Automate HA Commands
Warning
Chef Automate 4.10.1 released on 6th September 2023 includes improvements to the deployment and installation experience of Automate HA. Please read the blog to learn more about key improvements. Refer to the pre-requisites page (On-Premises, AWS) and plan your usage with your customer success manager or account manager.s
This page includes commands that can be executed for the Chef Automate cluster part of the Chef Automate High Availability (HA) system. These commands aid you in assessing the health and status of the components part of the HA cluster. It is highly recommended to run these commands on a test cluster before using them in a production environment.
Automate HA Service Commands
- Get the Automate HA cluster Information
chef-automate info
- Post Deployment, run the smoke test cases on Automate HA cluster and run the command from the bastion node.
chef-automate test --full
- Validate the cluster but skip “chef-automate diagnostic run” when performing the smoke tests
chef-automate test
- Run the smoke test on specific cluster
chef-automate test automate
chef-automate test chef_server
chef-automate test opensearch
chef-automate test postgresql
- To get the status of the cluster, run the command from the bastion node.
chef-automate status
- To check the service status on Automate nodes.
chef-automate status --automate
chef-automate status --a2
- To check the service status on Chef Infra Server nodes.
chef-automate status --chef_server
chef-automate status --cs
- To check the service status on Postgres nodes.
chef-automate status --postgresql
chef-automate status -pg
- To check the service status on Opensearch nodes.
chef-automate status --opensearch
chef-automate status --os
- Patch a config to the Front end nodes (Automate)
- create a config file
automate.toml
- create a config file
chef-automate config patch automate.toml --automate
sorthands for –automate is –a2 and -a
- Patch a config to the Front end nodes (Chef Server)
- create a config file
chefserver.toml
- create a config file
chef-automate config patch chefserver.toml --chef_server
sorthands for –chef_server is –cs and -c
- Patch a config to the all Front end nodes (Chef Server + Automate)
- Create a config file
frontend.toml
- Create a config file
chef-automate config patch frontend.toml --frontend
sorthands for –chef_server is –fe and -f
- Patch a config to the Back end nodes (Open Search)
- Create a config file
opensearch.toml
- Create a config file
chef-automate config patch opensearch.toml --opensearch
sorthands for –opensearch is –os and -o
- Patch a config to the Back end nodes (Postgresql)
- Create a config file
postgresql.toml
- Create a config file
chef-automate config patch postgresql.toml --postgresql
sorthands for –postgresql is –pg and -p
Note
- Frontend patch will be applied to all nodes where are Postgresql and OpenSearch changes will be applied to only one node.
- After patching, some services will go restart. So the health status will take up to 2 minutes to show healthy.
Warning
- For certificate rotation, don’t use config patch. Instead, the cert-rotate command can be used. To learn more about certificate rotation, see Certificate Rotation.
- While patching the same from the provision host, structures such as TLS from OpenSearch configuration toml file and SSL from PostgreQL configuration toml file will be ignored.
- Collect the Gatherlogs for Automate HA cluster, and run the command from the bastion node.
- Logs are collected at
/var/tmp
- Logs are collected at
chef-automate gather-logs
- View the active Habitat gossiped toml config for any locally loaded service:
- SSH to the backend opensearch nodes
chef-automate ssh --hostname os
- SSH to the backend opensearch nodes
source /hab/sup/default/SystemdEnvironmentFile.sh
automate-backend-ctl show --svc=automate-ha-opensearch
- SSH to the backend postgres nodes
chef-automate ssh --hostname pg
source /hab/sup/default/SystemdEnvironmentFile.sh
automate-backend-ctl show --svc=automate-ha-postgresql
- To Rotate the password for Postgres cluster, run the command from the bastion node
cd /hab/a2_deploy_workspace/
./scripts/credentials set postgresql --no-auto
- To Rotate the password for Opensearch cluster, run the command from the bastion node
cd /hab/a2_deploy_workspace/
./scripts/credentials set opensearch --no-auto