Skip to content

Commit

Permalink
Remove hosted chef
Browse files Browse the repository at this point in the history
Signed-off-by: Ian Maddaus <[email protected]>
  • Loading branch information
IanMadd committed Dec 9, 2024
1 parent 31e4b3e commit 3f88b77
Show file tree
Hide file tree
Showing 4 changed files with 30 additions and 38 deletions.
5 changes: 2 additions & 3 deletions docs-chef-io/content/server/api_chef_server.md
Original file line number Diff line number Diff line change
Expand Up @@ -862,10 +862,9 @@ The response will return something like the following:

### /users

A user is an individual account that is created to allow access to the Chef Infra Server. For example:
A user is an individual account that has access to Chef Infra Server. For example:

- A hosted Chef Infra Server account
- The user that operates the workstation from which a Chef Infra Server will be managed
- The user that operates the workstation that Chef Infra Server is managed from.

The `/users` endpoint has the following methods: `GET` and `POST`.

Expand Down
53 changes: 25 additions & 28 deletions docs-chef-io/content/server/auth.md
Original file line number Diff line number Diff line change
Expand Up @@ -30,14 +30,14 @@ gh_repo = "chef-server"

#### Knife

RSA public key-pairs are used to authenticate knife with the Chef Infra
Server every time knife attempts to access the Chef Infra Server. This
ensures that each instance of knife is properly registered with the Chef
RSA public key-pairs are used to authenticate knife with Chef Infra
Server every time knife attempts to access Chef Infra Server. This
ensures that each instance of knife is properly registered with Chef
Infra Server and that only trusted users can make changes to the data.

Knife can also use the `knife exec` subcommand to make specific,
authenticated requests to the Chef Infra Server. knife plugins can also
make authenticated requests to the Chef Infra Server by leveraging the
authenticated requests to Chef Infra Server. knife plugins can also
make authenticated requests to Chef Infra Server by leveraging the
`knife exec` subcommand.

#### chef-validator
Expand All @@ -61,9 +61,9 @@ Server.
#### Workstations

Each workstation stores its private key in the user's `~/.chef` directory.
This private key is generated by the Chef Infra Server and must be download
This private key is generated by Chef Infra Server and must be download
from the server and copied to the `~/.chef` directory manually. If you
require a new private key, generate it with the Chef Infra Server and
require a new private key, generate it with Chef Infra Server and
copy it to the `~/.chef` directory again.

{{< readfile file="content/reusable/md/chef_repo_description.md" >}}
Expand All @@ -79,20 +79,17 @@ validation key files and optionally a [config.rb]({{< relref "workstation/config

{{< readfile file="content/server/reusable/md/plugin_knife_using_authenticated_requests.md" >}}

#### From the Web Interface
#### From Chef Manage

The Chef Infra Server user interface uses the Chef Infra Server API to
perform most operations. This ensures that authentication requests to
the Chef Infra Server are authorized. This authentication process is
handled automatically and is not something that users of the hosted Chef
Infra Server will need to manage. For the on-premises Chef Infra Server,
the authentication keys used by the web interface will need to be
maintained by the individual administrators who are responsible for
managing the server.
Chef Manage, which runs Chef Infra Server's user interface, uses Chef Infra Server API to perform most operations.
This ensures that authentication requests to Chef Infra Server are authorized.
This authentication process is handled automatically and is not something that users need to manage.
For on-premises Chef Infra Server deployments,
the administrators who are responsible for managing the server must maintain the authentication keys used by Chef Manage.

#### Other Options
#### Other options

The most common ways to interact with the Chef Infra Server using the
The most common ways to interact with Chef Infra Server using the
Chef Infra Server API abstract the API from the user. That said, the
Chef Infra Server API can be interacted with directly. The following
sections describe a few of the ways that are available for doing that.
Expand All @@ -101,7 +98,7 @@ sections describe a few of the ways that are available for doing that.

An API request can be made using cURL, which is a Bash shell script that
requires two utilities: awk and openssl. The following example shows how
an authenticated request can be made using the Chef Infra Server API and
an authenticated request can be made using Chef Infra Server API and
cURL:

```bash
Expand Down Expand Up @@ -195,8 +192,8 @@ bash chef_api_request GET "/clients"

An API request can be made using PyChef, which is a Python library that
meets the `Mixlib::Authentication` requirements so that it can easily
interact with the Chef Infra Server. The following example shows how an
authenticated request can be made using the Chef Infra Server API and
interact with Chef Infra Server. The following example shows how an
authenticated request can be made using Chef Infra Server API and
PyChef:

```python
Expand Down Expand Up @@ -226,7 +223,7 @@ Chef Infra Client or knife. For more about PyChef, see:
**Ruby**

On a system with Chef Infra Client installed, use Ruby to make an
authenticated request to the Chef Infra Server:
authenticated request to Chef Infra Server:

```ruby
require 'chef/config'
Expand Down Expand Up @@ -327,9 +324,9 @@ Usage()
ExecuteUserChoice()
```

Another way Ruby can be used with the Chef Infra Server API is to get
objects from the Chef Infra Server, and then interact with the returned
data using Ruby methods. Whenever possible, the Chef Infra Server API
Another way Ruby can be used with Chef Infra Server API is to get
objects from Chef Infra Server, and then interact with the returned
data using Ruby methods. Whenever possible, Chef Infra Server API
will return an object of the relevant type. The returned object is then
available to be called by other methods. For example, the `api.get`
method can be used to return a node named `foobar`, and then `.destroy`
Expand Down Expand Up @@ -392,7 +389,7 @@ You can update a user's key pair on Chef Infra Server with knife using either th

### knife user reregister

Use [`knife user reregister`]({{< relref "/workstation/knife_user#reregister" >}}) to regenerate an RSA key pair for a user. Knife will store the public key on the Chef Infra Server and the private key will be displayed in the standard output, or use the `--file` option to write to a named file.
Use [`knife user reregister`]({{< relref "/workstation/knife_user#reregister" >}}) to regenerate an RSA key pair for a user. Knife will store the public key on Chef Infra Server and the private key will be displayed in the standard output, or use the `--file` option to write to a named file.

```sh
knife user reregister USERNAME (options)
Expand Down Expand Up @@ -427,7 +424,7 @@ To update a user's key pair:
knife user key create USERNAME --key-name KEYNAME --expiration-date YYYY-MM-DDTHH:MM:SSZ --file FILENAME
```

Knife will open your text editor with a data file containing the username, key name, and key pair expiration date that will be sent to the Chef Infra Server.
Knife will open your text editor with a data file containing the username, key name, and key pair expiration date that will be sent to Chef Infra Server.

Modify the username, key name, and key expiration date to match the new key pair that you are creating, then save the file and close your editor.

Expand Down Expand Up @@ -470,5 +467,5 @@ For more information about Chef Infra Server Authorization, see

## Chef Infra Server API

For more information about using the Chef Infra Server API endpoints see
For more information about using Chef Infra Server API endpoints see
[Chef Infra Server API]({{< relref "api_chef_server" >}}).
Original file line number Diff line number Diff line change
Expand Up @@ -5,4 +5,4 @@ The authentication process ensures that Chef Infra Server only responds to reque
* Chef Workstation saves the private key in `~/.chef/`
* Chef Infra Client saves the private key in `/etc/chef`

Both Chef Infra Client and Chef Workstation communicate with the Chef Infra Server using the Chef Infra Server API. Each time that Chef Infra Client or Chef Workstation makes a request to Chef Infra Server, they use a special group of HTTP headers and sign the rest with their private key. The Chef Infra Server then uses the public key to verify the headers and the contents.
Both Chef Infra Client and Chef Workstation communicate with Chef Infra Server using the Chef Infra Server API. Each time that Chef Infra Client or Chef Workstation makes a request to Chef Infra Server, they use a special group of HTTP headers and sign the rest with their private key. Chef Infra Server then uses the public key to verify the headers and contents.
8 changes: 2 additions & 6 deletions docs-chef-io/content/server/server_orgs.md
Original file line number Diff line number Diff line change
Expand Up @@ -32,12 +32,12 @@ role-based access control:
<tbody>
<tr>
<td><p><img src="/images/icon_server_organization.svg" class="align-center" width="130" alt="image" /></p></td>
<td>An organization is the top-level entity for role-based access control in the Chef Infra Server. Each organization contains the default groups (<code>admins</code>, <code>clients</code>, and <code>users</code>, plus <code>billing_admins</code> for the hosted Chef Infra Server), at least one user and at least one node (on which the Chef Infra Client is installed). The Chef Infra Server supports multiple organizations. The Chef Infra Server includes a single default organization that is defined during setup. Additional organizations can be created after the initial setup and configuration of the Chef Infra Server.</td>
<td>An organization is the top-level entity for role-based access control in the Chef Infra Server. Each organization contains the default groups (<code>admins</code>, <code>clients</code>, and <code>users</code>), at least one user and at least one node (on which the Chef Infra Client is installed). The Chef Infra Server supports multiple organizations. The Chef Infra Server includes a single default organization that is defined during setup. Additional organizations can be created after the initial setup and configuration of the Chef Infra Server.</td>
</tr>
<tr>
<td><p><img src="/images/icon_server_groups.svg" class="align-center" width="130" alt="image" /></p></td>
<td><p>A group is used to define access to object types and objects in the Chef Infra Server and also to assign permissions that determine what types of tasks are available to members of that group who are authorized to perform them. Groups are configured per-organization.</p>
<p>Individual users who are members of a group will inherit the permissions assigned to the group. The Chef Infra Server includes the following default groups: <code>admins</code>, <code>clients</code>, and <code>users</code>. For users of the hosted Chef Infra Server, an additional default group is provided: <code>billing_admins</code>.</p></td>
<p>Individual users who are members of a group will inherit the permissions assigned to the group. The Chef Infra Server includes the following default groups: <code>admins</code>, <code>clients</code>, and <code>users</code>.</p></td>
</tr>
<tr>
<td><p><img src="/images/icon_server_users.svg" class="align-center" width="130" alt="image" /></p></td>
Expand Down Expand Up @@ -208,10 +208,6 @@ The Chef Infra Server includes the following default groups:
<td>The <code>admins</code> group defines the list of users who have administrative rights to all objects and object types for a single organization.</td>
</tr>
<tr>
<td><code>billing_admins</code></td>
<td>The <code>billing_admins</code> group defines the list of users who have permission to manage billing information. This permission exists only for the hosted Chef Infra Server.</td>
</tr>
<tr>
<td><code>clients</code></td>
<td>The <code>clients</code> group defines the list of nodes on which a Chef Infra Client is installed and under management by Chef. In general, think of this permission as "all of the non-human actors---Chef Infra Client, in nearly every case---that get data from, and/or upload data to, the Chef server". Newly-created Chef Infra Client instances are added to this group automatically.</td>
</tr>
Expand Down

0 comments on commit 3f88b77

Please sign in to comment.