infra-hero
Chef Infra

Chef Infra Client Developer Resources

Chef Infra Client is an open-source infrastructure as code (IAC) tool for reducing manual and repetitive tasks for Windows, Linux, Mac and *nix systems.

New! See what's new in Chef Infra Client 17

Learn

Take advantage of free and flexible online learning resources.

Connect

Join the conversation on the Chef Community Slack and Discourse.

Contribute

Read the First Time Contributor guide and start submitting your ideas.

Join us

View upcoming webinars, meetups, and other user events.

Chef Infrastructure as Code Software

Chef Infra Client is an open-source infrastructure as code tool for automating the creation of configuration policies that are flexible, versionable, testable, and human readable. Systems managed by Chef Infra Client are continuously evaluated against their desired state, ensuring that configuration drift is automatically corrected, and configuration changes are universally applied.

Chef Infra can be used for

Infrastructure as Code (IAC) System Hardening DevOps and Cloud Automation Incident Management

Infrastructure as Code (IAC)

Express your infrastructure configuration as code, and make your systems testable, portable, and auditable. Give your teams the freedom to focus on building new innovations, rather than on solving problems that have already been solved in the past. Automate your systems’ adherence to declared desired state and focus on solving the most important problems that your teams face.

infra-config infra-config-mobile

System Hardening

Applying OSes and patches, deploying core libraries to these Operating Systems, deploying apps into these images, and finally scanning everything for known vulnerabilities. Keep these patches, libraries and apps automatically updated. Leverage a rich set of APIs as well as the CLI to integrate with other tools. 

# remove write permissions from path folders ($PATH) for all regular users  
# this prevents changing any system-wide command from normal users  

paths = %w[/usr/local/sbin /usr/local/bin /usr/sbin /usr/bin /sbin /bin] + node['os-hardening']['env']['extra_user_paths']  

paths.each do |folder|  

execute "remove write permission from #{folder}" do  
  command "chmod go-w -R #{folder}"
  not_if "find #{folder}  -perm -go+w -type f | wc -l | egrep '^0$'"
end

DevOps and Cloud Automation

Integrate with tools across the DevOps toolchain, including source code and artifact repositories (GitHub, GitLab, Atlassian BitBucket), CI/CD tools (Cloudbees/Jenkins, CircleCI, Azure DevOps), provisioning (HashiCorp Terraform, Packer, Vagrant, Vault). Work with any cloud resource manager, including Azure Resource Manager and AWS CloudFormation. Multi-cloud automation enabled via integrations with provisioning tools like Terraform.

infra-devopscloud infra-devopscloud-mobile

Incident Management

View a summary or detailed view to look at a node/app status or troubleshoot errors. Filter down to classes of nodes or classes of errors to isolate data. Display notifications on a per-node, per-failure basis, or configured for alerts to chat, to webhook endpoints, or to ServiceNow.

infra-node-integrations

Getting started

Install Chef Workstation

Start working with Chef Infra Client by installing Chef Workstation (formerly ChefDK) on any Windows, Mac or Linux machine where you do your work. Chef Workstation provides chef, knife, Test Kitchen and all the tools you need to start defining configurations as code on local or remote servers, virtual machines and containers.

~$ chef --version
Chef Workstation version: 21.1.233
Chef Infra Client version: 16.9.20
Chef InSpec version: 4.24.32
Chef CLI version: 3.0.35
Chef Habitat version: 1.6.181
Test Kitchen version: 2.9.0
Cookstyle version: 7.5.3

Create a Project Repo

Working with Chef Infra Client starts with creating workspaces that provide flexibility to manage a wide variety of configurations, policies, node lists and much more from your workstation. The chef generate repo <repo> and chef generate cookbook <cookbook_name> the context for your configuration management projects and creates initial files and folders to keep everything in order. 

~$ chef generate cookbook try_chef_infra
Generating cookbook try_chef_infra
- Ensuring correct cookbook content 
- Committing cookbook files to git 

Your cookbook is ready. Type `cd try_chef_infra` to enter it. 

There are several commands you can arun to get started locally developing and testing your cookbook. 
Type `delivery local --help` to see a full list of local testing commands.

Why not start by writing an InSpec test? Tests for the default recipe are stored at: 

test/integration/default/default_test.rb

If you would prefer to dive right in, the default recipe can be found at: 

recipes/default.rb

Create Recipes

Chef Infra Client recipes contain lists of files, packages, services, users and other resources you want to configure on your managed hosts. You can run ad hoc chef-run actions from the command line for testing or add plain-language commands to your recipes when you move to production. 

package "emacs" do
    action: install
end

~$ chef-run host1.example.com ./recipes/default.rb

~$ chef-run host1.example.com package emacs --user myusername --password mypassword

[✓] Packaging cookbook... done! 
[✓] Generating local policyfile... exporting... done!
[✓] Applying package[emacs] from resource to target. 
|-- [✓] [host1.example.com] Successfully converged packing[emacs].

Test and Explore

Whether you’re new to Chef Infra Client or a seasoned pro, you can use Test Kitchen to test and run recipes, try publicly available cookbooks and policy configurations from the Chef Supermarket, and even create entire test environments using Vagrant, Docker, GCE, EC2, Azure and other familiar resources. 

---
driver: 
  name: vagrant # Or dokken, azurerm, ec2, docker, etc

provisioner: 
  name: chef_zero
  product_name: chef
  product_version: 14.12.9
  client_rb: 
    chef_license: accept

verifier: 
  name: inspec

platforms: 
  - name: ubunto-18.04
  - name: centos-8 

suites: 
  - name: default 
    verifier: 
      inspec_tests: 
        -test/integration/default
    attributes:

Enterprise Scale and Support

Chef Automate provides enterprise management and observability capabilities and is included with every Chef Subscription. Automate offers visual UIs, real-time interactive dashboards, role-based access controls, third-party integrations, data APIs, and much more. Automate enables Infrastructure, DevOps, Security, Cloud and Release teams to easily collaborate and get work done, all while maintaining an auditable history of changes to systems environments.

In addition, Chef Automate can be used to install Chef Infra Server either for a single-host installation that contains both Chef Infra Server and Chef Automate, or for a standalone Chef Infra Server instance. Chef Automate also provides a graphical management console for the Chef Infra Server.

scale_and_support_illustration

Chef Infra Ecosystem

Chef Workstation

Chef Workstation packages all the tools necessary to be successful with Chef Infra and InSpec.

Test Kitchen

Test Kitchen is an open source integration tool pioneered by Chef for developing and testing infrastructure code and software on isolated target platforms.

Chef Supermarket

Chef Supermarket is the site for community cookbooks. It provides an easily searchable cookbook repository and a friendly web UI.

Chef Cookstyle

Chef Cookstyle is a code linting tool that helps you write better Chef Infra cookbooks by detecting and automatically correcting style, syntax, and logic mistakes in your code.

Self-learning tutorials

Community resources

Infra highlights from our Blog

blog-icon-6

Chef Community Recognition Program and Live Celebration

Read more
blog-march-23-launch

Chef Announcements: New EAS Release, Chef Infra Client 17 and Community Celebration Event

Read more
blog-infrastructure

Goodbye ChefDK, Hello Chef Workstation

Read more
View all posts
About
Meet
Resources
Legal
Connect with us
Contact Us