Skip to main content

Site Map

[edit on GitHub]

This is the documentation for:

  • Chef Automate
  • Chef Desktop
  • Chef Infra Client
  • Chef Infra Server
  • Chef InSpec
  • Chef Workstation
  • related tools

Documentation for other Chef products:

This page has links to each topic in this doc set. You can also use the navigation tool or the search box to find what you’re looking for.

If you are new to Chef Infra, we highly recommend the Manage Your Fleet with Chef Infra course on Learn Chef to familiarize yourself with Chef Infra concepts.

If you need documentation for previous versions, see the Docs Archive.

Overview

Platform Overview

Community

About the Community | Contributing | Guidelines | Docs Style Guide | Send Feedback

Packages & Platforms

Packages | Platforms | Supported Versions | Chef Software Install Script | Omnitruck API

Licensing : About Licensing | Accepting License

Chef Compliance

About Chef Compliance | Chef Compliance Guide

Effortless Pattern

Effortless Overview | Quick Start | Effortless Audit | Effortless Config | Variables and Config | What is Scaffolding

Chef Infra

Getting Started

Chef Infra Overview | Quick Start | System Requirements

Chef on Azure Guide : Microsoft Azure | Chef Workstation in Azure Cloud Shell | Microsoft Azure PowerShell | Microsoft Azure Chef Extension | Knife Azure | Knife Azurerm

Chef on Windows Guide : Chef for Microsoft Windows | Chef Infra Client on Windows | Knife Windows

| Chef and Terraform | Glossary | Uninstall

Concepts

Chef Infra Client Overview | Chef Infra Server Overview | chef-repo | Cookbooks | Custom Resources | Nodes

Policy : About Policy | About Policyfiles | Policyfile.rb | Data Bags | Run-lists | Environments | Roles

| Secrets | Authentication | Authorization

Supermarket : Supermarket | Public Supermarket | Private Supermarket | Share Cookbooks

Features

Chef Solo : About Chef Solo | chef-solo (executable) | solo.rb

Ohai : About Ohai | ohai (executable)

| FIPS | Handlers

Management Console : About the Management Console | Configure SAML | Clients | Cookbooks | Data Bags | Environments | Nodes | Roles | Users | manage.rb | chef-manage-ctl

| Push Jobs | Search | Troubleshooting

Setup

Nodes : Install via Bootstrap | chef-client (executable) | client.rb | Upgrades | Security

Chef Infra Server : | Install Chef Infra Server | Install Standalone | Chef Infra Server Prerequisites | Tiered Installation | Install High Availability

| Working with Proxies | Air-gapped Installation | FIPS-mode

Integrations : AWS Marketplace | Google Cloud Platform | VMware

Supermarket : | Install Private Supermarket | Customize Supermarket | supermarket.rb Settings | Backup and Restore | Log Files | Monitoring | knife supermarket | supermarket-ctl | Supermarket API

| Push Jobs

Cookbook Reference

About Cookbooks | Attributes | Files | Libraries

Recipes : About Recipes | Debug Recipes, Client Runs

Recipe DSL : DSL Overview | attribute? | cookbook_name | data_bag | data_bag_item | declare_resource | delete_resource | delete_resource! | edit_resource | edit_resource! | find_resource | find_resource! | platform? | platform_family? | reboot_pending? | recipe_name | resources | search | shell_out | shell_out! | tag, tagged?, untag | value_for_platform | value_for_platform_family | with_run_context | Windows Platform | registry_data_exists? | registry_get_subkeys | registry_get_values | registry_has_subkeys? | registry_key_exists? | registry_value_exists? | Log Entries

| Custom Resources DSL

Resources : About Resources | Common Resource Functionality | Migrating from Definitions | Custom Resources | Custom Resource Guide | All Resources (Single Page) | alternatives | apt_package | apt_preference | apt_repository | apt_update | archive_file | bash | batch | bff_package | breakpoint | build_essential | cab_package | chef_acl | chef_client | chef_client_cron | chef_client_launchd | chef_client_scheduled_task | chef_client_systemd_timer | chef_client_trusted_certificate | chef_container | chef_data_bag | chef_data_bag_item | chef_environment | chef_gem | chef_group | chef_handler | chef_node | chef_organization | chef_role | chef_sleep | chef_user | chef_vault_secret | chocolatey_config | chocolatey_feature | chocolatey_package | chocolatey_source | cookbook_file | cron | cron_access | cron_d | csh | directory | dmg_package | dnf_package | dpkg_package | dsc_resource | dsc_script | execute | file | freebsd_package | gem_package | git | group | homebrew_cask | homebrew_package | homebrew_tap | homebrew_update | hostname | http_request | ifconfig | ips_package | kernel_module | ksh | launchd | link | locale | log | macos_userdefaults | macports_package | mdadm | mount | msu_package | notify_group | ohai | ohai_hint | openbsd_package | openssl_dhparam | openssl_ec_private_key | openssl_ec_public_key | openssl_rsa_private_key | openssl_rsa_public_key | openssl_x509_certificate | openssl_x509_crl | openssl_x509_request | osx_profile | package | pacman_package | paludis_package | perl | plist | portage_package | powershell_package | powershell_package_source | powershell_script | python | reboot | registry_key | remote_directory | remote_file | rhsm_errata | rhsm_errata_level | rhsm_register | rhsm_repo | rhsm_subscription | route | rpm_package | ruby | ruby_block | script | service | smartos_package | snap_package | solaris_package | ssh_known_hosts_entry | subversion | sudo | swap_file | sysctl | systemd_unit | template | timezone | user | user_ulimit | windows_ad_join | windows_audit_policy | windows_auto_run | windows_certificate | windows_dfs_folder | windows_dfs_namespace | windows_dfs_server | windows_dns_record | windows_dns_zone | windows_env | windows_feature | windows_feature_dism | windows_feature_powershell | windows_firewall_profile | windows_firewall_rule | windows_font | windows_package | windows_pagefile | windows_path | windows_printer | windows_printer_port | windows_security_policy | windows_service | windows_share | windows_shortcut | windows_task | windows_uac | windows_user_privilege | windows_workgroup | yum_package | yum_repository | zypper_package | zypper_repository

| Templates | Cookbook Repo | metadata.rb | Cookbook Versioning | Ruby Guide

Managing Chef Infra Server

Runbook (Single Page) | Backup & Restore | Backend Failure Recovery | Firewalls & Ports | Active Directory & LDAP | Log Files | Monitor | Organizations & Groups | Security | Services | Tuning | Upgrades | Upgrade HA Cluster | Users | chef-server-ctl | chef-server.rb | Chef Infra Server Optional Settings | chef-backend-ctl | chef-backend.rb | opscode-expanderctl | Chef Infra Server API

Push Jobs : knife push jobs | push-jobs-client | push-jobs-client.rb | push-jobs-server.rb | Push Jobs API | Chef Infra Server Sent Events

| Deprecations

Chef Workstation

About Chef Workstation | Privacy and Telemetry | Install Chef Workstation | Upgrade Lab

Chef Workstation Tools

Berkshelf

chef (executable) : chef executable (full page) | chef capture | chef env | chef exec | chef gem | chef generate attribute | chef generate cookbook | chef generate file | chef generate recipe | chef generate repo | chef generate resource | chef generate template | chef report cookbooks | chef report nodes | chef shell-init

| chef-apply (executable) | chef-run (executable) | chef-shell (executable) | chef-vault (executable) | ChefSpec | Chef Workstation App | config.rb (knife.rb) | Optional config.rb Settings | Cookstyle | Delivery CLI | Foodcritic

Test Kitchen : About Test Kitchen | kitchen (executable) | kitchen.yml | kitchen-vagrant

Knife : About Knife | Setting up Knife | Knife Common Options | config.rb (knife.rb) | knife azure | knife azurerm | knife bootstrap | knife client | knife configure | knife cookbook | knife cookbook site | knife data bag | knife delete | knife deps | knife diff | knife download | knife edit | knife environment | knife exec | knife list | knife node | knife opc | knife raw | knife recipe list | knife role | knife search | knife serve | knife show | knife ssh | knife ssl_check | knife ssl_fetch | knife status | knife supermarket | knife tag | knife upload | knife user | knife windows | knife xargs

| push-jobs-client (executable) | Getting Started | Configure Chef Workstation | Troubleshooting

Chef Desktop

About Chef Desktop | Chef Desktop Requirements | Install Chef Components | Chef Desktop Development Environment | The Chef Desktop Development Pattern | Zero Touch Deployment for macOS and Windows on Azure | Zero Touch Deployment with MicroMDM for macOS | Chef Desktop Cookbook Reference

Resources

All Resources (Single Page) | chef_client_launchd | macos_admin_control | macos_app_management | macos_automatic_logout | macos_automatic_software_updates | macos_desktop_screensaver | macos_disk_encryption | macos_firewall | macos_password_policy | macos_power_management | rescue_account | windows_admin_control | windows_app_management | windows_automatic_logout | windows_defender | windows_defender_exclusion | windows_desktop_screensaver | windows_desktop_winrm_settings | windows_disk_encryption | windows_firewall | windows_password_policy | windows_power_management | windows_update_settings

Chef Habitat

Documentation | Learn Chef Habitat

Chef InSpec

Chef InSpec Overview | Install and Uninstall | Chef InSpec for the Cloud | Chef InSpec and Friends | Chef InSpec Glossary

Chef InSpec Reference

InSpec Executable | Profiles | Inputs | Matchers | Reporters | Configuration | Chef InSpec DSL | Profile Style Guide | Custom Resources | Plugins | kitchen-inspec | InSpec Shell | Chef Habitat Integration | Migration from Serverspec | Waivers

Chef InSpec Resources

InSpec Resources (Single Page)

OS Resources : aide_conf | apache | apache_conf | apt | audit_policy | auditd | auditd_conf | bash | bond | bridge | bsd_service | chocolatey_package | command | cpan | cran | crontab | csv | dh_params | directory | docker | docker_container | docker_image | docker_plugin | docker_service | elasticsearch | etc_fstab | etc_group | etc_hosts | etc_hosts_allow | etc_hosts_deny | file | filesystem | firewalld | gem | group | groups | grub_conf | host | http | iis_app | iis_site | inetd_conf | ini | interface | interfaces | ip6tables | iptables | json | kernel_module | kernel_parameter | key_rsa | launchd_service | limits_conf | login_defs | mount | mssql_session | mysql_conf | mysql_session | nginx | nginx_conf | npm | ntp_conf | oneget | oracledb_session | os | os_env | package | packages | parse_config | parse_config_file | passwd | pip | port | postfix_conf | postgres_conf | postgres_hba_conf | postgres_ident_conf | postgres_session | powershell | processes | rabbitmq_config | registry_key | runit_service | security_identifier | security_policy | service | shadow | ssh_config | sshd_config | ssl | sys_info | systemd_service | sysv_service | upstart_service | user | users | vbscript | virtualization | windows_feature | windows_firewall | windows_firewall_rule | windows_hotfix | windows_task | wmi | x509_certificate | xinetd_conf | xml | yaml | yum | zfs_dataset | zfs_pool

AWS Resources : aws_alb | aws_albs | aws_auto_scaling_group | aws_auto_scaling_groups | aws_cloudformation_stack | aws_cloudtrail_trail | aws_cloudtrail_trails | aws_cloudwatch_alarm | aws_cloudwatch_log_group | aws_cloudwatch_log_metric_filter | aws_config_delivery_channel | aws_config_recorder | aws_db_subnet_group | aws_db_subnet_groups | aws_dhcp_options | aws_dynamodb_table | aws_ebs_volume | aws_ebs_volumes | aws_ec2_instance | aws_ec2_instances | aws_ecr | aws_ecr_image Resource | aws_ecr_images | aws_ecr_repositories | aws_ecr_repository | aws_ecs_cluster | aws_ecs_clusters | aws_efs_file_system | aws_efs_file_systems | aws_eks_cluster | aws_eks_clusters | aws_elasticache_cluster | aws_elasticache_cluster_node | aws_elasticache_clusters | aws_elb | aws_elbs | aws_flow_log | aws_hosted_zone | aws_hosted_zones | aws_iam_access_key | aws_iam_access_keys | aws_iam_account_alias | aws_iam_group | aws_iam_groups | aws_iam_inline_policy | aws_iam_password_policy | aws_iam_policies | aws_iam_policy | aws_iam_role | aws_iam_roles | aws_iam_root_user | aws_iam_saml_provider | aws_iam_saml_providers | aws_iam_user | aws_iam_users | About the aws_internet_gateway Resource | aws_internet_gateways | aws_kms_key | aws_kms_keys | aws_lambda | aws_lambdas | aws_launch_configuration | aws_nat_gateway | aws_nat_gateways | aws_organizations_member | aws_rds_cluster | aws_rds_clusters | aws_rds_instance | aws_rds_instances | aws_region | aws_regions | aws_route_table | aws_route_tables | aws_s3_bucket | aws_s3_bucket_object | aws_s3_buckets | aws_security_group | aws_security_groups | aws_sns_subscription | aws_sns_topic | aws_sns_topics | aws_sqs_queue | aws_sqs_queues | aws_ssm_parameter | aws_ssm_parameters | aws_sts_caller_identity | aws_subnet | aws_subnets | aws_transit_gateway | aws_vpc | aws_vpcs

Azure Resources : azure_generic_resource | azure_resource_group | azure_virtual_machine | azure_virtual_machine_data_disk | azurerm_ad_user | azurerm_ad_users | azurerm_aks_cluster | azurerm_aks_clusters | azurerm_cosmosdb_database_account | azurerm_event_hub_authorization_rule | azurerm_event_hub_event_hub | azurerm_event_hub_namespace | azurerm_iothub | azurerm_iothub_event_hub_consumer_group | azurerm_iothub_event_hub_consumer_groups | azurerm_key_vault | azurerm_key_vault_key | azurerm_key_vault_keys | azurerm_key_vault_secret | azurerm_key_vault_secrets | azurerm_key_vaults | azurerm_load_balancer | azurerm_load_balancers | azurerm_locks | azurerm_management_group | azurerm_management_groups | azurerm_monitor_activity_log_alert | azurerm_monitor_activity_log_alerts | azurerm_monitor_log_profile | azurerm_monitor_log_profiles | azurerm_mysql_database | azurerm_mysql_databases | azurerm_mysql_server | azurerm_mysql_servers | azurerm_network_interface | azurerm_network_interfaces | azurerm_network_security_group | azurerm_network_security_groups | azurerm_network_watcher | azurerm_network_watchers | azurerm_postgresql_database | azurerm_postgresql_databases | azurerm_postgresql_server | azurerm_postgresql_servers | azurerm_resource_groups | azurerm_role_definition | azurerm_role_definitions | azurerm_security_center_policies | azurerm_security_center_policy | azurerm_sql_database | azurerm_sql_databases | azurerm_sql_server | azurerm_sql_servers | azurerm_storage_account_blob_container | azurerm_storage_account_blob_containers | azurerm_subnet | azurerm_subnets | azurerm_subscription | azurerm_virtual_machine | azurerm_virtual_machine_disk | azurerm_virtual_machine_disks | azurerm_virtual_machines | azurerm_virtual_network | azurerm_virtual_networks | azurerm_webapp | azurerm_webapps

GCP Resources : google_access_context_manager_access_policies | google_access_context_manager_access_policy | google_access_context_manager_service_perimeter | google_access_context_manager_service_perimeters | google_appengine_standard_app_version | google_appengine_standard_app_versions | google_bigquery_dataset | google_bigquery_datasets | google_bigquery_table | google_bigquery_tables | google_billing_project_billing_info | google_cloud_scheduler_job | google_cloud_scheduler_jobs | google_cloudbuild_trigger | google_cloudbuild_triggers | google_cloudfunctions_cloud_function | google_cloudfunctions_cloud_functions | google_compute_address | google_compute_addresses | google_compute_autoscaler | google_compute_autoscalers | google_compute_backend_bucket | google_compute_backend_buckets | google_compute_backend_service | google_compute_backend_services | google_compute_disk | google_compute_disks | google_compute_firewall | google_compute_firewalls | google_compute_forwarding_rule | google_compute_forwarding_rules | google_compute_global_address | google_compute_global_addresses | google_compute_global_forwarding_rule | google_compute_global_forwarding_rules | google_compute_health_check | google_compute_health_checks | google_compute_http_health_check | google_compute_http_health_checks | google_compute_https_health_check | google_compute_https_health_checks | google_compute_image | google_compute_instance | google_compute_instance_group | google_compute_instance_group_manager | google_compute_instance_group_managers | google_compute_instance_groups | google_compute_instance_template | google_compute_instance_templates | google_compute_instances | google_compute_network | google_compute_network_endpoint_group | google_compute_network_endpoint_groups | google_compute_networks | google_compute_node_group | google_compute_node_groups | google_compute_node_template | google_compute_node_templates | google_compute_project_info | google_compute_region | google_compute_region_backend_service | google_compute_region_backend_services | google_compute_region_instance_group_manager | google_compute_region_instance_group_managers | google_compute_regional_disk | google_compute_regions | google_compute_route | google_compute_router | google_compute_router_nat | google_compute_router_nats | google_compute_routers | google_compute_routes | google_compute_security_policies | google_compute_security_policy | google_compute_snapshot | google_compute_snapshots | google_compute_ssl_certificate | google_compute_ssl_certificates | google_compute_ssl_policies | google_compute_ssl_policy | google_compute_subnetwork | google_compute_subnetwork_iam_binding | google_compute_subnetwork_iam_policy | google_compute_subnetworks | google_compute_target_http_proxies | google_compute_target_http_proxy | google_compute_target_https_proxies | google_compute_target_https_proxy | google_compute_target_pool | google_compute_target_pools | google_compute_target_tcp_proxies | google_compute_target_tcp_proxy | google_compute_url_map | google_compute_url_maps | google_compute_vpn_tunnel | google_compute_vpn_tunnels | google_compute_zone | google_compute_zones | google_container_cluster | google_container_clusters | google_container_node_pool | google_container_node_pools | google_container_regional_cluster | google_container_regional_clusters | google_container_regional_node_pool | google_container_regional_node_pools | google_dataproc_cluster | google_dataproc_clusters | google_dns_managed_zone | google_dns_managed_zones | google_dns_resource_record_set | google_dns_resource_record_sets | google_filestore_instance | google_filestore_instances | google_iam_custom_role | google_iam_custom_roles | google_iam_organization_custom_role | google_iam_organization_custom_roles | google_iam_service_account | google_iam_service_account_key | google_iam_service_account_keys | google_iam_service_accounts | google_kms_crypto_key | google_kms_crypto_key_iam_binding | google_kms_crypto_key_iam_bindings | google_kms_crypto_key_iam_policy | google_kms_crypto_keys | google_kms_key_ring | google_kms_key_ring_iam_binding | google_kms_key_ring_iam_bindings | google_kms_key_ring_iam_policy | google_kms_key_rings | google_logging_folder_exclusion | google_logging_folder_exclusions | google_logging_folder_log_sink | google_logging_folder_log_sinks | google_logging_organization_log_sink | google_logging_organization_log_sinks | google_logging_project_exclusion | google_logging_project_exclusions | google_logging_project_sink | google_logging_project_sinks | google_ml_engine_model | google_ml_engine_models | google_organization | google_organization_iam_binding | google_organization_iam_policy | google_organization_policy | google_organizations | google_project | google_project_alert_policies | google_project_alert_policy | google_project_alert_policy_condition | google_project_iam_binding | google_project_iam_bindings | google_project_iam_custom_role | google_project_iam_custom_roles | google_project_iam_policy | google_project_logging_audit_config | google_project_metric | google_project_metrics | google_project_service | google_project_services | google_projects | google_pubsub_subscription | google_pubsub_subscription_iam_binding | google_pubsub_subscription_iam_policy | google_pubsub_subscriptions | google_pubsub_topic | google_pubsub_topic_iam_binding | google_pubsub_topic_iam_policy | google_pubsub_topics | google_redis_instance | google_redis_instances | google_resourcemanager_folder | google_resourcemanager_folder_iam_binding | google_resourcemanager_folder_iam_policy | google_resourcemanager_folders | google_resourcemanager_organization_policy | google_resourcemanager_project_iam_binding | google_resourcemanager_project_iam_policy | google_runtime_config_config | google_runtime_config_config_iam_binding | google_runtime_config_config_iam_policy | google_runtime_config_configs | google_runtime_config_variable | google_runtime_config_variables | google_service_account | google_service_account_key | google_service_account_keys | google_service_accounts | google_sourcerepo_repositories | google_sourcerepo_repository | google_spanner_database | google_spanner_databases | google_spanner_instance | google_spanner_instance_iam_binding | google_spanner_instance_iam_policy | google_spanner_instances | google_sql_database_instance | google_sql_database_instances | google_sql_user | google_sql_users | google_storage_bucket | google_storage_bucket_acl | google_storage_bucket_iam_binding | google_storage_bucket_iam_bindings | google_storage_bucket_iam_policy | google_storage_bucket_object | google_storage_bucket_objects | google_storage_buckets | google_storage_default_object_acl | google_storage_object_acl | google_user | google_users

Habitat Resources : habitat_package | habitat_packages | habitat_service | habitat_services

Chef Automate

Getting Started

Quick Start Demo | System Requirements | Install Guide | Airgapped Installation | Install Chef Habitat Builder On-prem | Install Chef Infra Server With Automate | Migrate from Chef Automate 1 | Backup & Restore | Restore

Configuring Automate

Configuration | Data Collection | LDAP | Log Management | SAML | Telemetry

Applications

Chef EAS | Setting up the Applications Dashboard | Applications Dashboard | Event Feed | Desktop Dashboard | Client Runs

Compliance

Reports | Scan Jobs | Profiles | Nodes

Settings

Notifications | Data Feeds | Data Lifecycle | Node Integrations | Node Credentials | Users | Teams | API Tokens | Policies | Roles | Projects

Authorization

IAM Overview | IAM Users Guide | IAM Actions | Troubleshooting

Reference

Architecture | Chef Automate API | chef-automate CLI | Monitoring Chef Automate | ServiceNow Integration | Feature Flags

Workflow (Deprecated)

Workflow Overview | Upgrade Workflow | Build Cookbook | Delivery Truck | Dependencies | Publish Cookbooks | Runners | Secrets

Release Notes

Chef Automate | Chef InSpec | Chef Workstation | Chef Infra Client | Chef Infra Server | Chef Manage | Chef Push Jobs

Legacy

Workflow

Workflow Basics : Workflow Overview | Configure a Pipeline | Configure a Project | Configure Data Collection | Data Collection with Chef HA | Data Collection without Chef Infra Server | Audit Cookbook

Managing Workflow : build-cookbook (cookbook) | delivery-truck (cookbook) | Manage Dependencies | Manage Secrets | Publish to Multiple Chef Infra Servers | Runners | Workflow w/Bitbucket | Workflow w/Email (SMTP) | Workflow w/GitHub | Workflow w/Slack | Users and Roles | Authentication w/LDAP | Authentication w/SAML | Elasticsearch and Kibana Auth | Delivery Server Backup | Delivery Disaster Recovery | Tuning

Reference : Delivery CLI | delivery.rb | delivery.rb Optional Settings | Workflow DSL

| Chef Automate CTL (Deprecated) | AWS OpsWorks for Chef Automate | Chef Automate for Microsoft Azure

Extension APIs

Handlers

Custom Handlers | Handler DSL | Community Handlers | Compliance DSL

Knife Plugins

Cloud Plugins | Writing Custom Plugins

Ohai Plugins

Custom Plugins | Community Plugins Send Feedback