Effortless Variables and Config
Plan Variables and Chef Habitat Configurations
This documents the options for both your plan and your habitat
configuration file.
Effortless Config
Effortless Config Plan Variables
You can use all the default plan variables shipped with Chef Habitat. Read more about plan variables in the Chef Habitat documentation.
- scaffold_chef_client
- The Chef Habitat
chef-infra-client
package used. Change to use a different package. Default ischef/chef-infra-client
- scaffold_cacerts
- The Chef Habitat
cacerts
package used during the Chef Infra Client run. Change to use a different package.Default ischef/cacerts
- scaffold_policyfile_path
- Path to the policyfile. Default is
$PLAN_CONTEXT/../policyfiles
- scaffold_data_bags_path
- Path to the
data_bags
directory that contains thedata_bags
, if needed by your cookbook. Default is$PLAN_CONTEXT/../data_bags
Effortless Config Chef Habitat Settings
- interval
- Frequency of how often in seconds that the Chef Infra Client runs. Default is
1800
- splay
- A randomly generated sleep time value in seconds added to the interval and helps determine when the chef-client runs again. Default is
1800
- splay_first_run
- Splay value in seconds for the first run of the Chef Infra Client. Default is
0
- run_lock_timeout
- Amount of time in seconds for the run lock timeout for the Chef Infra Client run. Default is
1800
- log_level
- Log level for the
chef-client
. Default iswarn
- env_path_prefix
- String that will be the Environment Path variable for the chef-client run. Linux Default is
/sbin:/usr/sbin:/usr/local/sbin:/usr/local/bin:/usr/bin:/bin
. Windows Default is;C:/WINDOWS;C:/WINDOWS/system32/;C:/WINDOWS/system32/WindowsPowerShell/v1.0;C:/ProgramData/chocolatey/bin
- ssl_verify_mode
- SSL Verification mode for the Chef Infra Client. Default is
:verify_peer
- verify_api_cert
- Boolean option to determine if the API certification should be verified. Default is
false
- rubygems_url
- The location to source rubygems. Default value:
https://www.rubygems.org
Effortless Config Chef License
This configuration needs to be under the [chef_license]
block in the .toml file.
- acceptance
- Determines the Chef license acceptance at run time. Required for Chef Infra Client. See Chef License here. Default is
undefined
Effortless Config Chef Automate
These configurations need to be under the [automate]
block in the .toml file.
- enable
- Enables or disables reporting to Chef Automate. Boolean. Default is
false
- server_url
- Chef Automate server URL. Example:
https://automate.example.com/data-collector/v0/
. Default ishttps://<automate_url>
- token
- Chef Automate API token. Example:
GR4_yqRNUtWFVgnVh57GQL9Hh9I=
. Default is<automate_token>
Effortless Audit
Effortless Audit Plan Variables
- scaffold_inspec_client
- The Chef Habitat
inspec
package. Change to use a different package. Default ischef/inspec
This variable is required if the profile had adepends
line for compliance in theinspec.yml
example as shown below - scaffold_cacerts
- The Chef Habitat
cacerts
package during the Chef Infra Client run. Change to use a different package. Default ischef/cacerts
. This variable is required if the profile had adepends
line for compliance in theinspec.yml
example as shown below
inspec.yml
depends:
- name: cis-rhel7-level1-server
compliance: admin/cis-rhel7-level1-server
- scaffold_automate_server_url
- Points to the Chef Automate server needed to fetch profile dependencies from the Chef Automate Asset Store. Example:
https://automate.example.com
. Required if the profile uses a line for compliance in theinspec.yml
- scaffold_automate_user
- Chef Automate user for the installed profile
- scaffold_automate_token
- Chef Automate API token
Effortless Audit Chef Habitat Variables
- interval
- How often in seconds that
inspec
runs. Default is1800
- splay
- A randomly generated sleep time value in seconds added to the interval and helps determine when the chef-client runs again. Default is
1800
- splay_first_run
- Splay value in seconds for the first run of the
inspec
client. Default is0
- log_level
- Log level for the
inspec
client. Default iswarn
Effortless Audit Chef License
This configuration needs to be under the [chef_license]
block in the .toml file.
- acceptance
- Determines the Chef license acceptance at run time. This setting is required for chef-client to run successfully. See Chef License here. Default is
undefined
Effortless Audit Chef Automate
These configurations need to be under the [automate]
block in your toml file.
- enable
- Enables or disables reporting to Chef Automate. Boolean. Default is
false
- server_url
- The Chef Automate server URL. Example:
https://automate.example.com/data-collector/v0/
. Default ishttps://<automate_url>
- token
- Chef Automate API token. Example:
GR4_yqRNUtWFVgnVh57GQL9Hh9I=
. Default is<automate_token>
- environment
- (Optional) Environment tag for the Chef InSpec report. Use this tag to help with filtering in Chef Automate.