chef-automate CLI

[edit on GitHub]

Automate CLI Commands

chef-automate

A helpful utility to deploy and manage Chef Automate. Docs: https://docs.chef.io/automate/cli_chef_automate/ Patents: https://www.chef.io/patents

Usage
chef-automate COMMAND [flags]

Flags
-d, --debug
Enable debug output (default: false)
-h, --help
help for chef-automate (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also
airgap
applications
Manage applications observability features
backup
Chef Automate backup
config
Chef Automate configuration
deploy
Deploy Chef Automate
external-cert
Manage Chef Automate's external certificate
gather-logs
Gather system diagnostics and logs
iam
Chef Automate iam commands
infrastructure
Chef Automate infrastructure
init-config
Initialize default config
internal-ca
Manage Chef Automate's internal certificate authority
license
Chef Automate license management
maintenance
Put Chef Automate into or out of maintenance mode
migrate-from-v1
Migrate from Chef Automate v1
migrate-from-v1-status
Watch the status of the migration to Chef Automate 2
preflight-check
Perform preflight check
restart-services
restart deployment services
service-versions
Retrieve the versions of the individual Chef Automate services
start
Start Chef Automate
status
Retrieve Chef Automate status
stop
Stop deployment
system-logs
Tail Chef Automate logs
uninstall
Uninstall Chef Automate
upgrade
upgrade automate to the latest version
version
Show CLI version

chef-automate airgap

Usage
chef-automate airgap COMMAND [flags]

Flags
-h, --help
help for airgap (default: false)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also
chef-automate
Chef Automate CLI
bundle

chef-automate airgap bundle

Usage
chef-automate airgap bundle COMMAND [flags]

Flags
-h, --help
help for bundle (default: false)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also
chef-automate airgap
create
info

chef-automate airgap bundle create

Usage
chef-automate airgap bundle create [/path/to/bundle.aib] [flags]

Flags
-c, --channel
Release channel to pull packages from
-h, --help
help for create (default: false)
-m, --manifest
Path to a release manifest.json
-r, --retries
Number of times to retry failed hab package downloads (default: 2)
--retry-delay
Number of seconds to wait between retries (exponential backoff is used if not provided) (default: -1)
--version
Chef Automate version to create an airgap bundle for
-w, --workspace
Path to workspace storage location where temporary data will be stored
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also
chef-automate airgap bundle

chef-automate airgap bundle info

Usage
chef-automate airgap bundle info /path/to/bundle.aib [flags]

Flags
-h, --help
help for info (default: false)
--verbose
Output full AIB metadata (default: false)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also
chef-automate airgap bundle

chef-automate applications

Usage
chef-automate applications COMMAND [flags]

Flags
-h, --help
help for applications (default: false)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also
chef-automate
Chef Automate CLI
remove-svcs
Remove services from the applications database
show-svcs
Show services in the applications database

chef-automate applications remove-svcs

Remove services from the applications database. You must fully decommission services by retiring physical hardware, terminating the VM or container, or by using 'hab svc unload', before using the 'remove-svcs' command. Services that are incompletely decommissioned will send a health-check at the appointed time and Automate will re-add them to the services database.

Usage
chef-automate applications remove-svcs [flags]

Flags
--all
Delete all services in the database. This flag must be given if no other filter is given. (default: false)
-a, --application
Select only services where the application name matches the given pattern
-b, --buildstamp
Select only services where the buildstamp matches the given pattern
-c, --channel
Select only services where the subscribed channel matches the given pattern
-D, --disconnected
Select only services that are disconnected (default: false)
-e, --environment
Select only services where the application environment matches the given pattern
-g, --group
Select only services where the group name (suffix) matches the given pattern
-h, --help
help for remove-svcs (default: false)
-o, --origin
Select only services where the origin matches the given pattern
-n, --service-name
Select only services where the name matches the given pattern
-s, --site
Select only services where the site matches the given pattern
-v, --version
Select only services where the package version matches the given pattern
-y, --yes
Delete the services without a confirmation prompt (default: false)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also
chef-automate applications
Manage applications observability features

chef-automate applications show-svcs

Display a list of the habitat services stored in the applications database.

Usage
chef-automate applications show-svcs [flags]

Flags
-a, --application
Select only services where the application name matches the given pattern
-b, --buildstamp
Select only services where the buildstamp matches the given pattern
-c, --channel
Select only services where the subscribed channel matches the given pattern
-D, --disconnected
Select only services that are disconnected (default: false)
-e, --environment
Select only services where the application environment matches the given pattern
-g, --group
Select only services where the group name (suffix) matches the given pattern
-h, --help
help for show-svcs (default: false)
-o, --origin
Select only services where the origin matches the given pattern
-n, --service-name
Select only services where the name matches the given pattern
-s, --site
Select only services where the site matches the given pattern
-v, --version
Select only services where the package version matches the given pattern
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also
chef-automate applications
Manage applications observability features

chef-automate backup

Usage
chef-automate backup COMMAND [flags]

Flags
--gcs-credentials-path
The path to the GCP service account json file
-h, --help
help for backup (default: false)
--no-progress
Don't follow operation progress (default: false)
-r, --request-timeout
API request timeout for deployment-service in seconds (default: 20)
--s3-access-key
The S3 access key ID
--s3-endpoint
The S3 region endpoint URL
--s3-secret-key
The S3 secret access key
--s3-session-token
The S3 session token when assuming an IAM role
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also
chef-automate
Chef Automate CLI
cancel
cancel the running backup operation
create
create a backup of Chef Automate
delete
delete backups of Chef Automate
fix-repo-permissions
Ensure the hab user has the required permissions on the given path
integrity
Chef Automate shared object integrity
list
list all Chef Automate backups
restore
restore a Chef Automate backup
show
show the Chef Automate backup details
status
show the Chef Automate backup runner status

chef-automate backup cancel

Cancel the currently running backup create, delete, or restore operation

Usage
chef-automate backup cancel [flags]

Flags
-h, --help
help for cancel (default: false)
-t, --wait-timeout
How long to wait for a operation to complete before raising an error (default: 60)
-d, --debug
Enable debug output (default: false)
--gcs-credentials-path
The path to the GCP service account json file
--no-check-version
Disable version check (default: false)
--no-progress
Don't follow operation progress (default: false)
-r, --request-timeout
API request timeout for deployment-service in seconds (default: 20)
--result-json
Write command result as JSON to PATH
--s3-access-key
The S3 access key ID
--s3-endpoint
The S3 region endpoint URL
--s3-secret-key
The S3 secret access key
--s3-session-token
The S3 session token when assuming an IAM role

See Also
chef-automate backup
Chef Automate backup

chef-automate backup create

Create a backup of Chef Automate

Usage
chef-automate backup create [flags]

Flags
-h, --help
help for create (default: false)
-t, --wait-timeout
How long to wait for a operation to complete before raising an error (default: 7200)
-d, --debug
Enable debug output (default: false)
--gcs-credentials-path
The path to the GCP service account json file
--no-check-version
Disable version check (default: false)
--no-progress
Don't follow operation progress (default: false)
-r, --request-timeout
API request timeout for deployment-service in seconds (default: 20)
--result-json
Write command result as JSON to PATH
--s3-access-key
The S3 access key ID
--s3-endpoint
The S3 region endpoint URL
--s3-secret-key
The S3 secret access key
--s3-session-token
The S3 session token when assuming an IAM role

See Also
chef-automate backup
Chef Automate backup

chef-automate backup delete

Delete one or many backups of Chef Automate that match the space separated strings of backup IDs

Usage
chef-automate backup delete ID [ID2 IDN...] [flags]

Flags
-h, --help
help for delete (default: false)
-t, --wait-timeout
How long to wait for a operation to complete before raising an error (default: 120)
--yes
Agree to all prompts (default: false)
-d, --debug
Enable debug output (default: false)
--gcs-credentials-path
The path to the GCP service account json file
--no-check-version
Disable version check (default: false)
--no-progress
Don't follow operation progress (default: false)
-r, --request-timeout
API request timeout for deployment-service in seconds (default: 20)
--result-json
Write command result as JSON to PATH
--s3-access-key
The S3 access key ID
--s3-endpoint
The S3 region endpoint URL
--s3-secret-key
The S3 secret access key
--s3-session-token
The S3 session token when assuming an IAM role

See Also
chef-automate backup
Chef Automate backup

chef-automate backup fix-repo-permissions

Ensure the hab user has the required permissions on the given path

Usage
chef-automate backup fix-repo-permissions PATH [flags]

Flags
-h, --help
help for fix-repo-permissions (default: false)
-d, --debug
Enable debug output (default: false)
--gcs-credentials-path
The path to the GCP service account json file
--no-check-version
Disable version check (default: false)
--no-progress
Don't follow operation progress (default: false)
-r, --request-timeout
API request timeout for deployment-service in seconds (default: 20)
--result-json
Write command result as JSON to PATH
--s3-access-key
The S3 access key ID
--s3-endpoint
The S3 region endpoint URL
--s3-secret-key
The S3 secret access key
--s3-session-token
The S3 session token when assuming an IAM role

See Also
chef-automate backup
Chef Automate backup

chef-automate backup integrity

Usage
chef-automate backup integrity COMMAND [flags]

Flags
-h, --help
help for integrity (default: false)
-t, --wait-timeout
How long to wait for a operation to complete before raising an error (default: 60)
-d, --debug
Enable debug output (default: false)
--gcs-credentials-path
The path to the GCP service account json file
--no-check-version
Disable version check (default: false)
--no-progress
Don't follow operation progress (default: false)
-r, --request-timeout
API request timeout for deployment-service in seconds (default: 20)
--result-json
Write command result as JSON to PATH
--s3-access-key
The S3 access key ID
--s3-endpoint
The S3 region endpoint URL
--s3-secret-key
The S3 secret access key
--s3-session-token
The S3 session token when assuming an IAM role

See Also
chef-automate backup
Chef Automate backup
show
show the shared object integrity metadata
validate
validate the shared object integrity

chef-automate backup integrity show

Show the shared object integrity metadata

Usage
chef-automate backup integrity show [flags]

Flags
-h, --help
help for show (default: false)
-d, --debug
Enable debug output (default: false)
--gcs-credentials-path
The path to the GCP service account json file
--no-check-version
Disable version check (default: false)
--no-progress
Don't follow operation progress (default: false)
-r, --request-timeout
API request timeout for deployment-service in seconds (default: 20)
--result-json
Write command result as JSON to PATH
--s3-access-key
The S3 access key ID
--s3-endpoint
The S3 region endpoint URL
--s3-secret-key
The S3 secret access key
--s3-session-token
The S3 session token when assuming an IAM role
-t, --wait-timeout
How long to wait for a operation to complete before raising an error (default: 60)

See Also
chef-automate backup integrity
Chef Automate shared object integrity

chef-automate backup integrity validate

Validate the shared object integrity. If one or more snapshot IDs is not given all snapshots will be validated

Usage
chef-automate backup integrity validate [ID IDN] [flags]

Flags
-h, --help
help for validate (default: false)
-d, --debug
Enable debug output (default: false)
--gcs-credentials-path
The path to the GCP service account json file
--no-check-version
Disable version check (default: false)
--no-progress
Don't follow operation progress (default: false)
-r, --request-timeout
API request timeout for deployment-service in seconds (default: 20)
--result-json
Write command result as JSON to PATH
--s3-access-key
The S3 access key ID
--s3-endpoint
The S3 region endpoint URL
--s3-secret-key
The S3 secret access key
--s3-session-token
The S3 session token when assuming an IAM role
-t, --wait-timeout
How long to wait for a operation to complete before raising an error (default: 60)

See Also
chef-automate backup integrity
Chef Automate shared object integrity

chef-automate backup list

List all Chef Automate backups

Usage
chef-automate backup list [flags]

Flags
-h, --help
help for list (default: false)
-t, --wait-timeout
How long to wait for a operation to complete before raising an error (default: 60)
-d, --debug
Enable debug output (default: false)
--gcs-credentials-path
The path to the GCP service account json file
--no-check-version
Disable version check (default: false)
--no-progress
Don't follow operation progress (default: false)
-r, --request-timeout
API request timeout for deployment-service in seconds (default: 20)
--result-json
Write command result as JSON to PATH
--s3-access-key
The S3 access key ID
--s3-endpoint
The S3 region endpoint URL
--s3-secret-key
The S3 secret access key
--s3-session-token
The S3 session token when assuming an IAM role

See Also
chef-automate backup
Chef Automate backup

chef-automate backup restore

Restore a Chef Automate backup. If no ID or path is given the latest found backup will be restored.

Usage
chef-automate backup restore [ID_OR_PATH] [flags]

Flags
--airgap-bundle
The artifact to use for an air-gapped installation
-b, --backup-dir
Directory used for backups (default: /var/opt/chef-automate/backups)
-h, --help
help for restore (default: false)
--patch-config
Path to patch config if required
--sha256
The SHA256 checksum of the backup
--skip-preflight
Skip preflight checks when restoring a backup (default: false)
-u, --upgrade
Upgrade to the latest package versions when restoring backups (default: false)
-t, --wait-timeout
How long to wait for a operation to complete before raising an error (default: 7200)
--yes
Agree to all prompts (default: false)
-d, --debug
Enable debug output (default: false)
--gcs-credentials-path
The path to the GCP service account json file
--no-check-version
Disable version check (default: false)
--no-progress
Don't follow operation progress (default: false)
-r, --request-timeout
API request timeout for deployment-service in seconds (default: 20)
--result-json
Write command result as JSON to PATH
--s3-access-key
The S3 access key ID
--s3-endpoint
The S3 region endpoint URL
--s3-secret-key
The S3 secret access key
--s3-session-token
The S3 session token when assuming an IAM role

See Also
chef-automate backup
Chef Automate backup

chef-automate backup show

Show the details of a Chef Automate backup

Usage
chef-automate backup show ID [flags]

Flags
-h, --help
help for show (default: false)
-t, --wait-timeout
How long to wait for a operation to complete before raising an error (default: 60)
-d, --debug
Enable debug output (default: false)
--gcs-credentials-path
The path to the GCP service account json file
--no-check-version
Disable version check (default: false)
--no-progress
Don't follow operation progress (default: false)
-r, --request-timeout
API request timeout for deployment-service in seconds (default: 20)
--result-json
Write command result as JSON to PATH
--s3-access-key
The S3 access key ID
--s3-endpoint
The S3 region endpoint URL
--s3-secret-key
The S3 secret access key
--s3-session-token
The S3 session token when assuming an IAM role

See Also
chef-automate backup
Chef Automate backup

chef-automate backup status

Show the Chef Automate backup runner status

Usage
chef-automate backup status [flags]

Flags
-h, --help
help for status (default: false)
-t, --wait-timeout
How long to wait for a operation to complete before raising an error (default: 60)
-d, --debug
Enable debug output (default: false)
--gcs-credentials-path
The path to the GCP service account json file
--no-check-version
Disable version check (default: false)
--no-progress
Don't follow operation progress (default: false)
-r, --request-timeout
API request timeout for deployment-service in seconds (default: 20)
--result-json
Write command result as JSON to PATH
--s3-access-key
The S3 access key ID
--s3-endpoint
The S3 region endpoint URL
--s3-secret-key
The S3 secret access key
--s3-session-token
The S3 session token when assuming an IAM role

See Also
chef-automate backup
Chef Automate backup

chef-automate config

Usage
chef-automate config COMMAND [flags]

Flags
-h, --help
help for config (default: false)
-t, --timeout
Request timeout in seconds (default: 10)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also
chef-automate
Chef Automate CLI
patch
patch the Chef Automate configuration
set
set the Chef Automate configuration
show
show the Chef Automate configuration

chef-automate config patch

Apply a partial Chef Automate configuration to the deployment. It will take the partial configuration, merge it with the existing configuration, and apply and required changes.

Usage
chef-automate config patch path/to/config.toml [flags]

Flags
-h, --help
help for patch (default: false)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH
-t, --timeout
Request timeout in seconds (default: 10)

See Also
chef-automate config
Chef Automate configuration

chef-automate config set

Set the Chef Automate configuration for the deployment. It will replace the Chef Automate configuration with the given configuration and apply any required changes.

Usage
chef-automate config set path/to/config.toml [flags]

Flags
-h, --help
help for set (default: false)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH
-t, --timeout
Request timeout in seconds (default: 10)

See Also
chef-automate config
Chef Automate configuration

chef-automate config show

Show the Chef Automate configuration. When given a filepath, the output will be written to the file instead of printed to STDOUT

Usage
chef-automate config show [/path/to/write/config.toml] [flags]

Flags
-h, --help
help for show (default: false)
-o, --overwrite
Overwrite existing config.toml (default: false)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH
-t, --timeout
Request timeout in seconds (default: 10)

See Also
chef-automate config
Chef Automate configuration

chef-automate deploy

Deploy a new Chef Automate instance using the supplied configuration. - <CONFIG_FILE> must be a valid path to a TOML formatted configuration file

Usage
chef-automate deploy [/path/to/config.toml] [flags]

Flags
--accept-terms-and-mlsa
Agree to the Chef Software Terms of Service and the Master License and Services Agreement (default: false)
--airgap-bundle
Path to an airgap install bundle
--certificate
The path to a certificate that should be used for external TLS connections (web and API).
--channel
Release channel to deploy all services from
--fqdn
The fully-qualified domain name that Chef Automate can be accessed at. (default: hostname of this machine)
-h, --help
help for deploy (default: false)
--private-key
The path to a private key corresponding to the TLS certificate.
--product
Product to deploy (default: [])
--skip-preflight
Deploy regardless of pre-flight conditions (default: false)
--upgrade-strategy
Upgrade strategy to use for this deployment. (default: at-once)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also
chef-automate
Chef Automate CLI

chef-automate external-cert

Manage Chef Automate's external certificate authority. Used for establishing TLS/SSL communication with automate.

Usage
chef-automate external-cert COMMAND [flags]

Flags
-f, --file
File path to save automate TLS certifcate to.
-h, --help
help for external-cert (default: false)
-n, --hostname
Hostname for the automate TLS certificate
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also
chef-automate
Chef Automate CLI
show
Show the external TLS/SSL certificates in Automate. Optionally, save the certificates to a file in the specified path.

chef-automate external-cert show

Usage
chef-automate external-cert show [flags]

Flags
-h, --help
help for show (default: false)
-d, --debug
Enable debug output (default: false)
-f, --file
File path to save automate TLS certifcate to.
-n, --hostname
Hostname for the automate TLS certificate
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also
chef-automate external-cert
Manage Chef Automate's external certificate

chef-automate gather-logs

Collect system diagnostics and logs from Chef Automate and other services

Usage
chef-automate gather-logs [/path/to/log/bundle.tar.gz] [flags]

Flags
-h, --help
help for gather-logs (default: false)
-l, --local-fallback
run gather-logs in local fallback mode (default: false)
--log-lines
Number of system log lines (journald logs) to collect (0 for all logs) (default: 500000)
-o, --overwrite
Overwrite existing log archive (default: false)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also
chef-automate
Chef Automate CLI

chef-automate iam

Usage
chef-automate iam COMMAND [flags]

Flags
-h, --help
help for iam (default: false)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also
chef-automate
Chef Automate CLI
admin-access
Manage and restore default admin access
token
Manage tokens
version
Retrieve IAM version in use

chef-automate iam admin-access

Usage
chef-automate iam admin-access COMMAND [flags]

Flags
-h, --help
help for admin-access (default: false)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also
chef-automate iam
Chef Automate iam commands
restore
Restore the factory default admin user, team, and access

chef-automate iam admin-access restore

Recreate the admin user, admin team, and related admin policy as needed to restore to factory default and update the admin user's password

Usage
chef-automate iam admin-access restore PASSWORD [flags]

Flags
--dry-run
Show what would be updated by this command without performing any changes (default: false)
-h, --help
help for restore (default: false)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also
chef-automate iam admin-access
Manage and restore default admin access

chef-automate iam token

Usage
chef-automate iam token COMMAND [flags]

Flags
-h, --help
help for token (default: false)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also
chef-automate iam
Chef Automate iam commands
create
Generate a token

chef-automate iam token create

Usage
chef-automate iam token create NAME [flags]

Flags
--admin
Generate a token and add it to the chef-managed admin policy (default: false)
-h, --help
help for create (default: false)
--id
Specify a custom ID (if omitted, an ID will be generated based on NAME)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also
chef-automate iam token
Manage tokens

chef-automate iam version

Usage
chef-automate iam version [flags]

Flags
-h, --help
help for version (default: false)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also
chef-automate iam
Chef Automate iam commands

chef-automate infrastructure

Commands for automation infrastructure management, for data related to chef-client runs and chef-server actions.

Usage
chef-automate infrastructure COMMAND [flags]

Flags
-h, --help
help for infrastructure (default: false)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also
chef-automate
Chef Automate CLI
node-delete
Delete node by node uuid

chef-automate infrastructure node-delete

Usage
chef-automate infrastructure node-delete [uuid] [flags]

Flags
-h, --help
help for node-delete (default: false)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also
chef-automate infrastructure
Chef Automate infrastructure

chef-automate init-config

Initialize default configuration and save it to a file.

Usage
chef-automate init-config [flags]

Flags
--certificate
The path to a certificate that should be used for external TLS connections (web and API).
--channel
Release channel to deploy all services from (default: current)
--es-mem
The amount of system memory to allocate to Elasticsearch's heap. (default: 25% of system memory)
--file
File path to write the config (default: config.toml)
--fqdn
The fully-qualified domain name that Chef Automate can be accessed at. (default: hostname of this machine)
-h, --help
help for init-config (default: false)
--private-key
The path to a private key corresponding to the TLS certificate.
--upgrade-strategy
Upgrade strategy to use for this deployment. (default: at-once)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also
chef-automate
Chef Automate CLI

chef-automate internal-ca

Manage Chef Automate's internal certificate authority. Used for inter-service encryption and authentication.

Usage
chef-automate internal-ca COMMAND [flags]

Flags
-h, --help
help for internal-ca (default: false)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also
chef-automate
Chef Automate CLI
info
Print information the root certificate for the internal certificate authority
regenerate
Commands to regenerate certificates issued by the internal certificate authority

chef-automate internal-ca info

Usage
chef-automate internal-ca info [flags]

Flags
-h, --help
help for info (default: false)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also
chef-automate internal-ca
Manage Chef Automate's internal certificate authority

chef-automate internal-ca regenerate

Usage
chef-automate internal-ca regenerate [flags]

Flags
-h, --help
help for regenerate (default: false)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also
chef-automate internal-ca
Manage Chef Automate's internal certificate authority
root
Regenerate the root certificate for the internal certificate authority

chef-automate internal-ca regenerate root

Usage
chef-automate internal-ca regenerate root [flags]

Flags
-h, --help
help for root (default: false)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also
chef-automate internal-ca regenerate
Commands to regenerate certificates issued by the internal certificate authority

chef-automate license

Usage
chef-automate license COMMAND [flags]

Flags
-h, --help
help for license (default: false)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also
chef-automate
Chef Automate CLI
apply
Apply Chef Automate license
status
Retrieve Chef Automate license status

chef-automate license apply

Apply Chef Automate license token. - <LICENSE> must be valid encoded license string

Usage
chef-automate license apply LICENSE [flags]

Flags
-f, --force
Force set license (default: false)
-h, --help
help for apply (default: false)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also
chef-automate license
Chef Automate license management

chef-automate license status

Usage
chef-automate license status [flags]

Flags
-h, --help
help for status (default: false)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also
chef-automate license
Chef Automate license management

chef-automate maintenance

Chef Automate maintenance mode keeps all services running but rejects new connections at the load balancer so that maintenance operations can be performed.

Usage
chef-automate maintenance [on|off] [flags]

Flags
-h, --help
help for maintenance (default: false)
-t, --timeout
Request timeout in seconds (default: 10)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also
chef-automate
Chef Automate CLI

chef-automate migrate-from-v1

Migrate an existing Chef Automate v1 deployment to Chef Automate v2. - <CONFIG_FILE> must be a valid path to a TOML formatted configuration file

Usage
chef-automate migrate-from-v1 [/path/to/automate-deploy.toml] [flags]

Flags
--airgap-bundle
Path to an airgap install bundle
--channel
Optional channel to use when installing packages from the depot
--chef-server-running
Path to chef-server-running.json (default: /etc/opscode/chef-server-running.json)
-c, --config
Path to an automate-deploy.toml
-r, --delivery-running
Path to delivery-running.json (default: /etc/delivery/delivery-running.json)
-s, --delivery-secrets
Path to delivery-secrets.json (default: /etc/delivery/delivery-secrets.json)
--enable-chef-server
Enable integrated Chef Server migration and deployment; only valid for all-in-one topology (default: false)
--file-move-timeout
Optional timeout for moving elasticsearch, compliance, and notifications files during Chef Automate v1 migration (0 to disable timeout) (default: 0)
-h, --help
help for migrate-from-v1 (default: false)
--postgres-dump-wait-seconds
Optional timeout for Chef Automate v1 PostgreSQL dump (0 to disable timeout) (default: 0)
--postgres-restore-wait-seconds
Optional timeout for Chef Automate v1 PostgreSQL restore (0 to disable timeout) (default: 0)
--skip-backup
Optionally skip backup of your Chef Automate v1 installation (default = false) (default: false)
--skip-backup-check
Optionally do not check if your Chef Automate v1 installation has backups configured (default = false) (default: false)
--skip-disaster-recovery-check
Optionally do not check if your Chef Automate v1 installation has disaster recovery configured (default = false) (default: false)
--skip-external-es-check
Optionally do not check if your Chef Automate v1 installation has external Elasticsearch configured (default = false) (default: false)
--skip-fips-check
Optionally do not check if your Chef Automate v1 installation has FIPS configured (default = false) (default: false)
--skip-preflight
Deploy regardless of pre-flight conditions (default: false)
--skip-saml-check
Optionally do not check if your Chef Automate v1 installation has SAML configured (default = false) (default: false)
--skip-workflow-check
Optionally do not check if your Chef Automate v1 installation has workflow configured (default = false) (default: false)
--upgrade-strategy
Optional upgrade strategy to use when configuring the deployment service
-y, --yes
Do not prompt for confirmation; accept defaults and continue (default: false)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also
chef-automate
Chef Automate CLI
gen-config
Generate a config file

chef-automate migrate-from-v1-status

Usage
chef-automate migrate-from-v1-status [flags]

Flags
-h, --help
help for migrate-from-v1-status (default: false)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also
chef-automate
Chef Automate CLI

chef-automate migrate-from-v1 gen-config

Generate a Chef Automate v2 configuration file from Chef Automate v1

Usage
chef-automate migrate-from-v1 gen-config [flags]

Flags
-h, --help
help for gen-config (default: false)
-o, --out
Output file (default: ./automate-migrate.toml)
--airgap-bundle
Path to an airgap install bundle
--channel
Optional channel to use when installing packages from the depot
--chef-server-running
Path to chef-server-running.json (default: /etc/opscode/chef-server-running.json)
-c, --config
Path to an automate-deploy.toml
-d, --debug
Enable debug output (default: false)
-r, --delivery-running
Path to delivery-running.json (default: /etc/delivery/delivery-running.json)
-s, --delivery-secrets
Path to delivery-secrets.json (default: /etc/delivery/delivery-secrets.json)
--enable-chef-server
Enable integrated Chef Server migration and deployment; only valid for all-in-one topology (default: false)
--file-move-timeout
Optional timeout for moving elasticsearch, compliance, and notifications files during Chef Automate v1 migration (0 to disable timeout) (default: 0)
--no-check-version
Disable version check (default: false)
--postgres-dump-wait-seconds
Optional timeout for Chef Automate v1 PostgreSQL dump (0 to disable timeout) (default: 0)
--postgres-restore-wait-seconds
Optional timeout for Chef Automate v1 PostgreSQL restore (0 to disable timeout) (default: 0)
--result-json
Write command result as JSON to PATH
--skip-backup
Optionally skip backup of your Chef Automate v1 installation (default = false) (default: false)
--skip-backup-check
Optionally do not check if your Chef Automate v1 installation has backups configured (default = false) (default: false)
--skip-disaster-recovery-check
Optionally do not check if your Chef Automate v1 installation has disaster recovery configured (default = false) (default: false)
--skip-external-es-check
Optionally do not check if your Chef Automate v1 installation has external Elasticsearch configured (default = false) (default: false)
--skip-fips-check
Optionally do not check if your Chef Automate v1 installation has FIPS configured (default = false) (default: false)
--skip-preflight
Deploy regardless of pre-flight conditions (default: false)
--skip-saml-check
Optionally do not check if your Chef Automate v1 installation has SAML configured (default = false) (default: false)
--skip-workflow-check
Optionally do not check if your Chef Automate v1 installation has workflow configured (default = false) (default: false)
--upgrade-strategy
Optional upgrade strategy to use when configuring the deployment service
-y, --yes
Do not prompt for confirmation; accept defaults and continue (default: false)

See Also
chef-automate migrate-from-v1
Migrate from Chef Automate v1

chef-automate preflight-check

Perform preflight check to verify host meets installation criteria.

Usage
chef-automate preflight-check [flags]

Flags
--airgap
Pass this flag when the environment is airgapped (default: false)
--config
Optional config file to use
-h, --help
help for preflight-check (default: false)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also
chef-automate
Chef Automate CLI
migrate-from-v1
Run preflight checks specific to migrating from Chef Automate v1

chef-automate preflight-check migrate-from-v1

Usage
chef-automate preflight-check migrate-from-v1 [flags]

Flags
-r, --delivery-running
Path to delivery-running.json (default: /etc/delivery/delivery-running.json)
-s, --delivery-secrets
Path to delivery-secrets.json (default: /etc/delivery/delivery-secrets.json)
-h, --help
help for migrate-from-v1 (default: false)
--skip-backup-check
Optionally do not check if your Chef Automate v1 installation has backups configured (default = false) (default: false)
--skip-disaster-recovery-check
Optionally do not check if your Chef Automate v1 installation has disaster recovery configured (default = false) (default: false)
--skip-external-es-check
Optionally do not check if your Chef Automate v1 installation has external Elasticsearch configured (default = false) (default: false)
--skip-fips-check
Optionally do not check if your Chef Automate v1 installation has FIPS configured (default = false) (default: false)
--skip-saml-check
Optionally do not check if your Chef Automate v1 installation has SAML configured (default = false) (default: false)
--skip-workflow-check
Optionally do not check if your Chef Automate v1 installation has workflow configured (default = false) (default: false)
--airgap
Pass this flag when the environment is airgapped (default: false)
--config
Optional config file to use
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also
chef-automate preflight-check
Perform preflight check

chef-automate restart-services

Restart services for a deployment

Usage
chef-automate restart-services [flags]

Flags
-h, --help
help for restart-services (default: false)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also
chef-automate
Chef Automate CLI

chef-automate service-versions

Retrieve the versions of the individual Chef Automate services

Usage
chef-automate service-versions [flags]

Flags
-h, --help
help for service-versions (default: false)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also
chef-automate
Chef Automate CLI

chef-automate start

Usage
chef-automate start [flags]

Flags
-h, --help
help for start (default: false)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also
chef-automate
Chef Automate CLI

chef-automate status

Retrieve Chef Automate status. Includes status of Automate services.

Usage
chef-automate status [flags]

Flags
-h, --help
help for status (default: false)
-w, --wait-for-healthy
Wait until the status response is healthy or the timeout is reached (default: false)
-r, --wait-refresh-interval
How many seconds to wait between polling for status updates (default: 2)
-t, --wait-timeout
How many seconds to wait for the status to be healthy before returning an error (default: 600)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also
chef-automate
Chef Automate CLI

chef-automate stop

Stop a running deployment of Automate.

Usage
chef-automate stop [flags]

Flags
-h, --help
help for stop (default: false)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also
chef-automate
Chef Automate CLI

chef-automate system-logs

Start streaming logs from the Chef Automate server. Ctrl + c to stop.

Usage
chef-automate system-logs [flags]

Flags
-h, --help
help for system-logs (default: false)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also
chef-automate
Chef Automate CLI

chef-automate uninstall

Uninstall Chef Automate, deleting all data and configuration

Usage
chef-automate uninstall [flags]

Flags
-h, --help
help for uninstall (default: false)
--preserve-package-cache
Preserve Habitat package cache (useful for faster reinstall) (default: false)
--yes
Uninstall Chef Automate and destroy data without confirmation prompt (default: false)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also
chef-automate
Chef Automate CLI

chef-automate upgrade

Usage
chef-automate upgrade COMMAND [flags]

Flags
-h, --help
help for upgrade (default: false)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also
chef-automate
Chef Automate CLI
run
Run an upgrade of Chef Automate
status
Get upgrade status of Chef Automate

chef-automate upgrade run

Run an upgrade of Chef Automate

Usage
chef-automate upgrade run [flags]

Flags
--airgap-bundle
Path to an airgap install bundle
-h, --help
help for run (default: false)
--version
The exact Chef Automate version to install
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also
chef-automate upgrade
upgrade automate to the latest version

chef-automate upgrade status

Get upgrade status of Chef Automate

Usage
chef-automate upgrade status [flags]

Flags
-h, --help
help for status (default: false)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also
chef-automate upgrade
upgrade automate to the latest version

chef-automate version

Show the CLI version.

Usage
chef-automate version [flags]

Flags
--connection-timeout
Most time to wait to connect to service (default: 0s)
--endpoint
The endpoint the service is listening on
-h, --help
help for version (default: false)
-v, --verbose
Show additional version information (default: false)
-d, --debug
Enable debug output (default: false)
--no-check-version
Disable version check (default: false)
--result-json
Write command result as JSON to PATH

See Also
chef-automate
Chef Automate CLI

Error Codes

If chef-automate encounters an error during execution, it exits with a non-zero error code. Here’s what our error codes mean:

Exit Code Name Description
68 HabUserAccessError Unable to access file or directory with the hab user
69 SnapshotChecksumMismatchError A file in the snapshot did not have the expected checksum
70 DatabaseError An issue occurred with the database
71 CommandExecutionError An issue occurred when running an executable command
72 TraceError An issue occurred when attempting to trace the request
73 ProfileError An issue occurred when attempting to profile the request
74 HabCommandError An issue occurred when running a hab command
75 HabAPIError An issue occurred when attempting to query the Habitat API
76 GatherLogsError Unable to complete log gathering
77 PackageInstallError Unable to install the habitat package
78 TimedOutError Timed out waiting for the operation to complete
79 BackupRestoreError Unable to restore backup
80 ServiceUnloadError Unable to unload the habitat service
81 ServiceStartError Unable to start the habitat service
82 AirgapUnpackInstallBundleError An issue occurred when attempting to unpack the airgap install bundle
83 AirgapCreateInstallBundleError An issue occurred when attempting to create the airgap install bundle
84 DownloadError An issue occurred when attempting to perform a file download
85 UninstallError An issue occurred when attempting to uninstall Chef Automate
86 BackupError An issue occurred when creating or restoring a backup
87 UpgradeError An issue occurred during the upgrade
88 MarshalError Unable to convert or deconvert a textual representation of an internal object
89 LicenseError The license is invalid, expired or incomplete
90 FileAccessError Unable to access the file or directory
91 DiagnosticsError One or more diagnostics checks failed
92 MustBeRootError The command must be run as the root user
93 ConfigError The configuration is invalid
94 DeployError Unable to install, configure and start the service
95 PreflightError One or more preflight checks failed
96 InvalidCommandArgsError The arguments provided are invalid
97 UnhealthyStatusError System status is unhealthy
98 DeploymentServiceCallError A request to the deployment-service failed
99 DeploymentServiceUnreachableError Unable to make a request to the deployment-service
100 APIError An API error occurred during execution
112 UpdateExecError An issue occurred when trying to run an auto-updated CLI executable
113 UnknownError An unknown issue occurred during execution
114 APIUnreachableError Could not connect to Automate API
115 UnknownError Failed to upgrade IAM to v2
116 UnknownError Failed to reset IAM state to v1

© Chef Software, Inc.
Licensed under the Creative Commons Attribution 3.0 Unported License.
The Chef™ Mark and Chef Logo are either registered trademarks/service marks or trademarks/servicemarks of Chef, in the United States and other countries and are used with Chef Inc's permission.
We are not affiliated with, endorsed or sponsored by Chef Inc.
https://docs.chef.io/automate/cli_chef_automate/