github.com/rstandt/terraform@v0.12.32-0.20230710220336-b1063613405c/website/docs/provisioners/chef.html.markdown (about) 1 --- 2 layout: "docs" 3 page_title: "Provisioner: chef" 4 sidebar_current: "docs-provisioners-chef" 5 description: |- 6 The `chef` provisioner installs, configures and runs the Chef client on a resource. 7 --- 8 9 # Chef Provisioner 10 11 The `chef` provisioner installs, configures and runs the Chef Client on a remote 12 resource. The `chef` provisioner supports both `ssh` and `winrm` type 13 [connections](/docs/provisioners/connection.html). 14 15 -> **Note:** Provisioners should only be used as a last resort. For most 16 common situations there are better alternatives. For more information, see 17 [the main Provisioners page](./). 18 19 ## Requirements 20 21 The `chef` provisioner has some prerequisites for specific connection types: 22 23 * For `ssh` type connections, `cURL` must be available on the remote host. 24 * For `winrm` connections, `PowerShell 2.0` must be available on the remote host. 25 26 [Chef end user license agreement](https://www.chef.io/end-user-license-agreement/) must be accepted by setting `chef_license` to `accept` in `client_options` argument unless you are installing an old version of Chef client. 27 28 Without these prerequisites, your provisioning execution will fail. 29 30 ## Example usage 31 32 ```hcl 33 resource "aws_instance" "web" { 34 # ... 35 36 provisioner "chef" { 37 attributes_json = <<EOF 38 { 39 "key": "value", 40 "app": { 41 "cluster1": { 42 "nodes": [ 43 "webserver1", 44 "webserver2" 45 ] 46 } 47 } 48 } 49 EOF 50 51 environment = "_default" 52 client_options = ["chef_license 'accept'"] 53 run_list = ["cookbook::recipe"] 54 node_name = "webserver1" 55 secret_key = "${file("../encrypted_data_bag_secret")}" 56 server_url = "https://chef.company.com/organizations/org1" 57 recreate_client = true 58 user_name = "bork" 59 user_key = "${file("../bork.pem")}" 60 version = "12.4.1" 61 # If you have a self signed cert on your chef server change this to :verify_none 62 ssl_verify_mode = ":verify_peer" 63 } 64 } 65 ``` 66 67 ## Argument Reference 68 69 The following arguments are supported: 70 71 * `attributes_json (string)` - (Optional) A raw JSON string with initial node attributes 72 for the new node. These can also be loaded from a file on disk using 73 [the `file` function](/docs/configuration/functions/file.html). 74 75 * `channel (string)` - (Optional) The Chef Client release channel to install from. If not 76 set, the `stable` channel will be used. 77 78 * `client_options (array)` - (Optional) A list of optional Chef Client configuration 79 options. See the [Chef Client ](https://docs.chef.io/config_rb_client.html) documentation 80 for all available options. 81 82 * `disable_reporting (boolean)` - (Optional) If `true` the Chef Client will not try to send 83 reporting data (used by Chef Reporting) to the Chef Server (defaults to `false`). 84 85 * `environment (string)` - (Optional) The Chef environment the new node will be joining 86 (defaults to `_default`). 87 88 * `fetch_chef_certificates (boolean)` (Optional) If `true` the SSL certificates configured 89 on your Chef Server will be fetched and trusted. See the knife [ssl_fetch](https://docs.chef.io/knife_ssl_fetch.html) 90 documentation for more details. 91 92 * `log_to_file (boolean)` - (Optional) If `true`, the output of the initial Chef Client run 93 will be logged to a local file instead of the console. The file will be created in a 94 subdirectory called `logfiles` created in your current directory. The filename will be 95 the `node_name` of the new node. 96 97 * `use_policyfile (boolean)` - (Optional) If `true`, use the policy files to bootstrap the 98 node. Setting `policy_group` and `policy_name` are required if this is `true`. (defaults to 99 `false`). 100 101 * `policy_group (string)` - (Optional) The name of a policy group that exists on the Chef 102 server. Required if `use_policyfile` is set; `policy_name` must also be specified. 103 104 * `policy_name (string)` - (Optional) The name of a policy, as identified by the `name` 105 setting in a Policyfile.rb file. Required if `use_policyfile` is set; `policy_group` 106 must also be specified. 107 108 * `http_proxy (string)` - (Optional) The proxy server for Chef Client HTTP connections. 109 110 * `https_proxy (string)` - (Optional) The proxy server for Chef Client HTTPS connections. 111 112 * `named_run_list (string)` - (Optional) The name of an alternate run-list to invoke during the 113 initial Chef Client run. The run-list must already exist in the Policyfile that defines 114 `policy_name`. Only applies when `use_policyfile` is `true`. 115 116 * `no_proxy (array)` - (Optional) A list of URLs that should bypass the proxy. 117 118 * `node_name (string)` - (Required) The name of the node to register with the Chef Server. 119 120 * `ohai_hints (array)` - (Optional) A list with 121 [Ohai hints](https://docs.chef.io/ohai.html#hints) to upload to the node. 122 123 * `os_type (string)` - (Optional) The OS type of the node. Valid options are: `linux` and 124 `windows`. If not supplied, the connection type will be used to determine the OS type (`ssh` 125 will assume `linux` and `winrm` will assume `windows`). 126 127 * `prevent_sudo (boolean)` - (Optional) Prevent the use of the `sudo` command while installing, configuring 128 and running the initial Chef Client run. This option is only used with `ssh` type 129 [connections](/docs/provisioners/connection.html). 130 131 * `recreate_client (boolean)` - (Optional) If `true`, first delete any existing Chef Node and 132 Client before registering the new Chef Client. 133 134 * `run_list (array)` - (Optional) A list with recipes that will be invoked during the initial 135 Chef Client run. The run-list will also be saved to the Chef Server after a successful 136 initial run. Required if `use_policyfile` is `false`; ignored when `use_policyfile` is `true` 137 (see `named_run_list` to specify a run-list defined in a Policyfile). 138 139 * `secret_key (string)` - (Optional) The contents of the secret key that is used 140 by the Chef Client to decrypt data bags on the Chef Server. The key will be uploaded to the remote 141 machine. This can also be loaded from a file on disk using 142 [the `file` function](/docs/configuration/functions/file.html). 143 144 * `server_url (string)` - (Required) The URL to the Chef server. This includes the path to 145 the organization. See the example. 146 147 * `skip_install (boolean)` - (Optional) Skip the installation of Chef Client on the remote 148 machine. This assumes Chef Client is already installed when you run the `chef` 149 provisioner. 150 151 * `skip_register (boolean)` - (Optional) Skip the registration of Chef Client on the remote 152 machine. This assumes Chef Client is already registered and the private key (`client.pem`) 153 is available in the default Chef configuration directory when you run the `chef` 154 provisioner. 155 156 * `ssl_verify_mode (string)` - (Optional) Used to set the verify mode for Chef Client HTTPS 157 requests. The options are `:verify_none`, or `:verify_peer` which is default. 158 159 * `user_name (string)` - (Required) The name of an existing Chef user to register 160 the new Chef Client and optionally configure Chef Vaults. 161 162 * `user_key (string)` - (Required) The contents of the user key that will be used to 163 authenticate with the Chef Server. This can also be loaded from a file on disk using 164 [the `file` function](/docs/configuration/functions/file.html). 165 166 * `vault_json (string)` - (Optional) A raw JSON string with Chef Vaults and Items to which the new node 167 should have access. These can also be loaded from a file on disk using 168 [the `file` function](/docs/configuration/functions/file.html). 169 170 * `version (string)` - (Optional) The Chef Client version to install on the remote machine. 171 If not set, the latest available version will be installed.