Chef Tutorials: List Of Chef Tools and their explainations


chef-apply is an executable program that runs a single recipe from the command line. Is part of the Chef development kit. A great way to explore resources

chef-apply is an executable program that runs a single recipe from the command line:

  • Is part of the Chef development kit and Chef workstation
  • A great way to explore resources
  • Is NOT how Chef is run in production

$ chef-apply -h
Usage: chef-apply [RECIPE_FILE | -e RECIPE_TEXT | -s] [OPTIONS]
                                     Always dump the stacktrace regardless of the log_level setting.
        --chef-license ACCEPTANCE    Accept the license for this product and any contained products ('accept', 'accept-no-persist', or 'accept-silent')
        --[no-]color                 Use colored output, defaults to enabled.
    -e, --execute RECIPE_TEXT        Execute resources supplied in a string.
        --force-formatter            Use formatter output instead of logger output.
        --force-logger               Use logger output instead of formatter output.
    -F, --format FORMATTER           The output format to use.
    -j JSON_ATTRIBS,                 Load attributes from a JSON file or URL.
    -l, --log_level LEVEL            Set the log level (trace, debug, info, warn, error, fatal).
    -L, --logfile LOGLOCATION        Set the log file location, defaults to STDOUT - recommended for daemonizing.
        --minimal-ohai               Only run the bare minimum Ohai plugins Chef Infra Client needs to function.
        --[no-]profile-ruby          Dump complete Ruby call graph stack of entire Chef Infra Client run (expert only).
    -s, --stdin                      Execute resources read from STDIN.
    -v, --version                    Show Chef Infra Client version.
    -W, --why-run                    Enable whyrun mode.
        --yaml                       Parse recipe as YAML
    -h, --help                       Show this help message.

Chef Automate

Chef Automate is a centralized dashboard for following product of chef for enterprise.

  • Chef InSpec
  • Chef Infra Server
  • Chef Habitat

Chef Automate provides Chef servers that include premium features of Chef Automate: Chef Infra and Chef InSpec. Chef Automate provides a full suite of enterprise capabilities for maintaining continuous visibility into application, infrastructure, and security automation.

A Chef Automate server manages the configuration of nodes in your environment by instructing chef-client which Chef recipes to run on the nodes, stores information about nodes, and serves as a central repository for your Chef cookbooks.

Chef Automate is the dashboard, data aggregation, and analytics layer for all Chef products, including

  • Chef Infrastructure Management,
  • Chef Compliance,
  • Chef App Delivery,
  • Chef Desktop, and
  • Chef Enterprise Automation Stack.

It allows developers, operators, and security engineers to collaborate effortlessly to
deliver application and infrastructure changes at speed and scale. Chef Automate provides actionable
insights across multiple data centers and cloud providers where your nodes live.

Chef Code Correctness (Chef Code Analysis)

Chef Unit Testing

Chef Integration Testing

  • TestKitchen
  • ServerSpec
  • RSpec

Some other tools which can be used along with Chef

  • dsh
  • gsh

Some other chef & Knife tools

  • knife-lastrun
  • knife-preflight
  • Chef-handlers
  • knife-flip
  • knife-bulkchangeenvironment
  • knife-env-diff
  • knife spork

Chef Tools for Windows

  • POSHChef – POSHChef has been built as a native chef client on Windows using PowerShell.

Ohai is a tool that is used to collect system configuration data, which is provided to the chef-client for use within cookbooks. Ohai is run by the chef-client at the beginning of every Chef run to determine system state. Ohai includes many built-in plugins to detect common configuration details as well as a plugin model for writing custom plugins.

Chef Ohai Tutorials

chef-solo is a command that executes Chef Infra Client aks chef client in a way that does not require the Chef Infra Server or chef server in order to converge cookbooks. chef-solo uses Chef Infra Client’s Chef local mode, and does not support the following functionality present in Chef Infra Client / server configurations:

  • Centralized distribution of cookbooks
  • A centralized API that interacts with and integrates infrastructure components
  • Authentication or authorization

Detail Guide and Tutorials of Chef Solo

The chef executable is a command-line tool which Generates applications, cookbooks, recipes, attributes, files, templates, and custom resources (LWRPs) and Ensures that RubyGems are downloaded properly for the chef-client development environment along with Verifies that all components are installed and configured correctly

knife is a command-line tool that provides an interface between a local chef-repo and the Chef server. knife helps users to manage Nodes, Cookbooks and recipes, Roles, Environments, and Data Bags, Resources within various cloud environments, The installation of the chef-client onto nodes, Searching of indexed data on the Chef server

Chef Client
The Chef client works with the Chef server to bring nodes to their desired states with policies you provide as recipes. The chef-client executable can be run as a daemon. A chef-client is an agent that runs locally on every node that is under management by Chef. When a chef-client is run, it will perform all of the steps that are required to bring the node into the expected state, including:

  • Registering and authenticating the node with the Chef server
  • Building the node object
  • Synchronizing cookbooks
  • Compiling the resource collection by loading each of the required cookbooks, including recipes, attributes, and
  • all other dependencies
  • Taking the appropriate and required actions to configure the node
  • Looking for exceptions and notifications, handling each as required

Chef Development Kit
The Chef development kit contains all you need to develop and test your infrastructure, built by the awesome Chef community. Chef Development Kit has following Component installed…

  • fauxhai
  • kitchen-vagrant
  • openssl
  • delivery-cli
  • test-kitchen
  • git
  • berkshelf
  • chefspec
  • knife-spork
  • inspec
  • tk-policyfile-provisioner
  • opscode-pushy-client
  • chef-dk
  • chef-sugar
  • chef-client
  • generated-cookbooks-pass-chefspec
  • chef-provisioning
  • package installation

Chef Server
The Chef server makes it easy to automate your infrastructure, manage scale and complexity, and safeguard your systems.

Chef Server has following tools which should be running…

  • bookshelf
  • nginx
  • oc_bifrost
  • oc_id
  • opscode-erchef
  • opscode-expander
  • opscode-solr4
  • postgresql
  • rabbitmq
  • redis_lb

InSpec is an open-source testing framework for infrastructure with a human- and machine-readable language for specifying compliance, security and policy requirements.

Push Jobs Client
The Push Jobs client communicates with the Push Jobs server, which extends the Chef Server to allow you to execute commands across hundreds or even thousands of nodes in your Chef-managed infrastructure.

Push Jobs Server
The Push Jobs server add-on, along with its associated client, extends the Chef Server to allow you to execute commands across hundreds or even thousands of nodes in your Chef-managed infrastructure.

Supermarket is an artifact repository that makes it easy to browse, use, and share communal cookbooks and tools within your organization.

Chef Automate
One platform with a unified workflow, end-to-end visibility, and automated compliance over your entire Chef ecosystem.

Chef Compliance
Assess and monitor infrastructure compliance and use InSpec compliance profiles to validate that production servers are properly configured.

Chef Backend
Chef High Availability makes it easy to build high-availability Chef clusters on any infrastructure.

Chef Manage
Chef Manage is an Enterprise Chef add-on that enables a web-based user interface for visualizing and managing nodes, data bags, roles, environments, cookbooks and role-based access control (RBAC).

Kitchen or Test Kitchen
kitchen is the command-line tool for Kitchen, an integration testing tool used by the chef-client. Kitchen runs tests against any combination of platforms using any combination of test suites. Each test, however, is done against a specific instance, which is comprised of a single platform and a single set of testing criteria.

“Test Kitchen is an integration tool for developing and testing infrastructure code and software on isolated target platforms.” It creates test machines, converges them, and runs post-convergence tests against them to verify their state. Test Kitchen is written in Ruby. It has a plugin system for supporting machine creation through a variety of virtual machine technologies such as vagrant, EC2, docker, and several others. Test Kitchen makes it easy for Chef developers to test cookbooks on a variety of platforms. It uses busser to install post-convergence integration test tools such as Serverspec or BATS that actually perform the tests.

Foodcritic is a helpful lint tool you can use to check your Chef cookbooks for common problems.

ChefSpec is a framework that tests resources and recipes as part of a simulated chef-client run. ChefSpec tests execute very quickly. When used as part of the cookbook authoring workflow, ChefSpec tests are often the first indicator of problems that may exist within a cookbook.
ChefSpec is packaged as part of the Chef development kit. To run ChefSpec
$ chef exec rspec

Rubocop is a Ruby command-line tool that performs lint and style checks based on the community driven Ruby Style Guide. It performs static analysis of any Ruby code, which includes Chef recipes, resources, library helpers, and so forth. Rubocop can be configured via .rubocop.yml to exclude certain rules, and it can be run with “–lint” to perform only lint checking, excluding all style checks. Rubocop is used in the Chef community in cookbooks to make contributions more consistent and easier to manage.

Serverspec is an “outside-in” integration test framework. It is platform and tool agnostic, and is used by other configuration management systems to verify systems are configured as desired. It checks the actual state of the target node by executing commands locally, via SSH, via WinRM, or other remote transports. Serverspec is implemented in RSpec, and uses RSpec test syntax.

Rajesh Kumar
Follow me
Notify of
Inline Feedbacks
View all comments
Would love your thoughts, please comment.x