The following items are new for Chef server 12.4:
- **/universe endpoint** Use the `/universe` endpoint to retrieve the
known collection of cookbooks, and then use it with Berkshelf and
Chef Supermarket.
- **opscode-expander-reindexer service** The
`opscode-expander-reindexer` service is deprecated.
- **Global server administrator list** Use the
`grant-server-admin-permissions`, `remove-server-admin-permissions`,
and `list-server-admins` to manage the list of users who belong to
the `server-admins` group.
## /universe
Use the `/universe` endpoint to retrieve the known collection of
cookbooks, and then use it with Berkshelf and Chef Supermarket.
The `/universe` endpoint has the following methods: `GET`.
## GET
The `GET` method is used to retrieve the universe data.
This method has no parameters.
**Request**
```none
GET /universe
```
**Response**
The response will return an embedded hash, with the name of each
cookbook as a top-level key. Each cookbook will list each version, along
with its location information and dependencies:
```javascript
{
"ffmpeg": {
"0.1.0": {
"location_path": "http://supermarket.chef.io/api/v1/cookbooks/ffmpeg/0.1.0/download"
"location_type": "supermarket",
"dependencies": {
"git": ">= 0.0.0",
"build-essential": ">= 0.0.0",
"libvpx": "~> 0.1.1",
"x264": "~> 0.1.1"
},
},
"0.1.1": {
"location_path": "http://supermarket.chef.io/api/v1/cookbooks/ffmpeg/0.1.1/download"
"location_type": "supermarket",
"dependencies": {
"git": ">= 0.0.0",
"build-essential": ">= 0.0.0",
"libvpx": "~> 0.1.1",
"x264": "~> 0.1.1"
},
},
"pssh": {
"0.1.0": {
"location_path": "http://supermarket.chef.io/api/v1/cookbooks/pssh.1.0/download"
"location_type": "supermarket",
"dependencies": {},
}
}
}
```
200 |
OK. The request was successful. One (or more) cookbooks and associated cookbook version information was returned. |
## Server Admins
The `server-admins` group is a global group that grants its members
permission to create, read, update, and delete user accounts, with the
exception of superuser accounts. The `server-admins` group is useful for
users who are responsible for day-to-day administration of the Chef
server, especially user management via the `knife user` subcommand.
Before members can be added to the `server-admins` group, they must
already have a user account on the Chef server.
## Scenario
The following user accounts exist on the Chef server: `pivotal` (a
superuser account), `alice`, `bob`, `carol`, and `dan`. Run the
following command to view a list of users on the Chef server:
```bash
chef-server-ctl user-list
```
and it returns the same list of users:
```bash
pivotal
alice
bob
carol
dan
```
Alice is a member of the IT team whose responsibilities include
day-to-day administration of the Chef server, in particular managing the
user accounts on the Chef server that are used by the rest of the
organization. From a workstation, Alice runs the following command:
```bash
knife user list -c ~/.chef/alice.rb
```
and it returns the following error:
```bash
ERROR: You authenticated successfully to as alice
but you are not authorized for this action
Response: Missing read permission
```
Alice is not a superuser and does not have permissions on other users
because user accounts are global to organizations in the Chef server.
Let's add Alice to the `server-admins` group:
```bash
chef-server-ctl grant-server-admin-permissions alice
```
and it returns the following response:
```bash
User alice was added to server-admins.
```
Alice can now create, read, update, and delete user accounts on the Chef
server, even for organizations to which Alice is not a member. From a
workstation, Alice re-runs the following command:
```bash
knife user list -c ~/.chef/alice.rb
```
which now returns:
```bash
pivotal
alice
bob
carol
dan
```
Alice is now a server administrator and can use the following knife
subcommands to manage users on the Chef server:
- `knife user-create`
- `knife user-delete`
- `knife user-edit`
- `knife user-list`
- `knife user-show`
For example, Alice runs the following command:
```bash
knife user edit carol -c ~/.chef/alice.rb
```
and the \$EDITOR opens in which Alice makes changes, and then saves
them.
### Superuser Accounts
Superuser accounts may not be managed by users who belong to the
`server-admins` group. For example, Alice attempts to delete the
`pivotal` superuser account:
```bash
knife user delete pivotal -c ~/.chef/alice.rb
```
and the following error is returned:
```bash
ERROR: You authenticated successfully to as user1
but you are not authorized for this action
Response: Missing read permission
```
Alice's action is unauthorized even with membership in the
`server-admins` group.
## Manage server-admins Group
Membership of the `server-admins` group is managed with a set of
`chef-server-ctl` subcommands:
- `chef-server-ctl grant-server-admin-permissions`
- `chef-server-ctl list-server-admins`
- `chef-server-ctl remove-server-admin-permissions`
### Add Members
The `grant-server-admin-permissions` subcommand is used to add a user to
the `server-admins` group. Run the command once per user added.
This subcommand has the following syntax:
```bash
chef-server-ctl grant-server-admin-permissions USER_NAME
```
where `USER_NAME` is the user to add to the list of server
administrators.
For example:
```bash
chef-server-ctl grant-server-admin-permissions bob
```
returns:
```bash
User bob was added to server-admins. This user can now list,
read, and create users (even for orgs they are not members of)
for this Chef Server.
```
### Remove Members
The `remove-server-admin-permissions` subcommand is used to remove a
user from the `server-admins` group. Run the command once per user
removed.
This subcommand has the following syntax:
```bash
chef-server-ctl remove-server-admin-permissions USER_NAME
```
where `USER_NAME` is the user to remove from the list of server
administrators.
For example:
```bash
chef-server-ctl remove-server-admin-permissions bob
```
returns:
```bash
User bob was removed from server-admins. This user can no longer
list, read, and create users for this Chef Server except for where
they have default permissions (such as within an org).
```
### List Membership
The `list-server-admins` subcommand is used to return a list of users
who are members of the `server-admins` group.
This subcommand has the following syntax:
```bash
chef-server-ctl list-server-admins
```
and will return a list of users similar to:
```bash
pivotal
alice
bob
carol
dan
```