terraform/website/source/docs/provisioners/chef.html.markdown

---
layout: "docs"
page_title: "Provisioner: chef"
sidebar_current: "docs-provisioners-chef"
description: |-
  The `chef` provisioner invokes a Chef Client run on a remote resource after first installing and configuring Chef Client on the remote resource. The `chef` provisioner supports both `ssh` and `winrm` type connections.
---

# Chef Provisioner

The `chef` provisioner invokes a Chef Client run on a remote resource after first installing
and configuring Chef Client on the remote resource. The `chef` provisioner supports both `ssh`
and `winrm` type [connections](/docs/provisioners/connection.html).

## Requirements

In order for the `chef` provisioner to work properly, you need either `cURL` (when using
a `ssh` type connection) or `PowerShell 2.0` (when using a `winrm` type connection) to be
available on the target machine.

## Example usage

```
# Start a initial chef run on a resource
resource "aws_instance" "web" {
    ...
    provisioner "chef"  {
        attributes {
            "key" = "value"
            "app" {
                "cluster1" {
                    "nodes" = ["webserver1", "webserver2"]
                }
            }
        }
        environment = "_default"
        run_list = ["cookbook::recipe"]
        node_name = "webserver1"
        secret_key_path = "../encrypted_data_bag_secret"
        server_url = "https://chef.company.com/organizations/org1"
        validation_client_name = "chef-validator"
        validation_key_path = "../chef-validator.pem"
        version = "12.4.1"
    }
}
```

## Argument Reference

The following arguments are supported:

* `attributes (map)` - (Optional) A map with initial node attributes for the new node.
  See example.

* `environment (string)` - (Optional) The Chef environment the new node will be joining
  (defaults `_default`).

* `log_to_file (boolean)` - (Optional) If true, the output of the initial Chef Client run
  will be logged to a local file instead of the console. The file will be created in a
  subdirectory called `logfiles` created in your current directory. The filename will be
  the `node_name` of the new node.

* `http_proxy (string)` - (Optional) The proxy server for Chef Client HTTP connections.

* `https_proxy (string)` - (Optional) The proxy server for Chef Client HTTPS connections.

* `no_proxy (array)` - (Optional) A list of URLs that should bypass the proxy.

* `node_name (string)` - (Required) The name of the node to register with the Chef Server.

* `ohai_hints (array)` - (Optional) A list with
  [Ohai hints](https://docs.chef.io/ohai.html#hints) to upload to the node.

* `os_type (string)` - (Optional) The OS type of the node. Valid options are: `linux` and
  `windows`. If not supplied the connection type will be used to determine the OS type (`ssh`
  will asume `linux` and `winrm` will assume `windows`).

* `prevent_sudo (boolean)` - (Optional) Prevent the use of sudo while installing, configuring
  and running the initial Chef Client run. This option is only used with `ssh` type
  [connections](/docs/provisioners/connection.html).

* `run_list (array)` - (Required) A list with recipes that will be invoked during the initial
  Chef Client run. The run-list will also be saved to the Chef Server after a successful
  initial run.

* `secret_key_path (string)` - (Optional) The path to the secret key that is used
  by the client to decrypt data bags on the Chef Server. The key will be uploaded to the remote
  machine.

* `server_url (string)` - (Required) The URL to the Chef server. This includes the path to
  the organization. See the example.

* `skip_install (boolean)` - (Optional) Skip the installation of Chef Client on the remote
  machine. This assumes Chef Client is already installed when you run the `chef`
  provisioner.

* `ssl_verify_mode (string)` - (Optional) Use to set the verify mode for Chef Client HTTPS
  requests.

* `validation_client_name (string)` - (Required) The name of the validation client to use
  for the initial communication with the Chef Server.

* `validation_key_path (string)` - (Required) The path to the validation key that is needed
  by the node to register itself with the Chef Server. The key will be uploaded to the remote
  machine.

* `version (string)` - (Optional) The Chef Client version to install on the remote machine.
  If not set the latest available version will be installed.
This commit adds a Chef Client provisioner The commit is pretty complete and has a tested/working provisioner for both SSH and WinRM. There are a few tests, but we maybe need another few to have better coverage. Docs are also included… 2015-05-08 13:45:31 +02:00			`---`
			`layout: "docs"`
Refactored quite a few things after review... Also renamed the provisioner to just `chef` as it’s out intention to end up with one provisioner for all types of `chef` clients. 2015-05-08 23:25:24 +02:00			`page_title: "Provisioner: chef"`
			`sidebar_current: "docs-provisioners-chef"`
This commit adds a Chef Client provisioner The commit is pretty complete and has a tested/working provisioner for both SSH and WinRM. There are a few tests, but we maybe need another few to have better coverage. Docs are also included… 2015-05-08 13:45:31 +02:00			`description: \|-`
Refactored quite a few things after review... Also renamed the provisioner to just `chef` as it’s out intention to end up with one provisioner for all types of `chef` clients. 2015-05-08 23:25:24 +02:00			The `chef` provisioner invokes a Chef Client run on a remote resource after first installing and configuring Chef Client on the remote resource. The `chef` provisioner supports both `ssh` and `winrm` type connections.
This commit adds a Chef Client provisioner The commit is pretty complete and has a tested/working provisioner for both SSH and WinRM. There are a few tests, but we maybe need another few to have better coverage. Docs are also included… 2015-05-08 13:45:31 +02:00			`---`

Refactored quite a few things after review... Also renamed the provisioner to just `chef` as it’s out intention to end up with one provisioner for all types of `chef` clients. 2015-05-08 23:25:24 +02:00			`# Chef Provisioner`
This commit adds a Chef Client provisioner The commit is pretty complete and has a tested/working provisioner for both SSH and WinRM. There are a few tests, but we maybe need another few to have better coverage. Docs are also included… 2015-05-08 13:45:31 +02:00
Refactored quite a few things after review... Also renamed the provisioner to just `chef` as it’s out intention to end up with one provisioner for all types of `chef` clients. 2015-05-08 23:25:24 +02:00			The `chef` provisioner invokes a Chef Client run on a remote resource after first installing
			and configuring Chef Client on the remote resource. The `chef` provisioner supports both `ssh`
			and `winrm` type [connections](/docs/provisioners/connection.html).

			`## Requirements`

			In order for the `chef` provisioner to work properly, you need either `cURL` (when using
			a `ssh` type connection) or `PowerShell 2.0` (when using a `winrm` type connection) to be
			`available on the target machine.`
This commit adds a Chef Client provisioner The commit is pretty complete and has a tested/working provisioner for both SSH and WinRM. There are a few tests, but we maybe need another few to have better coverage. Docs are also included… 2015-05-08 13:45:31 +02:00
			`## Example usage`

			```
			`# Start a initial chef run on a resource`
			`resource "aws_instance" "web" {`
			`...`
Refactored quite a few things after review... Also renamed the provisioner to just `chef` as it’s out intention to end up with one provisioner for all types of `chef` clients. 2015-05-08 23:25:24 +02:00			`provisioner "chef" {`
This commit adds a Chef Client provisioner The commit is pretty complete and has a tested/working provisioner for both SSH and WinRM. There are a few tests, but we maybe need another few to have better coverage. Docs are also included… 2015-05-08 13:45:31 +02:00			`attributes {`
			`"key" = "value"`
			`"app" {`
			`"cluster1" {`
provisioner/chef: small fix in the docs 2015-05-18 16:21:31 +02:00			`"nodes" = ["webserver1", "webserver2"]`
This commit adds a Chef Client provisioner The commit is pretty complete and has a tested/working provisioner for both SSH and WinRM. There are a few tests, but we maybe need another few to have better coverage. Docs are also included… 2015-05-08 13:45:31 +02:00			`}`
			`}`
			`}`
			`environment = "_default"`
			`run_list = ["cookbook::recipe"]`
			`node_name = "webserver1"`
update markdown 2015-07-09 16:12:56 +02:00			`secret_key_path = "../encrypted_data_bag_secret"`
This commit adds a Chef Client provisioner The commit is pretty complete and has a tested/working provisioner for both SSH and WinRM. There are a few tests, but we maybe need another few to have better coverage. Docs are also included… 2015-05-08 13:45:31 +02:00			`server_url = "https://chef.company.com/organizations/org1"`
			`validation_client_name = "chef-validator"`
			`validation_key_path = "../chef-validator.pem"`
update markdown 2015-07-09 16:12:56 +02:00			`version = "12.4.1"`
This commit adds a Chef Client provisioner The commit is pretty complete and has a tested/working provisioner for both SSH and WinRM. There are a few tests, but we maybe need another few to have better coverage. Docs are also included… 2015-05-08 13:45:31 +02:00			`}`
			`}`
			```

			`## Argument Reference`

			`The following arguments are supported:`

Tweaking a few minor things according to the feedback on GH 2015-05-12 10:37:38 +02:00			* `attributes (map)` - (Optional) A map with initial node attributes for the new node.
This commit adds a Chef Client provisioner The commit is pretty complete and has a tested/working provisioner for both SSH and WinRM. There are a few tests, but we maybe need another few to have better coverage. Docs are also included… 2015-05-08 13:45:31 +02:00			`See example.`

			* `environment (string)` - (Optional) The Chef environment the new node will be joining
			(defaults `_default`).

			* `log_to_file (boolean)` - (Optional) If true, the output of the initial Chef Client run
			`will be logged to a local file instead of the console. The file will be created in a`
			subdirectory called `logfiles` created in your current directory. The filename will be
			the `node_name` of the new node.

			* `http_proxy (string)` - (Optional) The proxy server for Chef Client HTTP connections.

			* `https_proxy (string)` - (Optional) The proxy server for Chef Client HTTPS connections.

			* `no_proxy (array)` - (Optional) A list of URLs that should bypass the proxy.

			* `node_name (string)` - (Required) The name of the node to register with the Chef Server.

Add an `ohai_hints` option to upload hint files This option takes a list of hints that will be uploaded to the new node before starting the initial Chef run. 2015-06-25 15:48:54 +02:00			* `ohai_hints (array)` - (Optional) A list with
			`[Ohai hints](https://docs.chef.io/ohai.html#hints) to upload to the node.`

Add an option to specifically specify the target OS Before this option (`os_type`) the provisioner would use the connection type to determine the targeted OS. When not supplying a value for `os_type`, it will fall back to the old behaviour, so this is full BC. 2015-06-25 14:29:48 +02:00			* `os_type (string)` - (Optional) The OS type of the node. Valid options are: `linux` and
			`windows`. If not supplied the connection type will be used to determine the OS type (`ssh`
Add an `ohai_hints` option to upload hint files This option takes a list of hints that will be uploaded to the new node before starting the initial Chef run. 2015-06-25 15:48:54 +02:00			will asume `linux` and `winrm` will assume `windows`).
Add an option to specifically specify the target OS Before this option (`os_type`) the provisioner would use the connection type to determine the targeted OS. When not supplying a value for `os_type`, it will fall back to the old behaviour, so this is full BC. 2015-06-25 14:29:48 +02:00
This commit adds a Chef Client provisioner The commit is pretty complete and has a tested/working provisioner for both SSH and WinRM. There are a few tests, but we maybe need another few to have better coverage. Docs are also included… 2015-05-08 13:45:31 +02:00			* `prevent_sudo (boolean)` - (Optional) Prevent the use of sudo while installing, configuring
			and running the initial Chef Client run. This option is only used with `ssh` type
			`[connections](/docs/provisioners/connection.html).`

			* `run_list (array)` - (Required) A list with recipes that will be invoked during the initial
			`Chef Client run. The run-list will also be saved to the Chef Server after a successful`
			`initial run.`

update markdown 2015-07-09 16:12:56 +02:00			* `secret_key_path (string)` - (Optional) The path to the secret key that is used
			`by the client to decrypt data bags on the Chef Server. The key will be uploaded to the remote`
			`machine.`

This commit adds a Chef Client provisioner The commit is pretty complete and has a tested/working provisioner for both SSH and WinRM. There are a few tests, but we maybe need another few to have better coverage. Docs are also included… 2015-05-08 13:45:31 +02:00			* `server_url (string)` - (Required) The URL to the Chef server. This includes the path to
			`the organization. See the example.`

			* `skip_install (boolean)` - (Optional) Skip the installation of Chef Client on the remote
Refactored quite a few things after review... Also renamed the provisioner to just `chef` as it’s out intention to end up with one provisioner for all types of `chef` clients. 2015-05-08 23:25:24 +02:00			machine. This assumes Chef Client is already installed when you run the `chef`
This commit adds a Chef Client provisioner The commit is pretty complete and has a tested/working provisioner for both SSH and WinRM. There are a few tests, but we maybe need another few to have better coverage. Docs are also included… 2015-05-08 13:45:31 +02:00			`provisioner.`

			* `ssl_verify_mode (string)` - (Optional) Use to set the verify mode for Chef Client HTTPS
			`requests.`

			* `validation_client_name (string)` - (Required) The name of the validation client to use
			`for the initial communication with the Chef Server.`

			* `validation_key_path (string)` - (Required) The path to the validation key that is needed
			`by the node to register itself with the Chef Server. The key will be uploaded to the remote`
			`machine.`

			* `version (string)` - (Optional) The Chef Client version to install on the remote machine.
			`If not set the latest available version will be installed.`