Chef

Chef is an infrastructure automation framework that uses code to define, manage, and scale infrastructure. It enables teams to automate provisioning, configuration, and management of systems across cloud, on-premises, and hybrid environments.

What is Chef?

Chef automates infrastructure by allowing you to express configuration as code. Following a declarative model, you define desired state, and Chef ensures systems converge to that state through idempotent operations.

Core principles:

Infrastructure as Code — Version-control your infrastructure
Idempotent — Safe to run multiple times
Declarative — Define "what", not "how"
Convergence — Systems reach desired state automatically

Key Components

Chef Infra Client — Converges nodes to desired state
Chef Infra Server — Central management hub for cookbooks and node data
Chef Workstation — Development environment (Chef CLI, Knife, Test Kitchen, Cookstyle)
Cookbooks — Reusable configuration packages
InSpec — Infrastructure testing and compliance
Chef Automate — Dashboards, visibility, and analytics

Quick Start

Install

# Install Chef Workstation
brew install chef-workstation

# Verify
chef --version
knife --version

Create Cookbook

chef generate cookbook nginx_web
cd nginx_web

Write Recipe

# recipes/default.rb

package 'nginx' do
  action :install
end

service 'nginx' do
  action [:enable, :start]
end

template '/etc/nginx/nginx.conf' do
  source 'nginx.conf.erb'
  notifies :restart, 'service[nginx]'
end

Test with Test Kitchen

kitchen test

Documentation

Guide	Description
Chef Fundamentals	Cookbooks, recipes, resources, attributes, roles, environments, Chef Infra Server
Chef Cheat Sheet	Knife commands, resource reference, role/environment patterns, Test Kitchen

Core Concepts

Cookbooks

Collections of recipes, attributes, templates, and files that define infrastructure.

my_cookbook/
├── recipes/              # Recipe definitions
├── attributes/           # Default values
├── templates/            # Configuration templates
├── files/               # Static files
└── metadata.rb          # Cookbook metadata

Recipes

Ruby code that defines resources and configuration.

package 'nginx'
service 'nginx' { action :start }
template '/etc/nginx/nginx.conf' { source 'nginx.conf.erb' }

Resources

Building blocks representing system components (packages, services, files, users, etc.).

Roles

Grouping of recipes and attributes for specific purposes (webserver, database, etc.).

Environments

Separation of infrastructure stages (dev, staging, production).

Chef Resources

Resource	Purpose
`package`	Install/remove packages
`service`	Manage system services
`file`	Create/manage files
`directory`	Create/manage directories
`template`	Manage files from templates
`user`	Manage user accounts
`group`	Manage user groups
`execute`	Run commands
`git`	Clone/manage git repos
`cron`	Manage cron jobs

Common Tasks

Manage Nodes

knife node list                    # List all nodes
knife node show node-name          # Show node details
knife bootstrap 192.168.1.100 -x ubuntu  # Bootstrap new node
knife ssh 'role:webserver' 'sudo chef-client'  # Run chef on nodes

Manage Cookbooks

knife cookbook upload my_cookbook  # Upload to server
knife cookbook list               # List on server
knife cookbook download my_cookbook  # Download from server

Manage Roles

knife role create webserver        # Create role
knife role upload webserver        # Upload role
knife role list                    # List roles

Test Cookbooks

kitchen create                     # Create test instances
kitchen converge                   # Run chef
kitchen verify                     # Run tests
kitchen test                       # Full cycle

Why Chef?

Scalability — Manage thousands of nodes
Flexibility — Ruby-based DSL for complex requirements
Idempotence — Safe repeated runs
Testing — Test Kitchen and InSpec integration
Ecosystem — Supermarket has thousands of cookbooks
Enterprise — Chef Automate for visibility and compliance

Use Cases

Cloud provisioning — Automate instance setup
Configuration management — Keep systems in desired state
Compliance — Verify and enforce security policies
Application deployment — Deploy and manage applications
Multi-environment — Separate dev, staging, production

Best Practices

Use attributes — Make recipes configurable
Write idempotent recipes — Safe to run repeatedly
Test thoroughly — Use Test Kitchen and InSpec
Version cookbooks — Track changes in git
Use roles and environments — Organize infrastructure
Document recipes — Include README and comments
Follow conventions — Use cookbook structure standards

Chef Infra Server

Central hub for Chef infrastructure:

Store and manage cookbooks
Store node attributes and data
Manage policies and run lists
Role-based access control
Secure node authentication

Integration with Clouds

Chef works with:

AWS — EC2, RDS, S3
Azure — Virtual Machines, App Service
GCP — Compute Engine
Kubernetes — Container orchestration

Next Steps

Chef Fundamentals — Learn cookbooks, recipes, resources
Chef Cheat Sheet — Knife commands and patterns
Official Documentation — Complete reference
Supermarket — Community cookbooks
InSpec — Infrastructure testing

Common Commands

chef generate cookbook NAME       # Create cookbook
knife cookbook upload COOKBOOK    # Upload to server
knife node list                   # List nodes
kitchen test                      # Test cookbook
cookstyle COOKBOOK               # Check style

Contributing

Have Chef tips, cookbooks, or best practices to share? Contribute to CloudCaptain!

What is Chef?​

Key Components​

Quick Start​

Install​

Create Cookbook​

Write Recipe​

Test with Test Kitchen​

Documentation​

Core Concepts​

Cookbooks​

Recipes​

Resources​

Roles​

Environments​

Chef Resources​

Common Tasks​

Manage Nodes​

Manage Cookbooks​

Manage Roles​

Test Cookbooks​

Why Chef?​

Use Cases​

Best Practices​

Chef Infra Server​

Integration with Clouds​

Next Steps​

Common Commands​

Contributing​