• Stars
    star
    151
  • Rank 246,057 (Top 5 %)
  • Language
    Ruby
  • License
    Apache License 2.0
  • Created over 13 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Plugin for Chef's knife tool for working with Windows nodes

Knife Windows Plugin

Build status Gem Version

Umbrella Project: Knife

Project State: Active

Issues Response Time Maximum: 14 days

Pull Request Response Time Maximum: 14 days

This plugin adds additional functionality to the Chef Knife CLI tool for configuring / interacting with nodes running Microsoft Windows:

  • Remote command execution using the WinRM protocol
  • Utilities to configure WinRM SSL endpoints on managed nodes

Knife bootstrap windows ssh/winrm

Core Chef now supports bootstrapping Windows systems without a knife plugin

knife-windows plugin Chef Infra Client 15+ Notes
knife windows bootstrap ssh knife bootstrap -o ssh or knife bootstrap Default is 'ssh'
knife windows bootstrap winrm knife bootstrap -o winrm

For more detail https://github.com/chef/chef/blob/master/RELEASE_NOTES.md#knife-bootstrap

Subcommands

This plugin provides the following Knife subcommands. Specific command options can be found by invoking the subcommand with a --help flag

knife winrm

The winrm subcommand allows you to invoke commands in parallel on a subset of the nodes in your infrastructure. The winrm subcommand uses the same syntax as the search subcommand; you could find the uptime of all your web servers using the command:

knife winrm "role:web" "net stats srv" -x Administrator -P 'super_secret_password'

Please note that to run a single command against multiple nodes, each node must share the same username and password.

Or force a chef run:

knife winrm "myserver.myorganization.net" "chef-client -c c:/chef/client.rb" -m -x Administrator -P "super_secret_password"
myserver.myorganization.net [Fri, 04 Mar 2011 22:00:49 +0000] INFO: Starting Chef Run (Version 0.9.12)
myserver.myorganization.net [Fri, 04 Mar 2011 22:00:50 +0000] WARN: Node ip-0A502FFB has an empty run list.
myserver.myorganization.net [Fri, 04 Mar 2011 22:00:53 +0000] INFO: Chef Run complete in 4.383966 seconds
myserver.myorganization.net [Fri, 04 Mar 2011 22:00:53 +0000] INFO: cleaning the checksum cache
myserver.myorganization.net [Fri, 04 Mar 2011 22:00:53 +0000] INFO: Running report handlers
myserver.myorganization.net [Fri, 04 Mar 2011 22:00:53 +0000] INFO: Report handlers complete

This subcommand operates in a manner similar to knife ssh...just leveraging the WinRM protocol for communication. It also includes knife ssh's "interactive session mode"

winrm-shell

By default, knife winrm runs in a cmd.exe shell. You can use the --winrm-shell argument to change the shell to powershell or elevated. An elevated shell is similar to the powershell shell but the powershell command is executed from a scheduled task using a local identity. This may be desirable for some operations such as running chef-client to converge recipes that work with windows updates, install sql server, etc.

Tip: Use SSL for WinRM communication

By default, the knife winrm subcommands use a plaintext transport, but they support an option --winrm-transport (or -t) with the argument ssl that allows the SSL to secure the WinRM payload. Here's an example:

knife winrm -t ssl "role:web" "net stats srv" -x Administrator -P "super_secret_password" -f ~/server_public_cert.crt

Use of SSL is strongly recommended, particularly when invoking knife-windows on non-Windows platforms, since without SSL there are limited options for ensuring the privacy of the plaintext transport. See the section on Platform authentication support.

SSL will become the default transport in future revisions of knife-windows.

knife wsman test

Connects to the remote WSMan/WinRM endpoint and verifies the remote node is listening. This is the equivalent of running Test-Wsman from PowerShell. Endpoints to test can be specified manually, or be driven by search and use many of the same connection options as knife winrm. To test a single node using the default WinRM port (5985)

knife wsman test 192.168.1.10 -m

or to test a single node with SSL enabled on the default port (5986)

knife wsman test 192.168.1.10 -m --winrm-transport ssl

or to test all windows nodes registered with your Chef Server organization

knife wsman test platform:windows

knife windows cert generate

Generates a certificate(x509) containing a public / private key pair for WinRM 'SSL' communication. The certificate will be generated in three different formats:

  • .pem - The *.pem is Base64 encoded public certificate only. One can use this file with the -f argument on knife winrm command.
  • .pfx - The PKCS12(i.e .pfx) contains both the public and private keys, usually used on the server. This can be added to a WinRM Server's Certificate Store using knife windows cert install (see command description below). Note: Do not use the *.pfx file with the -f argument on the knife winrm command. Use the *.pem file instead.
  • .b64 - The *.b64 is Base64 PKCS12 key pair. Contains both the public and private keys, for upload to the Cloud REST API. e.g. Azure.

This command also displays the thumbprint of the generated certificate.

knife windows cert generate --cert-passphrase "strong_passphrase" --hostname "myserver.myorganization.net" --output-file "~/server_cert.pfx"
# This command will generate certificates in the user's home directory with names server_cert.b64, server_cert.pfx and server_cert.pem.

knife windows cert install

This command only functions on Windows and is intended to be run on a chef node. It adds the specified certificate to its certificate store. This command must include a valid PKCS12(i.e *.pfx) certificate file path such as the *.pfx file generated by knife windows cert generate described above.

knife windows cert install "~/server_cert.pfx" --cert-passphrase "strong_passphrase"

knife windows listener create

This command only functions on Windows and is intended to be run on a chef node. It creates the winrm listener for SSL communication(i.e HTTPS). This command can also install certificate which is specified using --cert-install option and use the installed certificate thumbprint to create winrm listener. --hostname option is optional. Default value for hostname is *.

knife windows listener create --cert-passphrase "strong_passphrase" --hostname "myserver.mydomain.net" --cert-install "~/server_cert.pfx"

The command also allows you to use existing certificates from local store to create winrm listener. Use --cert-thumbprint option to specify the certificate thumbprint.

knife windows listener create --cert-passphrase "strong_passphrase" --hostname "myserver.mydomain.net" --cert-thumbprint "bf0fef0bb41be40ceb66a3b38813ca489fe99746"

You can get the thumbprint for existing certificates in the local store using the following PowerShell command:

ls cert:\LocalMachine\My

Requirements / setup

Ruby

Ruby 1.9.3+ is required.

Chef version

This knife plugins requires >= Chef 11.0.0. More details about Knife plugins can be found in the Chef documentation.

Nodes

WinRM versions

The node must be running Windows Remote Management (WinRM) 2.0+. WinRM allows you to call native objects in Windows. This includes, but is not limited to, running PowerShell scripts, batch scripts, and fetching WMI data. For more information on WinRM, please visit Microsoft's WinRM site.

WinRM is built into Windows 7 and Windows Server 2008+. It can also be installed on older version of Windows, including:

  • Windows Server 2003
  • Windows Vista

WinRM configuration

NOTE: Before any WinRM related knife subcommands will function a node's WinRM installation must be configured correctly. The settings below must be added to your base server image or passed in using some sort of user-data mechanism provided by your cloud provider. Some cloud providers will set up the required WinRM configuration through the cloud API for creating instances -- see the documentation for the provider.

A server running WinRM must also be configured properly to allow outside connections for the entire network path from the knife workstation to the server. The easiest way to accomplish this is to use WinRM's quick configuration option:

winrm quickconfig -q

This will set up an WinRM listener using the HTTP (plaintext) transport -- WinRM also supports the SSL transport for improved robustness against information disclosure and other threats.

The chef-client installation may take more memory than the default 150MB WinRM allocates per shell on older versions of Windows (prior to Windows Server 2012) -- this can slow it down or cause it to fail. The memory limit was increased to 1GB with Windows Management Framework 3 (and Server 2012). However, there is a bug in Windows Management Framework 3 (and Server 2012) which requires a hotfix from Microsoft. You can increase the memory limit to 1GB with the following PowerShell command:

    set-item wsman:\localhost\shell\maxmemorypershellmb 1024

Commands can take longer than the WinRM default 60 seconds to complete, optionally increase to 30 minutes if terminates a command prematurely:

    set-item wsman:\localhost\MaxTimeoutms 300000

Note that the winrm command itself supports the same configuration capabilities as the PowerShell commands given above -- if you need to configure WinRM without using PowerShell, use winrm -? to get help.

WinRM supports both the HTTP and HTTPS (SSL) transports and the following authentication schemes: Kerberos, Digest, Certificate and Basic. The details of these authentication transports are outside of the scope of this README but details can be found on the WinRM configuration guide.

Working with legacy Windows versions

If you are attempting to use knife winrm with a version of windows that is older than server 2008 R2 or older than Windows 7 then you may need to alter the default UTF-8 codepage (65001) using the --winrm-codepage argument. You can use the codepage native to your locale but 437 is a safe codepage for older Windows versions.

Configure SSL on a Windows node

WinRM supports use of SSL to provide privacy and integrity of communication using the protocol and to prevent spoofing attacks.

Configure SSL using knife

knife-windows includes three commands to assist with SSL configuration -- these commands support all versions of Windows and do not rely on PowerShell:

  • knife windows cert generate: creates a certificate that may be used to configure an SSL WinRM listener

  • knife windows cert install: Installs a certificate into the Windows certificate store so it can be used to configure an SSL WinRM listener.

  • knife windows listener create: Creates a WinRM listener on a Windows node -- it can use either a certificate already installed in the Windows certificate store, or one created by other tools including the knife windows cert generate command.

Here is an example that configures a listener on the node on which the commands are executed:

knife windows cert generate --domain myorg.org --output-file $env:userprofile/winrmcerts/winrm-ssl
knife windows listener create --hostname *.myorg.org --cert-install $env:userprofile/winrmcerts/winrm-ssl.pfx

Note that the first command which generates the certificate for the listener could be executed from any system that can run knife as long as the certificate it generates is made available at a path at which the second command can access it.

See previous sections for additional details of the windows cert generate, windows cert install and windows listener create subcommands.

Configure SSL using Windows Server 2012 or later

The following PowerShell commands may be used to create an SSL WinRM listener with a self-signed certificate on Windows 2012R2 or later systems:

$cert = New-SelfSignedCertificate -DnsName 'myserver.mydomain.org' -CertStoreLocation Cert:\LocalMachine\My
new-item -address * -force -path wsman:\localhost\listener -port 5986 -hostname ($cert.subject -split '=')[1] -transport https -certificatethumbprint $cert.Thumbprint
# Open the firewall for 5986, the default WinRM SSL port
netsh advfirewall firewall set rule name="Windows Remote Management (HTTPS-In)" profile=public protocol=tcp localport=5986 remoteip=localsubnet new remoteip=any

Note that the first command which uses the New-SelfSignedCertificate cmdlet is available only in PowerShell version 4.0 and later.

Configure SSL using winrm quickconfig

The following command can configure an SSL WinRM listener if the Windows certificate store's Local Machine store contains a certificate that meets certain criteria that are most likely to be met if the system is joined to a Windows Active Directory domain:

winrm quickconfig -transport:https -q

If the criteria are not met, an error message will follow with guidance on the certificate requirements; you may need to obtain a certificate from the appropriate source or use the PowerShell or knife techniques given above to create the listener instead.

Disabling peer verification

In the SSL examples above, the -f parameter was used to supply a certificate that could validate the identity of the remote server. For debugging purposes, this validation may be skipped if you have not obtained a public certificate that can validate the server. Here is an example:

knife winrm -m 192.168.0.6 -x "mydomain\myuser" -P $PASSWD -t ssl --winrm-ssl-verify-mode verify_none ipconfig

This option should be used carefully since disabling the verification of the remote system's certificate can subject knife commands to spoofing attacks.

Connecting securely to self-signed certs

If you generate a self-signed cert, the fqdn and ip may not match which will result in a certificate validation failure. In order to securely connect and reduce the risk of a "Man In The Middle" attack, you may use the certificate's fingerprint to precisely identify the known certificate on the WinRM endpoint.

The fingerprint can be supplied to --ssl-peer-fingerprint and instead of using a certificate chain and comparing the CommonName, it will only verify that the fingerprint matches:

knife winrm --ssl-peer-fingerprint 89255929FB4B5E1BFABF7E7F01AFAFC5E7003C3F \
	      -m $IP -x Administrator -P $PASSWD-t ssl --winrm-port 5986 hostname
	10.113.4.54 ip-0A710436

WinRM authentication

The default authentication protocol for knife-windows subcommands that use WinRM is the Negotiate protocol. The following commands show authentication for domain and local accounts respectively:

knife winrm -m web1.cloudapp.net -x "proddomain\webuser" -P "super_secret_password"
knife winrm -m db1.cloudapp.net -x "localadmin" -P "super_secret_password"

The remote system may also be configured with an SSL WinRM listener instead of a plaintext listener. Then the above commands should be modified to use the SSL transport as follows using the -t (or --winrm-transport) option with the ssl argument:

knife winrm -m web1.cloudapp.net -t ssl -x "proddomain\webuser" -P "super_secret_password" -f ~/mycert.crt
knife winrm -m db1.cloudapp.net -t ssl -x "localadmin" -P "super_secret_password" ~/mycert.crt

Troubleshooting authentication

Unencrypted traffic with Basic authentication should only be used for low level wire protocol debugging. The configuration for plain text connectivity to the remote system may be accomplished with the following PowerShell commands:

set-item wsman:\localhost\service\allowunencrypted $true
set-item wsman:\localhost\service\auth\basic $true

To use basic authentication connectivity via knife-windows, the default authentication protocol of Negotiate must be overridden using the --winrm-authentication-protocol option with the desired protocol, in this case Basic:

knife winrm -m web1.cloudapp.net --winrm-authentication-protocol basic ipconfig -x localadmin -P "super_secret_password"

Note that when using Basic authentication, domain accounts may not be used for authentication; an account local to the remote system must be used.

Platform WinRM authentication support

knife-windows supports Kerberos, Negotiate, and Basic authentication for WinRM communication.

The following table shows the authentication protocols that can be used with knife-windows depending on whether the knife workstation is a Windows system, the transport, and whether or not the target user is a domain user or local to the target Windows system.

* There is a known defect in the knife winrm winrm` subcommands invoked on any OS platform when authenticating with the Negotiate protocol over the SSL transport. The defect is tracked by knife-windows issue #176: If the remote system is domain-joined, local accounts may not be used to authenticate via Negotiate over SSL -- only domain accounts will work. Local accounts will only successfully authenticate if the system is not joined to a domain.

This is generally not an issue for bootstrap scenarios, where the system has yet to be joined to any domain, but can be a problem for remote management cases after the system is domain joined. Workarounds include using a domain account instead or bypassing SSL and using Negotiate authentication.

General troubleshooting

  • Windows 2008R2 and earlier versions require an extra configuration for MaxTimeoutms to avoid WinRM::WinRMHTTPTransportError: Bad HTTP response error while bootstrapping. It should be at least 300000.

    set-item wsman:\\localhost\\MaxTimeoutms 300000

  • When I run the winrm command I get: "Error: Invalid use of command line. Type "winrm -?" for help." You're running the winrm command from PowerShell and you need to put the key/value pair in single quotes. For example:

    winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="1024"}'

  • If you receive a timeout when trying to connect to your instance for the first time, make sure your Firewall setting is permissive enough.

    netsh advfirewall firewall set rule name="Windows Remote Management (HTTP-In)" profile=public protocol=tcp localport=5985 remoteip=localsubnet new remoteip=any

AWS User Data

If you are spinning up AWS instances to test against, you can use the following user data when spinning up your instances:

<powershell>
$logfile="C:\\Program Files\\Amazon\\Ec2ConfigService\\Logs\\kitchen-ec2.log"
# Allow script execution
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force
# PS Remoting and & winrm.cmd basic config
Enable-PSRemoting -Force -SkipNetworkProfileCheck
& winrm.cmd set winrm/config '@{MaxTimeoutms="1800000"}' >> $logfile
& winrm.cmd set winrm/config/winrs '@{MaxMemoryPerShellMB="1024"}' >> $logfile
& winrm.cmd set winrm/config/winrs '@{MaxShellsPerUser="50"}' >> $logfile
#Server settings - support username/password login
& winrm.cmd set winrm/config/winrs '@{MaxMemoryPerShellMB="1024"}' >> $logfile
# Firewall Config
& netsh advfirewall firewall set rule name="Windows Remote Management (HTTP-In)" profile=public protocol=tcp localport=5985 remoteip=localsubnet new remoteip=any  >> $logfile
</powershell>

CONTRIBUTING:

Please file bugs against the KNIFE_WINDOWS project at https://github.com/chef/knife-windows/issues.

More information on the contribution process for Chef projects can be found in the Chef Contributions document.

LICENSE:

Author:: Seth Chisamore ([email protected]) Copyright:: Copyright (c) 2015-2016 Chef Software, Inc. License:: Apache License, Version 2.0

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

More Repositories

1

chef

Chef Infra, a powerful automation platform that transforms infrastructure into code automating how infrastructure is configured, deployed and managed across any environment, at any scale
Ruby
7,596
star
2

bento

Packer templates for building minimal Vagrant baseboxes for multiple platforms
HCL
4,220
star
3

omnibus

Easily create full-stack installers for your project across a variety of platforms.
Ruby
1,269
star
4

ohai

Ohai profiles your system and emits JSON
Ruby
672
star
5

chef-zero

Simple, easy-run, fast-start in-memory Chef server for testing and solo purposes
Ruby
534
star
6

chef-vault

Securely manage passwords, certs, and other secrets in Chef
Ruby
407
star
7

knife-ec2

Chef knife plug-in for AWS EC2
Ruby
403
star
8

chef-server

Chef Infra Server is a hub for configuration data; storing cookbooks, node policies and metadata of managed nodes.
Erlang
279
star
9

automate

Chef Automate provides a full suite of enterprise capabilities for maintaining continuous visibility into application, infrastructure, and security automation.
Go
227
star
10

supermarket

Chef's community platform
Ruby
214
star
11

knife-vsphere

Chef knife plug-in for VMware vSphere
Ruby
202
star
12

omnibus-software

Open Source Software for use in Omnibus built packages
Ruby
133
star
13

chef-workstation

Chef Workstation gives you everything you need to get started with Chef, so you can automate how you audit, configure, and manage applications end environments.
Go
133
star
14

mixlib-shellout

mixin library for subprocess management, output collection
Ruby
132
star
15

chef-web-docs

All The Documentation
HTML
127
star
16

mixlib-cli

A mixin for creating command line applications - gives an easy DSL for argument specification and processing
Ruby
123
star
17

knife-openstack

Chef Infra knife plug-in for OpenStack
Ruby
120
star
18

cookstyle

A linting tool that helps you to write better Chef Infra cookbooks and InSpec profiles by detecting and automatically correcting style, syntax, and logic mistakes in your code.
Ruby
109
star
19

os_release

A repo containing the /etc/os-release file from various Linux distros
81
star
20

chef-oss-practices

Documentation and Practices for Open Source Development at Chef
Ruby
81
star
21

knife-azure

Chef knife plug-in for Microsoft Azure
Ruby
72
star
22

artifactory-client

A simple, lightweight Ruby client for interacting with the Artifactory API.
Ruby
68
star
23

knife-google

Chef knife plug-in for Google Compute
Ruby
67
star
24

win32-service

A Ruby library that allows users to inspect, control or create services on MS Windows
Ruby
65
star
25

mixer

Mix in functions from other modules
Erlang
64
star
26

concrete

Concrete enhances your rebar based Erlang project by providing a common Makefile wrapper, a dialyzer make target that caches PLT analysis of your project's dependencies, and a mechanism to specify development only dependencies.
Erlang
56
star
27

mixlib-config

A simple class based Config mechanism, similar to the one found in Chef
Ruby
51
star
28

sqerl

General purpose RDBMS abstraction layer
Erlang
42
star
29

vscode-chef

Chef Infra Extension for Visual Studio Code
TypeScript
39
star
30

cheffish

Resources and tools for testing and interacting with Chef and Chef Server.
Ruby
39
star
31

knife-tidy

Report on stale Chef Server nodes/cookbooks, clean those up and additionally clean data integrity issues from a knife-ec-backup object based backup!
Ruby
37
star
32

homebrew-chef

A homebrew tap for ChefDK, Workstation, and InSpec
Ruby
36
star
33

mixlib-log

A simple class based Log mechanism, similar to Merb and Chef, that you can mix in to your project.
Ruby
34
star
34

effortless

Automated best practices for Chef Infra and Chef InSpec
Shell
33
star
35

chef-load

chef-load - a tool for simulating load on a Chef Infra Server and/or a Chef Automate server
Roff
32
star
36

knife-ec-backup

Backup and restore Chef Infra Server in a repository-compatible format
Ruby
31
star
37

mini_s3

Minimal AWS S3 client for Erlang
Erlang
28
star
38

okta_aws

Tool for accessing the AWS API for an account you normally access via okta
Python
27
star
39

dep-selector

Fast Dependency Solver for Ruby using Gecode
Ruby
25
star
40

omnitruck

Web service to automate the release of Omnibus artifacts
Ruby
25
star
41

win32-process

A Ruby library that adds or redefines several methods for the Process module
Ruby
25
star
42

kitchen-vcenter

A test-kitchen driver for vCenter REST API
Ruby
25
star
43

omnibus-ctl

Provides service control for omnibus packages
Ruby
23
star
44

mixlib-authentication

AuthN signing and verification. Appears in both the client and server
Ruby
22
star
45

knife-cloud

Library for Chef knife cloud plugins
Ruby
18
star
46

win32-taskscheduler

A Ruby interface for the task scheduler on MS Windows
Ruby
17
star
47

mixlib-versioning

General purpose Ruby library that allows you to parse, compare, and manipulate version strings in multiple formats.
Ruby
17
star
48

win32-eventlog

The win32-eventlog library provides a Ruby interface for reading from and writing to the Windows Event Log
Ruby
17
star
49

chefstyle

Version Pinned RuboCop with Chef approved Cop list for linting software - NOT FOR COOKBOOKS
Ruby
15
star
50

chef-cli

The 'chef' command line tool included in Chef Workstation
Ruby
14
star
51

win32-file

Extra methods, and redefined methods, for the File class on MS Windows
Ruby
14
star
52

anka-buildkite-plugin

Run Buildkite steps inside Veertu Anka Virtual Machines
Shell
14
star
53

appbundler

Generate locked binstubs for ruby applications
Ruby
14
star
54

stats_hero

General purpose stats collection
Erlang
13
star
55

wmi-lite

Lightweight, low-dependency wrapper for basic WMI functionality on Windows.
Ruby
13
star
56

knife-vrealize

Plugin for Chef's knife tool to interact with VMware vRealize products
Ruby
13
star
57

chef-apply

The ad-hoc execution tool for the Chef ecosystem.
Ruby
13
star
58

ffi-libarchive

A Ruby FFI binding to libarchive.
Ruby
13
star
59

mixlib-install

A library for interacting with Chef Software Inc's software distribution systems.
Ruby
12
star
60

chef_authn

Erlang API request authentication signing and verification for Chef
Erlang
11
star
61

ffi-yajl

Ruby FFI gem wrapper around yajl2 library
Ruby
11
star
62

corefoundation

FFI based Ruby bindings for the CoreFoundation frameworks
Ruby
11
star
63

fixie

Low level manipulation tool for chef in sql
Ruby
10
star
64

dep-selector-libgecode

Bundled Gecode Libraries for dep-selector
Ruby
10
star
65

win32-certstore

Ruby library for accessing the certificate store on Windows
Ruby
10
star
66

chef-workstation-app

The Chef Workstation desktop application.
TypeScript
10
star
67

win32-security

A Ruby interface for security aspects of MS Windows
Ruby
9
star
68

knife-vcenter

Chef knife plug-in for VMware REST API
Ruby
9
star
69

architecture-center

Ruby
9
star
70

win32-dir

A series of constants, and extra or redefined methods, for the Dir class on Windows
Ruby
8
star
71

chef_backup

A library to backup an Chef server
Ruby
8
star
72

chef-vault-testfixtures

provides an RSpec shared context for testing Chef cookbooks that use chef-vault
Ruby
7
star
73

opscoderl_httpc

Opscode helper application for being an HTTP client
Erlang
7
star
74

license-acceptance

Chef Software libraries for accepting usage license
Ruby
7
star
75

rubydistros

Dockerfiles for Ruby on various Linux distros
Dockerfile
7
star
76

win32-mmap

A Ruby interface for memory mapped files on MS Windows
Ruby
7
star
77

chef-analyze

A CLI to analyze artifacts from a Chef Infra Server
Go
6
star
78

win32-event

A Ruby interface to Event objects on MS Windows
Ruby
6
star
79

license_scout

Discovers license information of the dependencies of a project.
Ruby
6
star
80

.github

.github files that are inherited by all org repos unless specifically included in a repo
6
star
81

cookbook-omnifetch

Fetch Chef Cookbooks from Various Sources to a Local Cache
Ruby
6
star
82

win32-ipc

A Ruby abstract base class for synchronization objects on MS Windows
Ruby
5
star
83

github-workflows

Github Actions Workflows
5
star
84

appbundle-updater

A little help when you want to update an appbundled project inside of a Chef/ChefDK omnibus package
Ruby
5
star
85

ci-studio-common

Shared helpers for use inside CIs (like Travis) and a Habitat Studio
Go
5
star
86

omnibus-toolchain

Omnibus packaging for Omnibus toolchain
Ruby
5
star
87

chef-web-core

Shared resources for Chef web properties
Ruby
5
star
88

gatherlogs-reporter

Inspec profiles for examining gatherlog output from chef-products for support.
Ruby
5
star
89

chocolatey-packages

PowerShell
4
star
90

compliance-workshop-environment

Ruby
4
star
91

inspec-extra-resources

Ruby
4
star
92

folsom_graphite

Send data from folsom automatically to graphite
Erlang
4
star
93

chef-powershell-shim

.NET 4.0/COM wrapper around PowerShell host
Ruby
4
star
94

cookstylist

Cookstyle GitHub app
Ruby
4
star
95

automate-liveness-agent

Agent that sends "keep alive" messages to Chef Automate
Ruby
4
star
96

community_cookbook_releaser

A simple script to aid in version bumps and changelog generation for Chef managed community cookbooks
Ruby
4
star
97

habitat_exporter

Go
4
star
98

mixlib-archive

A very simple gem to create and extract archives.
Ruby
4
star
99

win32-mutex

A Ruby interface for mutexes on MS Windows
Ruby
3
star
100

chef_dictionary

A dictionary file of words in the Chef ecosystem
Ruby
3
star