before raising an error (default: 43200)
--yes
Agree to all prompts (default: false)
-d, --debug
Enable debug output (default: false)
--gcs-credentials-path
The path to the GCP service account json file
--no-check-version
Disable version check (default: false)
--no-progress
Don't follow operation progress (default: false)
-r, --request-timeout
API request timeout for deployment-service in seconds (default: 20)
--result-json
Write command result as JSON to PATH
--s3-access-key
The S3 access key ID
--s3-endpoint
The S3 region endpoint URL
--s3-secret-key
The S3 secret access key
--s3-session-token
The S3 session token when assuming an IAM role

See Also

Chef Automate backup

chef-automate backup fix-repo-permissions

Ensure the hab user has the required permissions on the given path

Usage

chef-automate backup fix-repo-permissions PATH [flags]

Flags

-h, --help
help for fix-repo-permissions (default: false)
-d, --debug
Enable debug output (default: false)
--gcs-credentials-path
The path to the GCP service account json file
--no-check-version
Disable version check (default: false)
--no-progress
Don't follow operation progress (default: false)
-r, --request-timeout
API request timeout for deployment-service in seconds (default: 20)
--result-json
Write command result as JSON to PATH
--s3-access-key
The S3 access key ID
--s3-endpoint
The S3 region endpoint URL
--s3-secret-key
The S3 secret access key
--s3-session-token
The S3 session token when assuming an IAM role

See Also

Chef Automate backup

chef-automate backup integrity

Usage

chef-automate backup integrity COMMAND [flags]

Flags

-h, --help
help for integrity (default: false)
-t, --wait-timeout
How long to wait for a operation to complete before raising an error (default: 60)
-d, --debug
Enable debug output (default: false)
--gcs-credentials-path
The path to the GCP service account json file
--no-check-version
Disable version check (default: false)
--no-progress
Don't follow operation progress (default: false)
-r, --request-timeout
API request timeout for deployment-service in seconds (default: 20)
--result-json
Write command result as JSON to PATH
--s3-access-key
The S3 access key ID
--s3-endpoint
The S3 region endpoint URL
--s3-secret-key
The S3 secret access key
--s3-session-token
The S3 session token when assuming an IAM role

See Also

Chef Automate backup
show the shared object integrity metadata
validate the shared object integrity

chef-automate backup integrity show

Show the shared object integrity metadata

Usage

chef-automate backup integrity show [flags]

Flags

-h, --help
help for show (default: false)
-d, --debug
Enable debug output (default: false)
--gcs-credentials-path
The path to the GCP service account json file
--no-check-version
Disable version check (default: false)
--no-progress
Don't follow operation progress (default: false)
-r, --request-timeout
API request timeout for deployment-service in seconds (default: 20)
--result-json
Write command result as JSON to PATH
--s3-access-key
The S3 access key ID
--s3-endpoint
The S3 region endpoint URL
--s3-secret-key
The S3 secret access key
--s3-session-token
The S3 session token when assuming an IAM role
-t, --wait-timeout
How long to wait for a operation to complete before raising an error (default: 60)

See Also

Chef Automate shared object integrity

chef-automate backup integrity validate

Validate the shared object integrity. If one or more snapshot IDs is not given all snapshots will be validated

Usage

chef-automate backup integrity validate [ID IDN] [flags]

Flags

-h, --help
help for validate (default: false)
-d, --debug
Enable debug output (default: false)
--gcs-credentials-path
The path to the GCP service account json file
--no-check-version
Disable version check (default: false)
--no-progress
Don't follow operation progress (default: false)
-r, --request-timeout
API request timeout for deployment-service in seconds (default: 20)
--result-json
Write command result as JSON to PATH
--s3-access-key
The S3 access key ID
--s3-endpoint
The S3 region endpoint URL
--s3-secret-key
The S3 secret access key
--s3-session-token
The S3 session token when assuming an IAM role
-t, --wait-timeout
How long to wait for a operation to complete before raising an error (default: 60)

See Also

Chef Automate shared object integrity

chef-automate backup list

List all Chef Automate backups

Usage

chef-automate backup list [flags]

Flags

-h, --help
help for list (default: false)
-t, --wait-timeout
How long to wait for a operation to complete before raising an error (default: 60)
-d, --debug
Enable debug output (default: false)
--gcs-credentials-path
The path to the GCP service account json file
--no-check-version
Disable version check (default: false)
--no-progress
Don't follow operation progress (default: false)
-r, --request-timeout
API request timeout for deployment-service in seconds (default: 20)
--result-json
Write command result as JSON to PATH
--s3-access-key
The S3 access key ID
--s3-endpoint
The S3 region endpoint URL
--s3-secret-key
The S3 secret access key
--s3-session-token
The S3 session token when assuming an IAM role

See Also

Chef Automate backup

chef-automate backup restore

Restore a Chef Automate backup. If no ID or path is given the latest found backup will be restored.

Usage

chef-automate backup restore [ID_OR_PATH] [flags]

Flags

--airgap-bundle
The artifact to use for an air-gapped installation
-b, --backup-dir
Directory used for backups (default: /var/opt/chef-automate/backups)
-h, --help
help for restore (default: false)
--patch-config
Path to patch config if required
--sha256
The SHA256 checksum of the backup
--skip-preflight
Skip preflight checks when restoring a backup (default: false)
-u, --upgrade
Upgrade to the latest package versions when restoring backups (default: false)
-t, --wait-timeout
How long to wait for a operation to complete before raising an error (default: 43200)
--yes
Agree to all prompts (default: false)
-d, --debug
Enable debug output (default: false)
--gcs-credentials-path
The path to the GCP service account json file
--no-check-version
Disable version check (default: false)
--no-progress
Don't follow operation progress (default: false)
-r, --request-timeout
API request timeout for deployment-service in seconds (default: 20)
--result-json
Write command result as JSON to PATH
--s3-access-key
The S3 access key ID
--s3-endpoint
The S3 region endpoint URL
--s3-secret-key
The S3 secret access key
--s3-session-token
The S3 session token when assuming an IAM role

See Also

Chef Automate backup

chef-automate backup show

Show the details of a Chef Automate backup

Usage

chef-automate backup show ID [flags]

Flags

-h, --help
help for show (default: false)
-t, --wait-timeout
How long to wait for a operation to complete before raising an error (default: 60)
-d, --debug
Enable debug output (default: false)
--gcs-credentials-path
The path to the GCP service account json file
--no-check-version
Disable version check (default: false)
--no-progress
Don't follow operation progress (default: false)
-r, --request-timeout
API request timeout for deployment-service in seconds (default: 20)
--result-json
Write command result as JSON to PATH
--s3-access-key
The S3 access key ID
--s3-endpoint
The S3 region endpoint URL
--s3-secret-key
The S3 secret access key
--s3-session-token
The S3 session token when assuming an IAM role

See Also

Chef Automate backup

chef-automate backup status

Show the Chef Automate backup runner status

Usage

chef-automate backup status [flags]

Flags

-h, --help
help for status (default: false)
-t, --wait-timeout
How long to wait for a operation to complete before raising an error (default: 60)
-d, --debug
Enable debug output (default: false)
--gcs-credentials-path
The path to the GCP service account json file
--no-check-version
Disable version check (default: false)
--no-progress
Don't follow operation progress (default: false)
-r, --request-timeout
API request timeout for deployment-service in seconds (default: 20)
--result-json
Write command result as JSON to PATH
--s3-access-key
The S3 access key ID
--s3-endpoint
The S3 region endpoint URL
--s3-secret-key
The S3 secret access key
--s3-session-token
The S3 session token when assuming an IAM role

See Also

Chef Automate backup

chef-automate config

Usage

chef-automate config COMMAND [flags]

Flags

-y, --auto-approve
Do not prompt for confirmation; accept defaults and continue (default: false)
-h, --help
help for config (default: false)
-t, --timeout
Request timeout in seconds (default: 10)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also

Chef Automate CLI
patch the Chef Automate configuration
set the Chef Automate configuration
show the Chef Automate configuration

chef-automate config patch

Apply a partial Chef Automate configuration to the deployment. It will take the partial configuration, merge it with the existing configuration, and apply and required changes.

Usage

chef-automate config patch path/to/config.toml [flags]

Flags

-h, --help
help for patch (default: false)
-y, --auto-approve
Do not prompt for confirmation; accept defaults and continue (default: false)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH
-t, --timeout
Request timeout in seconds (default: 10)

See Also

Chef Automate configuration

chef-automate config set

Set the Chef Automate configuration for the deployment. It will replace the Chef Automate configuration with the given configuration and apply any required changes.

Usage

chef-automate config set path/to/config.toml [flags]

Flags

-h, --help
help for set (default: false)
-y, --auto-approve
Do not prompt for confirmation; accept defaults and continue (default: false)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH
-t, --timeout
Request timeout in seconds (default: 10)

See Also

Chef Automate configuration

chef-automate config show

Show the Chef Automate configuration. When given a filepath, the output will be written to the file instead of printed to STDOUT

Usage

chef-automate config show [/path/to/write/config.toml] [flags]

Flags

-h, --help
help for show (default: false)
-o, --overwrite
Overwrite existing config.toml (default: false)
-y, --auto-approve
Do not prompt for confirmation; accept defaults and continue (default: false)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH
-t, --timeout
Request timeout in seconds (default: 10)

See Also

Chef Automate configuration

chef-automate deploy

Deploy a new Chef Automate instance using the supplied configuration. - <CONFIG_FILE> must be a valid path to a TOML formatted configuration file

Usage

chef-automate deploy [/path/to/config.toml] [flags]

Flags

--accept-terms-and-mlsa
Agree to the Chef Software Terms of Service and the Master License and Services Agreement (default: false)
--airgap-bundle
Path to an airgap install bundle
--certificate
The path to a certificate that should be used for external TLS connections (web and API).
--channel
Release channel to deploy all services from
--fqdn
The fully-qualified domain name that Chef Automate can be accessed at. (default: hostname of this machine)
-h, --help
help for deploy (default: false)
--private-key
The path to a private key corresponding to the TLS certificate.
--product
Product to deploy (default: [])
--skip-preflight
Deploy regardless of pre-flight conditions (default: false)
--upgrade-strategy
Upgrade strategy to use for this deployment. (default: at-once)
-y, --yes
Do not prompt for confirmation; accept defaults and continue (default: false)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also

Chef Automate CLI

chef-automate external-cert

Manage Chef Automate's external certificate authority. Used for establishing TLS/SSL communication with automate.

Usage

chef-automate external-cert COMMAND [flags]

Flags

-f, --file
File path to save automate TLS certifcate to.
-h, --help
help for external-cert (default: false)
-n, --hostname
Hostname for the automate TLS certificate
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also

Chef Automate CLI
Show the external TLS/SSL certificates in Automate. Optionally, save the certificates to a file in the specified path.

chef-automate external-cert show

Usage

chef-automate external-cert show [flags]

Flags

-h, --help
help for show (default: false)
-d, --debug
Enable debug output (default: false)
-f, --file
File path to save automate TLS certifcate to.
-n, --hostname
Hostname for the automate TLS certificate
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also

Manage Chef Automate's external certificate

chef-automate gather-logs

Collect system diagnostics and logs from Chef Automate and other services

Usage

chef-automate gather-logs [/path/to/log/bundle.tar.gz] [flags]

Flags

-h, --help
help for gather-logs (default: false)
-l, --local-fallback
run gather-logs in local fallback mode (default: false)
--log-lines
Number of system log lines (journald logs) to collect (0 for all logs) (default: 500000)
-o, --overwrite
Overwrite existing log archive (default: false)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also

Chef Automate CLI

chef-automate iam

Usage

chef-automate iam COMMAND [flags]

Flags

-h, --help
help for iam (default: false)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also

Chef Automate CLI
Manage and restore default admin access
Manage tokens
Retrieve IAM version in use

chef-automate iam admin-access

Usage

chef-automate iam admin-access COMMAND [flags]

Flags

-h, --help
help for admin-access (default: false)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also

Chef Automate iam commands
Restore the factory default admin user, team, and access

chef-automate iam admin-access restore

Recreate the admin user, admin team, and related admin policy as needed to restore to factory default and update the admin user's password

Usage

chef-automate iam admin-access restore PASSWORD [flags]

Flags

--dry-run
Show what would be updated by this command without performing any changes (default: false)
-h, --help
help for restore (default: false)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also

Manage and restore default admin access

chef-automate iam token

Usage

chef-automate iam token COMMAND [flags]

Flags

-h, --help
help for token (default: false)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also

Chef Automate iam commands
Generate a token

chef-automate iam token create

Usage

chef-automate iam token create NAME [flags]

Flags

--admin
Generate a token and add it to the chef-managed admin policy (default: false)
-h, --help
help for create (default: false)
--id
Specify a custom ID (if omitted, an ID will be generated based on NAME)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also

Manage tokens

chef-automate iam version

Usage

chef-automate iam version [flags]

Flags

-h, --help
help for version (default: false)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also

Chef Automate iam commands

chef-automate info

Info for Automate HA cluster

Usage

chef-automate info [flags]

Flags

-h, --help
help for info (default: false)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also

Chef Automate CLI

chef-automate infrastructure

Commands for automation infrastructure management, for data related to chef-client runs and chef-server actions.

Usage

chef-automate infrastructure COMMAND [flags]

Flags

-h, --help
help for infrastructure (default: false)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also

Chef Automate CLI
Delete node by node uuid

chef-automate infrastructure node-delete

Usage

chef-automate infrastructure node-delete [uuid] [flags]

Flags

-h, --help
help for node-delete (default: false)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also

Chef Automate infrastructure

chef-automate init-config

Initialize default configuration and save it to a file.

Usage

chef-automate init-config [flags]

Flags

--certificate
The path to a certificate that should be used for external TLS connections (web and API).
--channel
Release channel to deploy all services from (default: current)
--es-mem
The amount of system memory to allocate to Elasticsearch's heap. (default: 25% of system memory)
--file
File path to write the config (default: config.toml)
--fqdn
The fully-qualified domain name that Chef Automate can be accessed at. (default: hostname of this machine)
-h, --help
help for init-config (default: false)
--os-mem
The amount of system memory to allocate to Opensearch's heap. (default: 25% of system memory)
--private-key
The path to a private key corresponding to the TLS certificate.
--upgrade-strategy
Upgrade strategy to use for this deployment. (default: at-once)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also

Chef Automate CLI

chef-automate init-config-ha

Initialized default configuration for HA and save it to a file.

Usage

chef-automate init-config-ha [flags]

Flags

--file
File path to write the config (default: config.toml)
-h, --help
help for init-config-ha (default: false)
--path
a2ha hab workspace dir path (default: /hab/a2_deploy_workspace/)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also

Chef Automate CLI

chef-automate internal-ca

Manage Chef Automate's internal certificate authority. Used for inter-service encryption and authentication.

Usage

chef-automate internal-ca COMMAND [flags]

Flags

-h, --help
help for internal-ca (default: false)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also

Chef Automate CLI
Print information the root certificate for the internal certificate authority
Commands to regenerate certificates issued by the internal certificate authority

chef-automate internal-ca info

Usage

chef-automate internal-ca info [flags]

Flags

-h, --help
help for info (default: false)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also

Manage Chef Automate's internal certificate authority

chef-automate internal-ca regenerate

Usage

chef-automate internal-ca regenerate [flags]

Flags

-h, --help
help for regenerate (default: false)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also

Manage Chef Automate's internal certificate authority
Regenerate the root certificate for the internal certificate authority

chef-automate internal-ca regenerate root

Usage

chef-automate internal-ca regenerate root [flags]

Flags

-h, --help
help for root (default: false)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also

Commands to regenerate certificates issued by the internal certificate authority

chef-automate license

Usage

chef-automate license COMMAND [flags]

Flags

-h, --help
help for license (default: false)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also

Chef Automate CLI
Apply Chef Automate license
Generates the unique count of reported Compliance scans on hourly basis between the time duration
Generates daily Infra Client Run reports for a span of time duration
Generates daily Infra Client Run reports for a span of time duration
Retrieve Chef Automate license status
Generates the unique count of reported Infra Client nodes on hourly basis between the time duration

chef-automate license apply

Apply Chef Automate license token. - <LICENSE> must be valid encoded license string

Usage

chef-automate license apply LICENSE [flags]

Flags

-f, --force
Force set license (default: false)
-h, --help
help for apply (default: false)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also

Chef Automate license management

chef-automate license complianceResourceRunCount

Usage

chef-automate license complianceResourceRunCount [flags]

Flags

-e, --end_time
end time of the report in yyyy-mm-dd format
-n, --es_hostname
hostname of the ES host (default: localhost)
-p, --es_port
port of the ES host (default: 10144)
-h, --help
help for complianceResourceRunCount (default: false)
-s, --start_time
start time of the report in yyyy-mm-dd format
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also

Chef Automate license management

chef-automate license complianceResourceRunReport

Usage

chef-automate license complianceResourceRunReport [flags]

Flags

-e, --end_time
end time of the report in yyyy-mm-dd format
-n, --es_hostname
hostname of the ES host (default: localhost)
-p, --es_port
port of the ES host (default: 10144)
-h, --help
help for complianceResourceRunReport (default: false)
-s, --start_time
start time of the report in yyyy-mm-dd format
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also

Chef Automate license management

chef-automate license nodeRunReport

Usage

chef-automate license nodeRunReport [flags]

Flags

-e, --end_time
end time of the report in yyyy-mm-dd format
-n, --es_hostname
hostname of the ES host (default: localhost)
-p, --es_port
port of the ES host (default: 10144)
-h, --help
help for nodeRunReport (default: false)
-s, --start_time
start time of the report in yyyy-mm-dd format
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also

Chef Automate license management

chef-automate license status

Usage

chef-automate license status [flags]

Flags

-h, --help
help for status (default: false)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also

Chef Automate license management

chef-automate license uniqNodeRunReport

Usage

chef-automate license uniqNodeRunReport [flags]

Flags

-e, --end_time
end time of the report in yyyy-mm-dd format
-n, --es_hostname
hostname of the ES host (default: localhost)
-p, --es_port
port of the ES host (default: 10144)
-h, --help
help for uniqNodeRunReport (default: false)
-s, --start_time
start time of the report in yyyy-mm-dd format
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also

Chef Automate license management

chef-automate maintenance

Chef Automate maintenance mode keeps all services running but rejects new connections at the load balancer so that maintenance operations can be performed.

Usage

chef-automate maintenance [on|off] [flags]

Flags

-h, --help
help for maintenance (default: false)
-t, --timeout
Request timeout in seconds (default: 10)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also

Chef Automate CLI

chef-automate migrate-from-v1

Migrate an existing Chef Automate v1 deployment to Chef Automate v2. - <CONFIG_FILE> must be a valid path to a TOML formatted configuration file

Usage

chef-automate migrate-from-v1 [/path/to/automate-deploy.toml] [flags]

Flags

--airgap-bundle
Path to an airgap install bundle
--channel
Optional channel to use when installing packages from the depot
--chef-server-running
Path to chef-server-running.json (default: /etc/opscode/chef-server-running.json)
-c, --config
Path to an automate-deploy.toml
-r, --delivery-running
Path to delivery-running.json (default: /etc/delivery/delivery-running.json)
-s, --delivery-secrets
Path to delivery-secrets.json (default: /etc/delivery/delivery-secrets.json)
--enable-chef-server
Enable integrated Chef Server migration and deployment; only valid for all-in-one topology (default: false)
--file-move-timeout
Optional timeout for moving elasticsearch, compliance, and notifications files during Chef Automate v1 migration (0 to disable timeout) (default: 0)
-h, --help
help for migrate-from-v1 (default: false)
--postgres-dump-wait-seconds
Optional timeout for Chef Automate v1 PostgreSQL dump (0 to disable timeout) (default: 0)
--postgres-restore-wait-seconds
Optional timeout for Chef Automate v1 PostgreSQL restore (0 to disable timeout) (default: 0)
--skip-backup
Optionally skip backup of your Chef Automate v1 installation (default = false) (default: false)
--skip-backup-check
Optionally do not check if your Chef Automate v1 installation has backups configured (default = false) (default: false)
--skip-disaster-recovery-check
Optionally do not check if your Chef Automate v1 installation has disaster recovery configured (default = false) (default: false)
--skip-external-es-check
Optionally do not check if your Chef Automate v1 installation has external Elasticsearch configured (default = false) (default: false)
--skip-fips-check
Optionally do not check if your Chef Automate v1 installation has FIPS configured (default = false) (default: false)
--skip-preflight
Deploy regardless of pre-flight conditions (default: false)
--skip-saml-check
Optionally do not check if your Chef Automate v1 installation has SAML configured (default = false) (default: false)
--skip-workflow-check
Optionally do not check if your Chef Automate v1 installation has workflow configured (default = false) (default: false)
--upgrade-strategy
Optional upgrade strategy to use when configuring the deployment service
-y, --yes
Do not prompt for confirmation; accept defaults and continue (default: false)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also

Chef Automate CLI
Generate a config file

chef-automate migrate-from-v1-status

Usage

chef-automate migrate-from-v1-status [flags]

Flags

-h, --help
help for migrate-from-v1-status (default: false)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also

Chef Automate CLI

chef-automate migrate-from-v1 gen-config

Generate a Chef Automate v2 configuration file from Chef Automate v1

Usage

chef-automate migrate-from-v1 gen-config [flags]

Flags

-h, --help
help for gen-config (default: false)
-o, --out
Output file (default: ./automate-migrate.toml)
--airgap-bundle
Path to an airgap install bundle
--channel
Optional channel to use when installing packages from the depot
--chef-server-running
Path to chef-server-running.json (default: /etc/opscode/chef-server-running.json)
-c, --config
Path to an automate-deploy.toml
-d, --debug
Enable debug output (default: false)
-r, --delivery-running
Path to delivery-running.json (default: /etc/delivery/delivery-running.json)
-s, --delivery-secrets
Path to delivery-secrets.json (default: /etc/delivery/delivery-secrets.json)
--enable-chef-server
Enable integrated Chef Server migration and deployment; only valid for all-in-one topology (default: false)
--file-move-timeout
Optional timeout for moving elasticsearch, compliance, and notifications files during Chef Automate v1 migration (0 to disable timeout) (default: 0)
--no-check-version
Disable version check (default: false)
--postgres-dump-wait-seconds
Optional timeout for Chef Automate v1 PostgreSQL dump (0 to disable timeout) (default: 0)
--postgres-restore-wait-seconds
Optional timeout for Chef Automate v1 PostgreSQL restore (0 to disable timeout) (default: 0)
--result-json
Write command result as JSON to PATH
--skip-backup
Optionally skip backup of your Chef Automate v1 installation (default = false) (default: false)
--skip-backup-check
Optionally do not check if your Chef Automate v1 installation has backups configured (default = false) (default: false)
--skip-disaster-recovery-check
Optionally do not check if your Chef Automate v1 installation has disaster recovery configured (default = false) (default: false)
--skip-external-es-check
Optionally do not check if your Chef Automate v1 installation has external Elasticsearch configured (default = false) (default: false)
--skip-fips-check
Optionally do not check if your Chef Automate v1 installation has FIPS configured (default = false) (default: false)
--skip-preflight
Deploy regardless of pre-flight conditions (default: false)
--skip-saml-check
Optionally do not check if your Chef Automate v1 installation has SAML configured (default = false) (default: false)
--skip-workflow-check
Optionally do not check if your Chef Automate v1 installation has workflow configured (default = false) (default: false)
--upgrade-strategy
Optional upgrade strategy to use when configuring the deployment service
-y, --yes
Do not prompt for confirmation; accept defaults and continue (default: false)

See Also

Migrate from Chef Automate v1

chef-automate preflight-check

Perform preflight check to verify host meets installation criteria.

Usage

chef-automate preflight-check [flags]

Flags

--airgap
Pass this flag when the environment is airgapped (default: false)
--config
Optional config file to use
-h, --help
help for preflight-check (default: false)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also

Chef Automate CLI
Run preflight checks specific to migrating from Chef Automate v1

chef-automate preflight-check migrate-from-v1

Usage

chef-automate preflight-check migrate-from-v1 [flags]

Flags

-r, --delivery-running
Path to delivery-running.json (default: /etc/delivery/delivery-running.json)
-s, --delivery-secrets
Path to delivery-secrets.json (default: /etc/delivery/delivery-secrets.json)
-h, --help
help for migrate-from-v1 (default: false)
--skip-backup-check
Optionally do not check if your Chef Automate v1 installation has backups configured (default = false) (default: false)
--skip-disaster-recovery-check
Optionally do not check if your Chef Automate v1 installation has disaster recovery configured (default = false) (default: false)
--skip-external-es-check
Optionally do not check if your Chef Automate v1 installation has external Elasticsearch configured (default = false) (default: false)
--skip-fips-check
Optionally do not check if your Chef Automate v1 installation has FIPS configured (default = false) (default: false)
--skip-saml-check
Optionally do not check if your Chef Automate v1 installation has SAML configured (default = false) (default: false)
--skip-workflow-check
Optionally do not check if your Chef Automate v1 installation has workflow configured (default = false) (default: false)
--airgap
Pass this flag when the environment is airgapped (default: false)
--config
Optional config file to use
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also

Perform preflight check

chef-automate provision-infra

Provision infra for Automate HA deployment.

Usage

chef-automate provision-infra [flags]

Flags

--airgap-bundle
Path to an airgap install bundle
--channel
Release channel to deploy all services from
-h, --help
help for provision-infra (default: false)
--saas
Flag for saas setup (default: false)
-y, --yes
Do not prompt for confirmation; accept defaults and continue (default: false)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also

Chef Automate CLI

chef-automate restart-services

Restart services for a deployment

Usage

chef-automate restart-services [flags]

Flags

-h, --help
help for restart-services (default: false)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also

Chef Automate CLI

chef-automate secrets

Set secrets for Automate sudo password and admin password in HA mode.

Usage

chef-automate secrets [flags]

Flags

-h, --help
help for secrets (default: false)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also

Chef Automate CLI

chef-automate service-versions

Retrieve the versions of the individual Chef Automate services

Usage

chef-automate service-versions [flags]

Flags

-h, --help
help for service-versions (default: false)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also

Chef Automate CLI

chef-automate ssh

SSH into Automate HA servers

Usage

chef-automate ssh [flags]

Flags

-h, --help
help for ssh (default: false)
--hostname
Automate ha server name to ssh
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also

Chef Automate CLI

chef-automate start

Usage

chef-automate start [flags]

Flags

-h, --help
help for start (default: false)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also

Chef Automate CLI

chef-automate status

Retrieve Chef Automate status. Includes status of Automate services.

Usage

chef-automate status [flags]

Flags

-h, --help
help for status (default: false)
-w, --wait-for-healthy
Wait until the status response is healthy or the timeout is reached (default: false)
-r, --wait-refresh-interval
How many seconds to wait between polling for status updates (default: 2)
-t, --wait-timeout
How many seconds to wait for the status to be healthy before returning an error (default: 600)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also

Chef Automate CLI

chef-automate stop

Stop a running deployment of Automate.

Usage

chef-automate stop [flags]

Flags

-h, --help
help for stop (default: false)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also

Chef Automate CLI

chef-automate system-logs

Start streaming logs from the Chef Automate server. Ctrl + c to stop.

Usage

chef-automate system-logs [flags]

Flags

-h, --help
help for system-logs (default: false)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also

Chef Automate CLI

chef-automate test

Run smoke test for Automate HA services.

Usage

chef-automate test [flags]

Flags

--full
Automate ha cluster test full (default: false)
-h, --help
help for test (default: false)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also

Chef Automate CLI

chef-automate uninstall

Uninstall Chef Automate, deleting all data and configuration

Usage

chef-automate uninstall [flags]

Flags

-h, --help
help for uninstall (default: false)
--preserve-package-cache
Preserve Habitat package cache (useful for faster reinstall) (default: false)
--yes
Uninstall Chef Automate and destroy data without confirmation prompt (default: false)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also

Chef Automate CLI

chef-automate upgrade

Usage

chef-automate upgrade COMMAND [flags]

Flags

-h, --help
help for upgrade (default: false)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also

Chef Automate CLI
Run an upgrade of Chef Automate
Get upgrade status of Chef Automate

chef-automate upgrade run

Run an upgrade of Chef Automate

Usage

chef-automate upgrade run [flags]

Flags

--airgap-bundle
Path to an airgap install bundle
-y, --auto-approve
Do not prompt for confirmation; accept defaults and continue (default: false)
-h, --help
help for run (default: false)
--major
This flag is only needed for major version upgrades (default: false)
--saas
Flag for saas setup (default: false)
--skip-deploy
will only upgrade and not deploy the bundle (default: false)
--upgrade-airgap-bundles
Update Chef Automate both frontend and backend version to install (default: false)
--upgrade-backends
Update Chef Automate backends version to install (default: false)
--upgrade-frontends
upgrade Chef Automate HA frontends version to install (default: false)
--version
The exact Chef Automate version to install
-w, --workspace-upgrade
Do not prompt for confirmation to accept workspace upgrade
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also

upgrade automate to the latest version

chef-automate upgrade status

Get upgrade status of Chef Automate

Usage

chef-automate upgrade status [flags]

Flags

-h, --help
help for status (default: false)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also

upgrade automate to the latest version

chef-automate version

Show the CLI version.

Usage

chef-automate version [flags]

Flags

--connection-timeout
Most time to wait to connect to service (default: 0s)
--endpoint
The endpoint the service is listening on
-h, --help
help for version (default: false)
-v, --verbose
Show additional version information (default: false)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also

Chef Automate CLI

chef-automate workspace

Set up Automate HA cluster workspace.

Usage

chef-automate workspace [flags]

Flags

-h, --help
help for workspace (default: false)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also

Chef Automate CLI

Error Codes

If chef-automate encounters an error during execution, it exits with a non-zero error code. Here’s what our error codes mean:

Chef Automate CLI Status Error Codes
Exit CodeNameDescription
68HabUserAccessErrorUnable to access file or directory with the hab user
69SnapshotChecksumMismatchErrorA file in the snapshot did not have the expected checksum
70DatabaseErrorAn issue occurred with the database
71CommandExecutionErrorAn issue occurred when running an executable command
72TraceErrorAn issue occurred when attempting to trace the request
73ProfileErrorAn issue occurred when attempting to profile the request
74HabCommandErrorAn issue occurred when running a hab command
75HabAPIErrorAn issue occurred when attempting to query the Habitat API
76GatherLogsErrorUnable to complete log gathering
77PackageInstallErrorUnable to install the habitat package
78TimedOutErrorTimed out waiting for the operation to complete
79BackupRestoreErrorUnable to restore backup
80ServiceUnloadErrorUnable to unload the habitat service
81ServiceStartErrorUnable to start the habitat service
82AirgapUnpackInstallBundleErrorAn issue occurred when attempting to unpack the airgap install bundle
83AirgapCreateInstallBundleErrorAn issue occurred when attempting to create the airgap install bundle
84DownloadErrorAn issue occurred when attempting to perform a file download
85UninstallErrorAn issue occurred when attempting to uninstall Chef Automate
86BackupErrorAn issue occurred when creating or restoring a backup
87UpgradeErrorAn issue occurred during the upgrade
88MarshalErrorUnable to convert or deconvert a textual representation of an internal object
89LicenseErrorThe license is invalid, expired or incomplete
90FileAccessErrorUnable to access the file or directory
91DiagnosticsErrorOne or more diagnostics checks failed
92MustBeRootErrorThe command must be run as the root user
93ConfigErrorThe configuration is invalid
94DeployErrorUnable to install, configure and start the service
95PreflightErrorOne or more preflight checks failed
96InvalidCommandArgsErrorThe arguments provided are invalid
97UnhealthyStatusErrorSystem status is unhealthy
98DeploymentServiceCallErrorA request to the deployment-service failed
99DeploymentServiceUnreachableErrorUnable to make a request to the deployment-service
100APIErrorAn API error occurred during execution
112UpdateExecErrorAn issue occurred when trying to run an auto-updated CLI executable
113UnknownErrorAn unknown issue occurred during execution
114APIUnreachableErrorCould not connect to Automate API
115UnknownErrorFailed to upgrade IAM to v2
116UnknownErrorFailed to reset IAM state to v1

Was this page helpful?

×









Search Results