• Stars
    star
    524
  • Rank 84,541 (Top 2 %)
  • Language
    Ruby
  • License
    Apache License 2.0
  • Created about 11 years ago
  • Updated about 5 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A library for creating machines and infrastructures idempotently in Chef.

Chef Provisioning was officially end-of-life on August 31, 2019 and is no longer included with Chef DK. The Chef Provisioning source code and drivers have been moved into the chef-boneyard organization. If you are a current user of Chef Provisioning, please contact your Chef Customer Success Manager or Account Representative to review your options.

Chef Provisioning

Status Gem Version

Please join us in Slack by signing up at http://community-slack.chef.io/ and joining #chef-provisioning

Overview

Chef Provisioning is a Cookbook and Recipe based approach for managing your infrastructure. Users can codify their infrastructure and use Chef to converge their infrastructure to the desired state. It has a plugin model (called Drivers) to manage different infrastructures, including AWS, Azure and Fog.

Chef Provisioning is maintained according to the Chef Maintenance Policy.

Drivers

Due to the age and engagement level with different Drivers they have fallen into two categories - maintained and unmaintained.

Maintained drivers have a representative in the maintenance policy and get triaged / discussed during office hours. They are

AWS Fog
Gem Version Gem Version

Maintained by Chef-Partners:

Maintained, not by Chef:

Unmaintained Drivers are at risk of becoming stale. They are:

Target Audience

Chef Provisioning is a good fit for people who use or want to use the Chef ecosystem to manage their infrastructure. Infrastructure is represented as Chef Resources and managed in Chef Recipes and Cookbooks. These recipes run on a provisioner node and attempt to converge the infrastructure idempotently. The AWS driver is the most used, the most tested and receives the most updates.

Chef Provisioning and its Drivers are maintained by the open source community. They currently have a slow tempo for issue triage and pull request merging. Troubleshooting a bug may require stepping through the Ruby Chef codebase and engaging the community.

If you are new to Chef and Chef Provisioning, learning both can be daunting. If you are not familiar with Ruby as well, double the learning curve. Successful provisioning users know how they want to manage their cookbooks. Generally this is some CI/CD pipeline.

Chef is very flexible which allows customized provisioning solutions at the cost of high complexity. This makes it hard to document all the possible use cases. Patterns (for example, how to manage the provisioning node and run the provisioning recipes) are not well documented.

Chef Provisioning should be used to manage infrastructure (CRUD operations) and register Chef nodes with the server for the first time only. Other use cases (like scheduling chef runs, node inventory or reporting) are not supported.

Documentation

These are the primary documents to help learn about using Provisioning and creating Provisioning drivers:

Media

This video explains the basics of chef-provisioning (though provisioners are now called drivers). Slides (more up to date) are here.

Date Blog
2014-12-15 Using Chef Provisioning to Build Chef Server
2014-11-12 Chef Launches Policy-Based Provisioning
2014-11-12 Chef Provisioning: Infrastructure As Code
2014-06-03 machine_batch and parallelization
2014-06-03 Chef Provisioning, Configuration and Drivers
2014-03-04 Chef Metal 0.2: Overview - this is a pretty good overview (though dated).
2013-12-20 Chef Metal Alpha

Try It Out

You can try out Chef Provisioning in many different flavors.

Vagrant

To give it a spin, install the latest ChefDK, Vagrant and VirtualBox. Run the following from the chef-provisioning/docs/examples directory:

export CHEF_DRIVER=vagrant
export VAGRANT_DEFAULT_PROVIDER=virtualbox
chef-client -z vagrant_linux.rb simple.rb

This will create two vagrant precise64 linux boxes, "mario" and "luigi1", in ~/machinetest, bootstrapped to an empty runlist. For Windows, you can replace myapp::linux with myapp::windows, but you'll need your own Windows vagrant box to do that (licensing!).

AWS

If you have an AWS account, you can spin up a machine there like this:

export CHEF_DRIVER=aws
chef-client -z simple.rb

This will create two linux boxes in the AWS account referenced by your default profile in ~/.aws/config (or your environment variables).

DigitalOcean

If you are on DigitalOcean and using the tugboat gem, you can do this:

export CHEF_DRIVER=fog:DigitalOcean
chef-client -z simple.rb

If you aren't using the tugboat gem, you can put driver and driver_options into your .chef/knife.rb file.

This will use your tugboat settings to create whatever sort of instance you normally create.

Cleaning up

When you are done with the examples, run this to clean up:

chef-client -z destroy_all.rb

What Is Chef Provisioning?

Chef Provisioning has two major abstractions: the machine resource, and drivers.

The machine resource

You declare what your machines do (recipes, tags, etc.) with the machine resource, the fundamental unit of Chef Provisioning. You will typically declare machine resources in a separate, OS/provisioning-independent file that declares the topology of your app--your machines and the recipes that will run on them.

The machine resources from the cluster.rb example are pretty straightforward. Here's a copy/paste:

# Database!
machine 'mario' do
  recipe 'postgresql'
  recipe 'mydb'
  tag 'mydb_master'
end

num_webservers = 1

# Web servers!
1.upto(num_webservers) do |i|
  machine "luigi#{i}" do
    recipe 'apache'
    recipe 'mywebapp'
  end
end

You will notice the dynamic nature of the number of web servers. It's all code, your imagination is the limit :)

Drivers

Drivers handle the real work of getting those abstract definitions into real, physical form. They handle the following tasks, idempotently (you can run the resource again and again and it will only create the machine once--though it may notice things are wrong and fix them!):

  • Acquiring machines from the cloud, creating containers or VMs, or grabbing bare metal
  • Connecting to those machines via ssh, winrm, or other transports
  • Bootstrapping chef onto the machines and converging the recipes you suggested

The driver API is separated out so that new drivers can be made with minimal effort (without having to rewrite ssh, tunneling, bootstrapping, and OS support). But to the user, they appear as a single thing, so that the machine acquisition can use its smarts to autodetect the other bits (transports, OS's, etc.).

Drivers save their data in the Chef node itself, so that they will be accessible to everyone who is using the Chef server to manage the nodes.

Machine options

You can pass machine options that will be used by machine, machine_batch and machine_image to configure the machine:

with_machine_options({
  convergence_options: {
    chef_version: "12.4.1",
    prerelease: false,
    chef_client_timeout: 120*60, # Default: 2 hours
    chef_config: { :log_level => :debug }, # Hash containing additional options to inject into client.rb, or String containing additional text to inject into client.rb
    chef_server: "http://my.chef.server/", # TODO could conflict with https://github.com/chef/chef-provisioning#pointing-boxes-at-chef-servers
    bootstrap_proxy: "http://localhost:1234",
    bootstrap_no_proxy: "localhost, *.example.com, my.chef.server",
    rubygems_url: "http://mirror.example.org",
    ssl_verify_mode: :verify_peer,
    client_rb_path: "/etc/chef/client.rb", # <- DEFAULT, overwrite if necessary
    client_pem_path: "/etc/chef/client.pem", # <- DEFAULT, overwrite if necessary
    allow_overwrite_keys: false, # If there is an existing client.pem this needs to be true to overwrite it
    private_key_options: {}, # TODO ????? Something to do with creating node object
    source_key: "", # ?????
    source_key_pass_phrase: "", # ?????
    source_key_path: "", # ?????
    public_key_path: "", # ?????
    public_key_format: "", # ?????
    admin: "", # ?????
    validator: "", # ?????
    ohai_hints: { :ec2 => { :key => :value } }, # Map from hint file name to file contents, this would create /etc/chef/ohai/hints/ec2.json,
    ignore_failure: [1, 5..10, SomeSpecificError], # If true don't let a convergence failure on provisioned machine stop the provisioning workstation converge.  Can also provide a single exit code to ignore (no array) or `true` to ignore all RuntimeErrors
    # The following are only available for Linux machines
    install_sh_url: "https://www.chef.io/chef/install.sh", # <- DEFAULT, overwrite if necessary
    install_sh_path: "/tmp/chef-install.sh", # <- DEFAULT, overwrite if necessary
    install_sh_arguments: "-P chefdk", # Additional commands to pass to install.sh
    # The following are only available for Windows machines
    install_msi_url: "foo://bar.com"
  },
  ssh_username: "ubuntu", # Username to use for ssh and WinRM
  ssh_gateway: "user@gateway", # SSH gateway configuration
  ssh_options: { # a list of options to Net::SSH.start
    :auth_methods => [ 'publickey' ], # DEFAULT
    :keys_only => true, # DEFAULT
    :host_key_alias => "#{instance.id}.AWS", # DEFAULT
    :key_data => nil, # use key from ssh-agent instead of a local file; remember to ssh-add your keys!
    :forward_agent => true, # you may want your ssh-agent to be available on your provisioned machines
    :never_forward_localhost => false, # This will, if set, disable SSH forwarding if it does not work/make sense in your envirnoment
    :remote_forwards => [
        # Give remote host access to squid proxy on provisioning node
        {:remote_port => 3128, :local_host => 'localhost', :local_port => 3128,},
        # Give remote host access to private git server
        {:remote_port => 2222, :local_host => 'git.example.com', :local_port => 22,},
    ],
    # You can send net-ssh log info to the Chef::Log if you are having
    # trouble with ssh.
    :logger => Chef::Log,
    # If you use :logger => Chef::Log and :verbose then your :verbose setting
    # will override the global Chef::Config. Probably don't want to do this:
    #:verbose => :warn,
  }
})

This options hash can be supplied to either with_machine_options or directly into the machine_options attribute.

Individual drivers will often add their own driver specific config. For example, AWS expects a :bootstrap_options hash at the same level as :convergence_options.

Anatomy of a Recipe

The ChefDK comes with a provisioner for Vagrant, an abstraction that covers VirtualBox, VMware and other Virtual Machine drivers. In docs/examples, you can run this to try it:

export CHEF_DRIVER=vagrant
export VAGRANT_DEFAULT_PROVIDER=virtualbox
chef-client -z vagrant_linux.rb simple.rb

To use with VMware, simply update the prior example to read export VAGRANT_DEFAULT_PROVIDER=vmware_fusion

This is a chef-client run, which runs multiple recipes. Chef Provisioning is nothing but resources you put in recipes.

The driver is specified on the command line. Drivers are URLs. You could use vagrant:~/vms or `fog:AWS:default:us-east-1' as driver URLs. More information here.

The vagrant_linux.rb recipe handles the physical specification of the machines and Vagrant box:

require 'chef/provisioning/vagrant_driver'

vagrant_box 'precise64' do
  url 'http://files.vagrantup.com/precise64.box'
end

with_machine_options :vagrant_options => {
  'vm.box' => 'precise64'
}

require 'chef/provisioning/vagrant_driver' is how we bring in the vagrant_box resource.

vagrant_box makes sure a particular vagrant box exists, and lets you specify machine_options for things like port forwarding, OS definitions, and any other vagrant-isms.

Typically, you declare these in separate files from your machine resources. Chef Provisioning picks up the drivers and machine_options you have declared, and uses them to instantiate the machines you request. The actual machine definitions, in this case, are in simple.rb, and are generic--you could use them against Azure or EC2 as well:

machine 'mario' do
  tag 'itsame'
end

Other directives, like recipe 'apache', help you set run lists and other information about the machine.

Pointing Boxes at Chef Servers

By default, Chef Provisioning will put your boxes on the same Chef server you started chef-client with (in the case of -z, that's a local chef-zero server). Sometimes you want to put your boxes on different servers. There are a couple of ways to do that:

with_chef_local_server :chef_repo_path => '~/repo'

with_chef_local_server is a generic directive that creates a chef-zero server pointed at the given repository. nodes, clients, data bags, and all data will be stored here on your provisioner machine if you do this.

You can use with_chef_server instead if you want to point at OSS, Hosted or Enterprise Chef, and if you don't specify a Chef server at all, it will use the one you are running chef-client against. Keep in mind when using with_chef_server and running chef-client -z on your workstation that you will also need to set the client name and signing key for the chef server. If you've already got knife.rb set up, then something like this in the provisioning recipe will correctly create a client for the chef server on instance using your knife.rb configuration:

with_chef_server "https://chef-server.example.org",
:options =>{  
  :client_name => Chef::Config[:node_name],
  :signing_key_filename => Chef::Config[:client_key]
  }

Finally, you can specify a Chef Server for an individual machine by using the chef_server attribute. This attribute takes the same additional options (:client_name, :signing_key_filename) that with_chef_server does.

machine 'mario' do
  chef_server :chef_server_url => "https://chef-server.example.org"
end

Configuring ACLs

If you want to run your provisionning recipes from an actual chef node, rather than from your workstation, you need to give that node's client enough rights to create the node and client he'll be provisioning on the chef server. Without those additional rights, the provisioning will fail with a error along the lines of chef_client[mymachine] had an error: Net::HTTPServerException: 403 "Forbidden".

A clean solution to this problem is to use knife-acl to define a provisioners group with the required rights, and add your client to it:

$> chef gem install knife-acl
$> knife group create provisioners
$> knife acl add group provisioners containers clients read,create,update,delete,grant
$> knife acl add group provisioners containers nodes read,create,update,delete,grant
$> knife group add client my_provisioning_client_name provisioners

Bugs and The Plan

Please submit bugs, gripes and feature requests at https://github.com/chef/chef-provisioning/issues and join us in the Slack room to chat.

To contribute, just make a PR in the appropriate repo following the Chef contribution process.

More Repositories

1

cookbooks

DEPRECATED: This repository has been split up into separate repositories by cookbook under the "opscode-cookbooks" organization.
1,495
star
2

chef-repo

DEPRECATED: Use of this repository is deprecated. We recommend using the chef generate repo command that comes with ChefDK.
859
star
3

vagrant-omnibus

A Vagrant plugin that ensures the desired version of Chef is installed via the platform-specific Omnibus packages.
Ruby
551
star
4

devops-kungfu

Chef Style DevOps Kung fu
JavaScript
528
star
5

chef-dk

DEPRECATED: A streamlined development and deployment workflow for Chef Infra platform.
Ruby
384
star
6

windows

Development repository for Chef Cookbook windows
Ruby
252
star
7

chef-fundamentals

DEPRECATED: Chef Fundamentals training materials
CSS
205
star
8

database

DEPRECATED: Development repository for Chef database cookbook
Ruby
186
star
9

chef-client

Development repository for Chef Client cookbook
Ruby
175
star
10

stove

DEPRECATED: A utility for packaging and releasing Chef cookbooks
Ruby
168
star
11

minitest-chef-handler

Run minitest suites after your Chef recipes to check the status of your system.
Ruby
164
star
12

knife-rackspace

Chef knife plug-in for Rackspace
Ruby
153
star
13

chef-rfc

Public RFCs for Chef and related projects
Ruby
148
star
14

chef-provisioning-aws

AWS driver and resources for Chef that uses the AWS SDK
Ruby
142
star
15

sudo

Development repository for sudo cookbook
Ruby
117
star
16

build-essential

Development repository for build-essential Chef Cookbook
Ruby
116
star
17

chef-api

DEPRECATED: A tiny Chef API client with minimal dependencies
Ruby
107
star
18

chef-provisioning-docker

Docker provisioner for chef-provisioning
Ruby
93
star
19

erchef

DEPRECATED: Erlang based Chef Server top-level OTP release project
Erlang
89
star
20

knife-acl

knife plugin for working with ACLs on Chef Server
Ruby
81
star
21

delivery-cli

The command line tool for the workflow capabilities in Chef Automate.
Rust
80
star
22

knife-linode

DEPRECATED: Chef knife plug-in for Linode
Ruby
78
star
23

omnibus-chef

Omnibus packaging for Chef
77
star
24

chef-web-docs-2016

DEPRECATED - All The Documentation
HTML
75
star
25

omnibus_updater

DEPRECATED: Chef cookbook to update the omnibus packaged Chef client
Ruby
74
star
26

openssl

Development repository for openssl cookbook
Ruby
74
star
27

terraform-provisioner-inspec

Terraform InSpec Provisioner Plugin
Go
68
star
28

rails-quick-start

DEPRECATED: Repository used with the Chef Rails Quick Start Guide
HTML
63
star
29

ubuntu

Development repository for Chef Cookbook ubuntu
Ruby
61
star
30

chef-vault

chef-vault cookbook
Ruby
61
star
31

route53

DEPRECATED: Provides resources for adding and removing records from Amazon Route53
Ruby
60
star
32

knife-container

DEPRECATED: Container support for Chef's Knife Command
Ruby
57
star
33

audit

Audit Cookbook for Chef Compliance
Ruby
57
star
34

chef-provisioning-fog

Fog driver for Chef Provisioning
Ruby
54
star
35

chef_nginx

Chef Software support NGINX cookbook
Ruby
53
star
36

quick-reference

quick reference documentation
52
star
37

ohai

Development repository for Chef Cookbook ohai
Ruby
49
star
38

chef_handler

DEPRECATED: Development repository for Chef Cookbook chef_handler
Ruby
49
star
39

dmg

Development repository for dmg Chef cookbook
Ruby
45
star
40

omnibus-chef-server

Deprecated: Omnibus packaging for Opscode Chef Server (OSC 11.x only).
Ruby
44
star
41

inspec-aws-old

[Deprecated] This is integrated in InSpec 2.0 now
Ruby
42
star
42

django-quick-start

DEPRECATED: Django Quick Start Guide Chef Repository
40
star
43

hubot

DEPRECATED: Chef cookbook for deploying and managing an instance of Github's Hubot.
Ruby
40
star
44

httpd

DEPRECATED: Library cookbook with Apache httpd primitives
Ruby
39
star
45

aws_native_chef_server

Cloudformation templates for building a scalable cloud-native Chef Server on AWS
Shell
37
star
46

delivery-truck

DEPRECATED: Delivery build cb for pipelines
Ruby
36
star
47

bluepill

Development repository for bluepill Chef Cookbook
Ruby
35
star
48

unicorn

DEPRECATED: Development repository for Chef Cookbook unicorn
Ruby
34
star
49

chef-server-cluster

DEPRECATED: Chef Cookbook to manage Chef Clusters
Ruby
33
star
50

opscode-packages

Packages of Opscode Software for various platforms
Ruby
33
star
51

openstack-chef-repo

DEPRECATED: Chef Repository for OpenStack
Ruby
32
star
52

cookbook-guide

Chef Technical Alliances guide for writing quality cookbooks
Ruby
31
star
53

tar

Deprecated: Chef cookbook for tar packages
Ruby
31
star
54

audit-cis

DEPRECATED: Recipes to perform chef audit mode check for CIS Benchmarks
Ruby
31
star
55

omnibus

Prepares a machine to be an Omnibus builder. ┬──┬◡ノ(° -°ノ)
Ruby
28
star
56

libarchive

Deprecated: A library cookbook for manipulating archive files
Ruby
28
star
57

resource

DEPRECATED: Easier, More Powerful Chef Resources
27
star
58

chef-sugar

Ruby
27
star
59

ruby

DEPRECATED: Chef Cookbook for Managing Ruby from Packages
Ruby
27
star
60

locale

Chef cookbook to configure the system locale on Linux systems
Ruby
26
star
61

chef-server-webui

DEPRECATED: Web Interface to Open Source Chef Server 11
JavaScript
24
star
62

private-chef-administration

DEPRECATED: Private Chef Administration Guide
Python
24
star
63

bookshelf

DEPRECATED: Minimal S3 Clone
Erlang
24
star
64

opscode-agent

Opscode Agent, providing RESTful and AMQP access to Chef and Ohai
Ruby
23
star
65

pantry-chef-repo

A Chef Repository For Pantry
Shell
22
star
66

habitat

Chef Cookbook for Habitat
Ruby
22
star
67

chef-provisioning-vagrant

Vagrant provisioner for chef-provisioning
Ruby
22
star
68

microsoft_azure

Windows Azure Cookbook for Chef
Ruby
21
star
69

chef-init

PID1 for your Chef containers
Ruby
21
star
70

knife-opc

Knife plugin for managing Chef Server Organizations
Ruby
21
star
71

zsh

DEPRECATED: Development repository for Chef Cookbook zsh
Ruby
21
star
72

push-jobs-cookbook

Development repository for Chef Cookbook push-jobs
Ruby
21
star
73

chef-provisioning-azure

DEPRECATED: Azure driver for chef-provisioning!
Ruby
21
star
74

delivery-cluster

DEPRECATED: Deployment cookbook for standing up Delivery clusters using chef-provisioning.
Ruby
20
star
75

gunicorn

DEPRECATED: Development repository for Chef Cookbook gunicorn
Ruby
20
star
76

dsc

DEPRECATED: Preview of PowerShell Desired State Configuration (DSC) integration with the Chef DSL
Ruby
19
star
77

cis-el7-l1-hardening

Hardening cookbook for CIS Level 1 for RHEL 7 based operating systems
Ruby
19
star
78

logwatch

Development repository for Chef Cookbook logwatch
Ruby
19
star
79

ec-metal

Chef Provisioning-based tool for creating, managing and testing Enterprise Chef HA clusters
Ruby
19
star
80

inspec-vmware

InSpec VMware Resource Pack (Incubation)
Ruby
19
star
81

whitelist-node-attrs

Look here:
Ruby
18
star
82

java-quick-start

DEPRECATED: Chef Java Quick Start Guide
18
star
83

community-summits

Wikis to capture notes for Community Summits
18
star
84

whitelist-node-attrs-cookbook

DEPRECATED: Development repository for whitelist-node-attrs cookbook
Ruby
18
star
85

activemq

Development repository for activemq Chef Cookbook
Ruby
18
star
86

chef-server-cloudformation-templates

Collection of AWS Cloudformation templates for installing Chef Server 12 on EC2
17
star
87

php-quick-start

DEPRECATED: PHP quickstart guide for Chef
17
star
88

knife-eucalyptus

Chef knife plug-in for Eucalyptus
Ruby
16
star
89

lambda_ebs_snapshot

Terraform config for automatic EBS snapshots
HCL
16
star
90

knife-push

knife commands for Chef Push Jobs
Ruby
16
star
91

opscode-pushy-server

Chef Push Jobs Server
Erlang
16
star
92

chef-provisioning-ssh

Provision Machines Via SSH or WinRM Using Chef Provisioning
Ruby
15
star
93

automeck

Streamlines setting up and using meck-based mocks
Erlang
15
star
94

compat_resource

Cookbook to bring some features from future Chef to earlier versions
Ruby
15
star
95

chef-container

Official build definitions for Chef's Docker images
Ruby
14
star
96

chef_wm

DEPRECATED repository. Now lives in chef-server.
Erlang
14
star
97

opscode-omnibus

Deprecated: Omnibus packaging for Chef Server - Use Chef Server Instead
Ruby
14
star
98

win32-sound

A Ruby library for playing and controlling sounds on MS Windows.
Ruby
13
star
99

chef-pedant

DEPRECATED Integration Test Suite for Chef Sever - replaced with oc-chef-pedant
Ruby
13
star
100

chef-server-solo-install

Bootstrap a Chef Server via Chef Solo
Ruby
13
star