github.com/marksheahan/packer@v0.10.2-0.20160613200515-1acb2d6645a0/website/source/docs/provisioners/chef-client.html.md (about) 1 --- 2 description: | 3 The Chef Client Packer provisioner installs and configures software on machines 4 built by Packer using chef-client. Packer configures a Chef client to talk to a 5 remote Chef Server to provision the machine. 6 layout: docs 7 page_title: 'Chef-Client Provisioner' 8 ... 9 10 # Chef Client Provisioner 11 12 Type: `chef-client` 13 14 The Chef Client Packer provisioner installs and configures software on machines 15 built by Packer using [chef-client](https://docs.chef.io/chef_client.html). 16 Packer configures a Chef client to talk to a remote Chef Server to provision the 17 machine. 18 19 The provisioner will even install Chef onto your machine if it isn't already 20 installed, using the official Chef installers provided by Chef. 21 22 ## Basic Example 23 24 The example below is fully functional. It will install Chef onto the remote 25 machine and run Chef client. 26 27 ``` {.javascript} 28 { 29 "type": "chef-client", 30 "server_url": "https://mychefserver.com/" 31 } 32 ``` 33 34 Note: to properly clean up the Chef node and client the machine on which packer 35 is running must have knife on the path and configured globally, i.e, 36 \~/.chef/knife.rb must be present and configured for the target chef server 37 38 ## Configuration Reference 39 40 The reference of available configuration options is listed below. No 41 configuration is actually required. 42 43 - `chef_environment` (string) - The name of the chef\_environment sent to the 44 Chef server. By default this is empty and will not use an environment. 45 46 - `config_template` (string) - Path to a template that will be used for the 47 Chef configuration file. By default Packer only sets configuration it needs 48 to match the settings set in the provisioner configuration. If you need to 49 set configurations that the Packer provisioner doesn't support, then you 50 should use a custom configuration template. See the dedicated "Chef 51 Configuration" section below for more details. 52 53 - `encrypted_data_bag_secret_path` (string) - The path to the file containing 54 the secret for encrypted data bags. By default, this is empty, so no 55 secret will be available. 56 57 - `execute_command` (string) - The command used to execute Chef. This has 58 various [configuration template 59 variables](/docs/templates/configuration-templates.html) available. See 60 below for more information. 61 62 - `guest_os_type` (string) - The target guest OS type, either "unix" or 63 "windows". Setting this to "windows" will cause the provisioner to use 64 Windows friendly paths and commands. By default, this is "unix". 65 66 - `install_command` (string) - The command used to install Chef. This has 67 various [configuration template 68 variables](/docs/templates/configuration-templates.html) available. See 69 below for more information. 70 71 - `json` (object) - An arbitrary mapping of JSON that will be available as 72 node attributes while running Chef. 73 74 - `node_name` (string) - The name of the node to register with the 75 Chef Server. This is optional and by default is packer-{{uuid}}. 76 77 - `prevent_sudo` (boolean) - By default, the configured commands that are 78 executed to install and run Chef are executed with `sudo`. If this is true, 79 then the sudo will be omitted. This has no effect when guest_os_type is 80 windows. 81 82 - `run_list` (array of strings) - The [run 83 list](http://docs.chef.io/essentials_node_object_run_lists.html) for Chef. 84 By default this is empty, and will use the run list sent down by the 85 Chef Server. 86 87 - `server_url` (string) - The URL to the Chef server. This is required. 88 89 - `skip_clean_client` (boolean) - If true, Packer won't remove the client from 90 the Chef server after it is done running. By default, this is false. 91 92 - `skip_clean_node` (boolean) - If true, Packer won't remove the node from the 93 Chef server after it is done running. By default, this is false. 94 95 - `skip_install` (boolean) - If true, Chef will not automatically be installed 96 on the machine using the Chef omnibus installers. 97 98 - `ssl_verify_mode` (string) - Set to "verify\_none" to skip validation of 99 SSL certificates. If not set, this defaults to "verify\_peer" which validates 100 all SSL certifications. 101 102 - `staging_directory` (string) - This is the directory where all the 103 configuration of Chef by Packer will be placed. By default this is 104 "/tmp/packer-chef-client" when guest_os_type unix and 105 "$env:TEMP/packer-chef-client" when windows. This directory doesn't need to 106 exist but must have proper permissions so that the user that Packer uses is 107 able to create directories and write into this folder. By default the 108 provisioner will create and chmod 0777 this directory. 109 110 - `client_key` (string) - Path to client key. If not set, this defaults to a 111 file named client.pem in `staging_directory`. 112 113 - `validation_client_name` (string) - Name of the validation client. If not 114 set, this won't be set in the configuration and the default that Chef uses 115 will be used. 116 117 - `validation_key_path` (string) - Path to the validation key for 118 communicating with the Chef Server. This will be uploaded to the 119 remote machine. If this is NOT set, then it is your responsibility via other 120 means (shell provisioner, etc.) to get a validation key to where Chef 121 expects it. 122 123 ## Chef Configuration 124 125 By default, Packer uses a simple Chef configuration file in order to set the 126 options specified for the provisioner. But Chef is a complex tool that supports 127 many configuration options. Packer allows you to specify a custom configuration 128 template if you'd like to set custom configurations. 129 130 The default value for the configuration template is: 131 132 ``` {.liquid} 133 log_level :info 134 log_location STDOUT 135 chef_server_url "{{.ServerUrl}}" 136 client_key "{{.ClientKey}}" 137 {{if ne .EncryptedDataBagSecretPath ""}} 138 encrypted_data_bag_secret "{{.EncryptedDataBagSecretPath}}" 139 {{end}} 140 {{if ne .ValidationClientName ""}} 141 validation_client_name "{{.ValidationClientName}}" 142 {{else}} 143 validation_client_name "chef-validator" 144 {{end}} 145 {{if ne .ValidationKeyPath ""}} 146 validation_key "{{.ValidationKeyPath}}" 147 {{end}} 148 node_name "{{.NodeName}}" 149 {{if ne .ChefEnvironment ""}} 150 environment "{{.ChefEnvironment}}" 151 {{end}} 152 {{if ne .SslVerifyMode ""}} 153 ssl_verify_mode :{{.SslVerifyMode}} 154 {{end}} 155 ``` 156 157 This template is a [configuration 158 template](/docs/templates/configuration-templates.html) and has a set of 159 variables available to use: 160 161 - `ChefEnvironment` - The Chef environment name. 162 - `EncryptedDataBagSecretPath` - The path to the secret key file to decrypt 163 encrypted data bags. 164 - `NodeName` - The node name set in the configuration. 165 - `ServerUrl` - The URL of the Chef Server set in the configuration. 166 - `SslVerifyMode` - Whether Chef SSL verify mode is on or off. 167 - `ValidationClientName` - The name of the client used for validation. 168 - `ValidationKeyPath` - Path to the validation key, if it is set. 169 170 ## Execute Command 171 172 By default, Packer uses the following command (broken across multiple lines for 173 readability) to execute Chef: 174 175 ``` {.liquid} 176 {{if .Sudo}}sudo {{end}}chef-client \ 177 --no-color \ 178 -c {{.ConfigPath}} \ 179 -j {{.JsonPath}} 180 ``` 181 182 When guest_os_type is set to "windows", Packer uses the following command to 183 execute Chef. The full path to Chef is required because the PATH environment 184 variable changes don't immediately propogate to running processes. 185 186 ``` {.liquid} 187 c:/opscode/chef/bin/chef-client.bat \ 188 --no-color \ 189 -c {{.ConfigPath}} \ 190 -j {{.JsonPath}} 191 ``` 192 193 This command can be customized using the `execute_command` configuration. As you 194 can see from the default value above, the value of this configuration can 195 contain various template variables, defined below: 196 197 - `ConfigPath` - The path to the Chef configuration file. file. 198 - `JsonPath` - The path to the JSON attributes file for the node. 199 - `Sudo` - A boolean of whether to `sudo` the command or not, depending on the 200 value of the `prevent_sudo` configuration. 201 202 ## Install Command 203 204 By default, Packer uses the following command (broken across multiple lines for 205 readability) to install Chef. This command can be customized if you want to 206 install Chef in another way. 207 208 ``` {.text} 209 curl -L https://www.chef.io/chef/install.sh | \ 210 {{if .Sudo}}sudo{{end}} bash 211 ``` 212 213 When guest_os_type is set to "windows", Packer uses the following command to 214 install the latest version of Chef: 215 216 ``` {.text} 217 powershell.exe -Command "(New-Object System.Net.WebClient).DownloadFile('http://chef.io/chef/install.msi', 'C:\\Windows\\Temp\\chef.msi');Start-Process 'msiexec' -ArgumentList '/qb /i C:\\Windows\\Temp\\chef.msi' -NoNewWindow -Wait" 218 ``` 219 220 This command can be customized using the `install_command` configuration. 221 222 ## Folder Permissions 223 224 !> The `chef-client` provisioner will chmod the directory with your Chef keys 225 to 777. This is to ensure that Packer can upload and make use of that directory. 226 However, once the machine is created, you usually don't want to keep these 227 directories with those permissions. To change the permissions on the 228 directories, append a shell provisioner after Chef to modify them. 229 230 ## Examples 231 232 ### Chef Client Local Mode 233 234 The following example shows how to run the `chef-cilent` provisioner in local 235 mode, while passing a `run_list` using a variable. 236 237 **Local environment variables** 238 239 # Machines Chef directory 240 export PACKER_CHEF_DIR=/var/chef-packer 241 # Comma separated run_list 242 export PACKER_CHEF_RUN_LIST="recipe[apt],recipe[nginx]" 243 ... 244 245 **Packer variables** 246 247 Set the necessary Packer variables using environment variables or provide a [var 248 file](/docs/templates/user-variables.html). 249 250 ``` {.liquid} 251 "variables": { 252 "chef_dir": "{{env `PACKER_CHEF_DIR`}}", 253 "chef_run_list": "{{env `PACKER_CHEF_RUN_LIST`}}", 254 "chef_client_config_tpl": "{{env `PACKER_CHEF_CLIENT_CONFIG_TPL`}}", 255 "packer_chef_bootstrap_dir": "{{env `PACKER_CHEF_BOOTSTRAP_DIR`}}" , 256 "packer_uid": "{{env `PACKER_UID`}}", 257 "packer_gid": "{{env `PACKER_GID`}}" 258 } 259 ``` 260 261 **Setup the** `chef-client` **provisioner** 262 263 Make sure we have the correct directories and permissions for the `chef-client` 264 provisioner. You will need to bootstrap the Chef run by providing the necessary 265 cookbooks using Berkshelf or some other means. 266 267 ``` {.liquid} 268 { 269 "type": "file", 270 "source": "{{user `packer_chef_bootstrap_dir`}}", 271 "destination": "/tmp/bootstrap" 272 }, 273 { 274 "type": "shell", 275 "inline": [ 276 "sudo mkdir -p {{user `chef_dir`}}", 277 "sudo mkdir -p /tmp/packer-chef-client", 278 "sudo chown {{user `packer_uid`}}.{{user `packer_gid`}} /tmp/packer-chef-client", 279 "sudo sh /tmp/bootstrap/bootstrap.sh" 280 ] 281 }, 282 { 283 "type": "chef-client", 284 "server_url": "http://localhost:8889", 285 "config_template": "{{user `chef_client_config_tpl`}}/client.rb.tpl", 286 "skip_clean_node": true, 287 "skip_clean_client": true, 288 "run_list": "{{user `chef_run_list`}}" 289 } 290 ```