github.com/kikitux/packer@v0.10.1-0.20160322154024-6237df566f9f/website/source/docs/provisioners/chef-client.html.md (about) 1 --- 2 description: | 3 The Chef Client Packer provisioner installs and configures software on machines 4 built by Packer using chef-client. Packer configures a Chef client to talk to a 5 remote Chef Server to provision the machine. 6 layout: docs 7 page_title: 'Chef-Client Provisioner' 8 ... 9 10 # Chef Client Provisioner 11 12 Type: `chef-client` 13 14 The Chef Client Packer provisioner installs and configures software on machines 15 built by Packer using [chef-client](https://docs.chef.io/chef_client.html). 16 Packer configures a Chef client to talk to a remote Chef Server to provision the 17 machine. 18 19 The provisioner will even install Chef onto your machine if it isn't already 20 installed, using the official Chef installers provided by Chef. 21 22 ## Basic Example 23 24 The example below is fully functional. It will install Chef onto the remote 25 machine and run Chef client. 26 27 ``` {.javascript} 28 { 29 "type": "chef-client", 30 "server_url": "https://mychefserver.com/" 31 } 32 ``` 33 34 Note: to properly clean up the Chef node and client the machine on which packer 35 is running must have knife on the path and configured globally, i.e, 36 \~/.chef/knife.rb must be present and configured for the target chef server 37 38 ## Configuration Reference 39 40 The reference of available configuration options is listed below. No 41 configuration is actually required. 42 43 - `chef_environment` (string) - The name of the chef\_environment sent to the 44 Chef server. By default this is empty and will not use an environment. 45 46 - `config_template` (string) - Path to a template that will be used for the 47 Chef configuration file. By default Packer only sets configuration it needs 48 to match the settings set in the provisioner configuration. If you need to 49 set configurations that the Packer provisioner doesn't support, then you 50 should use a custom configuration template. See the dedicated "Chef 51 Configuration" section below for more details. 52 53 - `encrypted_data_bag_secret_path` (string) - The path to the file containing 54 the secret for encrypted data bags. By default, this is empty, so no 55 secret will be available. 56 57 - `execute_command` (string) - The command used to execute Chef. This has 58 various [configuration template 59 variables](/docs/templates/configuration-templates.html) available. See 60 below for more information. 61 62 - `guest_os_type` (string) - The target guest OS type, either "unix" or 63 "windows". Setting this to "windows" will cause the provisioner to use 64 Windows friendly paths and commands. By default, this is "unix". 65 66 - `install_command` (string) - The command used to install Chef. This has 67 various [configuration template 68 variables](/docs/templates/configuration-templates.html) available. See 69 below for more information. 70 71 - `json` (object) - An arbitrary mapping of JSON that will be available as 72 node attributes while running Chef. 73 74 - `node_name` (string) - The name of the node to register with the 75 Chef Server. This is optional and by default is packer-{{uuid}}. 76 77 - `prevent_sudo` (boolean) - By default, the configured commands that are 78 executed to install and run Chef are executed with `sudo`. If this is true, 79 then the sudo will be omitted. This has no effect when guest_os_type is 80 windows. 81 82 - `run_list` (array of strings) - The [run 83 list](http://docs.chef.io/essentials_node_object_run_lists.html) for Chef. 84 By default this is empty, and will use the run list sent down by the 85 Chef Server. 86 87 - `server_url` (string) - The URL to the Chef server. This is required. 88 89 - `skip_clean_client` (boolean) - If true, Packer won't remove the client from 90 the Chef server after it is done running. By default, this is false. 91 92 - `skip_clean_node` (boolean) - If true, Packer won't remove the node from the 93 Chef server after it is done running. By default, this is false. 94 95 - `skip_install` (boolean) - If true, Chef will not automatically be installed 96 on the machine using the Chef omnibus installers. 97 98 - `staging_directory` (string) - This is the directory where all the 99 configuration of Chef by Packer will be placed. By default this is 100 "/tmp/packer-chef-client" when guest_os_type unix and 101 "$env:TEMP/packer-chef-client" when windows. This directory doesn't need to 102 exist but must have proper permissions so that the user that Packer uses is 103 able to create directories and write into this folder. By default the 104 provisioner will create and chmod 0777 this directory. 105 106 - `client_key` (string) - Path to client key. If not set, this defaults to a 107 file named client.pem in `staging_directory`. 108 109 - `validation_client_name` (string) - Name of the validation client. If not 110 set, this won't be set in the configuration and the default that Chef uses 111 will be used. 112 113 - `validation_key_path` (string) - Path to the validation key for 114 communicating with the Chef Server. This will be uploaded to the 115 remote machine. If this is NOT set, then it is your responsibility via other 116 means (shell provisioner, etc.) to get a validation key to where Chef 117 expects it. 118 119 ## Chef Configuration 120 121 By default, Packer uses a simple Chef configuration file in order to set the 122 options specified for the provisioner. But Chef is a complex tool that supports 123 many configuration options. Packer allows you to specify a custom configuration 124 template if you'd like to set custom configurations. 125 126 The default value for the configuration template is: 127 128 ``` {.liquid} 129 log_level :info 130 log_location STDOUT 131 chef_server_url "{{.ServerUrl}}" 132 client_key "{{.ClientKey}}" 133 {{if ne .EncryptedDataBagSecretPath ""}} 134 encrypted_data_bag_secret "{{.EncryptedDataBagSecretPath}}" 135 {{end}} 136 {{if ne .ValidationClientName ""}} 137 validation_client_name "{{.ValidationClientName}}" 138 {{else}} 139 validation_client_name "chef-validator" 140 {{end}} 141 {{if ne .ValidationKeyPath ""}} 142 validation_key "{{.ValidationKeyPath}}" 143 {{end}} 144 node_name "{{.NodeName}}" 145 {{if ne .ChefEnvironment ""}} 146 environment "{{.ChefEnvironment}}" 147 {{end}} 148 {{if ne .SslVerifyMode ""}} 149 ssl_verify_mode :{{.SslVerifyMode}} 150 {{end}} 151 ``` 152 153 This template is a [configuration 154 template](/docs/templates/configuration-templates.html) and has a set of 155 variables available to use: 156 157 - `ChefEnvironment` - The Chef environment name. 158 - `EncryptedDataBagSecretPath` - The path to the secret key file to decrypt 159 encrypted data bags. 160 - `NodeName` - The node name set in the configuration. 161 - `ServerUrl` - The URL of the Chef Server set in the configuration. 162 - `SslVerifyMode` - Whether Chef SSL verify mode is on or off. 163 - `ValidationClientName` - The name of the client used for validation. 164 - `ValidationKeyPath` - Path to the validation key, if it is set. 165 166 ## Execute Command 167 168 By default, Packer uses the following command (broken across multiple lines for 169 readability) to execute Chef: 170 171 ``` {.liquid} 172 {{if .Sudo}}sudo {{end}}chef-client \ 173 --no-color \ 174 -c {{.ConfigPath}} \ 175 -j {{.JsonPath}} 176 ``` 177 178 When guest_os_type is set to "windows", Packer uses the following command to 179 execute Chef. The full path to Chef is required because the PATH environment 180 variable changes don't immediately propogate to running processes. 181 182 ``` {.liquid} 183 c:/opscode/chef/bin/chef-client.bat \ 184 --no-color \ 185 -c {{.ConfigPath}} \ 186 -j {{.JsonPath}} 187 ``` 188 189 This command can be customized using the `execute_command` configuration. As you 190 can see from the default value above, the value of this configuration can 191 contain various template variables, defined below: 192 193 - `ConfigPath` - The path to the Chef configuration file. file. 194 - `JsonPath` - The path to the JSON attributes file for the node. 195 - `Sudo` - A boolean of whether to `sudo` the command or not, depending on the 196 value of the `prevent_sudo` configuration. 197 198 ## Install Command 199 200 By default, Packer uses the following command (broken across multiple lines for 201 readability) to install Chef. This command can be customized if you want to 202 install Chef in another way. 203 204 ``` {.text} 205 curl -L https://www.chef.io/chef/install.sh | \ 206 {{if .Sudo}}sudo{{end}} bash 207 ``` 208 209 When guest_os_type is set to "windows", Packer uses the following command to 210 install the latest version of Chef: 211 212 ``` {.text} 213 powershell.exe -Command "(New-Object System.Net.WebClient).DownloadFile('http://chef.io/chef/install.msi', 'C:\\Windows\\Temp\\chef.msi');Start-Process 'msiexec' -ArgumentList '/qb /i C:\\Windows\\Temp\\chef.msi' -NoNewWindow -Wait" 214 ``` 215 216 This command can be customized using the `install_command` configuration. 217 218 ## Folder Permissions 219 220 !> The `chef-client` provisioner will chmod the directory with your Chef keys 221 to 777. This is to ensure that Packer can upload and make use of that directory. 222 However, once the machine is created, you usually don't want to keep these 223 directories with those permissions. To change the permissions on the 224 directories, append a shell provisioner after Chef to modify them. 225 226 ## Examples 227 228 ### Chef Client Local Mode 229 230 The following example shows how to run the `chef-cilent` provisioner in local 231 mode, while passing a `run_list` using a variable. 232 233 **Local environment variables** 234 235 # Machines Chef directory 236 export PACKER_CHEF_DIR=/var/chef-packer 237 # Comma separated run_list 238 export PACKER_CHEF_RUN_LIST="recipe[apt],recipe[nginx]" 239 ... 240 241 **Packer variables** 242 243 Set the necessary Packer variables using environment variables or provide a [var 244 file](/docs/templates/user-variables.html). 245 246 ``` {.liquid} 247 "variables": { 248 "chef_dir": "{{env `PACKER_CHEF_DIR`}}", 249 "chef_run_list": "{{env `PACKER_CHEF_RUN_LIST`}}", 250 "chef_client_config_tpl": "{{env `PACKER_CHEF_CLIENT_CONFIG_TPL`}}", 251 "packer_chef_bootstrap_dir": "{{env `PACKER_CHEF_BOOTSTRAP_DIR`}}" , 252 "packer_uid": "{{env `PACKER_UID`}}", 253 "packer_gid": "{{env `PACKER_GID`}}" 254 } 255 ``` 256 257 **Setup the** `chef-client` **provisioner** 258 259 Make sure we have the correct directories and permissions for the `chef-client` 260 provisioner. You will need to bootstrap the Chef run by providing the necessary 261 cookbooks using Berkshelf or some other means. 262 263 ``` {.liquid} 264 { 265 "type": "file", 266 "source": "{{user `packer_chef_bootstrap_dir`}}", 267 "destination": "/tmp/bootstrap" 268 }, 269 { 270 "type": "shell", 271 "inline": [ 272 "sudo mkdir -p {{user `chef_dir`}}", 273 "sudo mkdir -p /tmp/packer-chef-client", 274 "sudo chown {{user `packer_uid`}}.{{user `packer_gid`}} /tmp/packer-chef-client", 275 "sudo sh /tmp/bootstrap/bootstrap.sh" 276 ] 277 }, 278 { 279 "type": "chef-client", 280 "server_url": "http://localhost:8889", 281 "config_template": "{{user `chef_client_config_tpl`}}/client.rb.tpl", 282 "skip_clean_node": true, 283 "skip_clean_client": true, 284 "run_list": "{{user `chef_run_list`}}" 285 } 286 ```