Skip to main content

Site Map

This is a site map for the following products:

This page has links to each topic in this doc set. You can also use the navigation tool or the search box to find what you're looking for.

If you need documentation for previous versions, see the Docs Archive.

Overview

Platform Overview

Community

About the Community | Contributing | Guidelines | Docs Style Guide | Send Feedback

Packages & Platforms

Packages | Platforms | Supported Versions | Chef Software Install Script | Omnitruck API

Licensing : About Licensing | Accepting License

Chef Automate

Getting Started

Quick Start Demo | System Requirements | Install Guide | Airgapped Installation | Install Chef Habitat Builder On-prem | Install Chef Infra Server With Automate | Migrate from Chef Automate 1 | Backup | Restore

Configuring Automate

Configuration | Data Collection | LDAP | Log Management | SAML | Telemetry

Applications

Chef EAS | Setting up the Applications Dashboard | Applications Dashboard | Event Feed | Desktop Dashboard | Client Runs

Compliance

Reports | Scan Jobs | Profiles | Nodes

Settings

Notifications | Data Feeds | Data Lifecycle | Node Integrations | Node Credentials | Users | Teams | API Tokens | Policies | Roles | Projects

Authorization

IAM Overview | IAM Users Guide | IAM Actions | Troubleshooting

Reference

Architecture | Chef Automate API | chef-automate CLI | Monitoring Chef Automate | ServiceNow Integration | Feature Flags

Chef Compliance

About Chef Compliance | Chef Compliance Guide

Chef Desktop

About Chef Desktop | Chef Desktop Requirements | Install Chef Components | Chef Desktop Development Environment | The Chef Desktop Development Pattern | Zero Touch Deployment for macOS and Windows on Azure | Zero Touch Deployment with MicroMDM for macOS | Chef Desktop Cookbook Reference

Resources

All Resources (Single Page) | chef_client_launchd | macos_admin_control | macos_app_management | macos_automatic_logout | macos_automatic_software_updates | macos_desktop_screensaver | macos_disk_encryption | macos_firewall | macos_password_policy | macos_power_management | rescue_account | windows_admin_control | windows_app_management | windows_automatic_logout | windows_defender | windows_defender_exclusion | windows_desktop_screensaver | windows_desktop_winrm_settings | windows_disk_encryption | windows_firewall | windows_password_policy | windows_power_management | windows_update_settings

Chef Habitat

About Chef Habitat

Install Habitat

Get Chef Habitat | Set up the Chef Habitat CLI | Download and Install FAQ

Builder

Chef Habitat Builder | Create an Account | Builder Profile | Origins | Origin Packages

Origins

Create an Origin | Origin Keys | Origin Membership & RBAC | Origin Settings

Packages

Building Packages | Promoting Packages | Exporting Packages | Continuous Integration | Runtime Binds

Plans

Plan Writing | Plan Quickstart | Plan Contents | Scaffolding | Binary Wrapper Packages

Services

About Services | Service Groups | Service Group Topologies | Service Group Configuration | Single Service Updates | Service Group Updates | Monitoring Services

Supervisors

About Supervisors | Running Supervisors | Running Chef Habitat on Servers (Linux and Windows) | Supervisor Design | Leader Elections | Setting Up a Ring | Supervisor Networks | Supervisor Cryptography | Securing Networks | Supervisor Configuration File | Supervisor Log Configuration | Supervisor Package Configuration | Launcher | Remote Control | Supervisor Guide

Reference

Habitat CLI Reference

API : Builder API | Supervisor API

| Application Lifecycle Hooks | Build Helpers | Build Phase Callbacks | Plan Configuration Helpers | Configuration Management | Configuration Templates | Custom Certificates | Environment Variables | Keys | Package Contents | Package Identifiers | Pattern Library | Plan Settings | Plan Variables | Service Template Data | Supervisor Log Codes

Containers

Chef Habitat and Containers | Container Orchestration | Kubernetes | Azure Container Services (AKS) | Amazon Container Services (ECS) | Google Container Registry (GCR) | Apache Mesos and DC/OS | Running Chef Habitat Linux Containers | Running Chef Habitat Windows Containers

Diagrams

Architecture Overview | Initial Package Build Flow | Dependency Update Flow | Application Rebuild Flow | Docker Container Publishing Flow | Automated Docker Container Publishing Flow | Promote Packages Through Channels | Runtime Services Group Binding | Chef Habitat Builder Architecture | Chef Habitat Builder on-prem Flow

Chef Infra

Getting Started

Chef Infra Overview | Quick Start | System Requirements

Chef on Azure Guide : Microsoft Azure | Chef Workstation in Azure Cloud Shell | Microsoft Azure PowerShell | Microsoft Azure Chef Extension | Knife Azure | Knife Azurerm

Chef on Windows Guide : Chef for Microsoft Windows | Windows Installation Guide | Knife Windows

| Chef and Terraform | Glossary | Uninstall

Concepts

Chef Infra Client Overview | chef-repo | Cookbooks | Custom Resources | Nodes

Policy : About Policy | About Policyfiles | Policyfile.rb | Data Bags | Run-lists | Environments | Roles

Supermarket : Supermarket | Public Supermarket | Private Supermarket | Share Cookbooks

Features

Chef Solo : About Chef Solo | chef-solo (executable) | solo.rb

Ohai : About Ohai | ohai (executable)

| FIPS | Handlers | Search | Troubleshooting

Setup

Nodes : Install via Bootstrap | chef-client (executable) | client.rb | Upgrades | Security

Chef Infra Server : | Install Standalone

| Working with Proxies | Air-gapped Installation | FIPS-mode

Integrations : AWS Marketplace | Google Cloud Platform | VMware

Supermarket : | Install Private Supermarket | Customize Supermarket | supermarket.rb Settings | Backup and Restore | Log Files | Monitoring | knife supermarket | supermarket-ctl | Supermarket API

Cookbook Reference

About Cookbooks | Files

Attributes : Attributes | Attributes Arrays | Attribute Persistence | Attribute Precedence | Attribute Sources | Attribute Types

| Libraries

Recipes : About Recipes | Debug Recipes, Client Runs

Chef Infra Language : Language Overview | Cookbook Execution | Node Tags | Shelling Out | Checking Platforms | Checking Architectures | Checking Clouds | Checking Hypervisors | Windows | Reading Data Bags | Search | Logging | Editing Resources | Reading Registry Keys

| Custom Resources DSL

Resources : About Resources | Common Resource Functionality | Migrating from Definitions | Custom Resources | Custom Resource Guide | All Resources (Single Page) | alternatives | apt_package | apt_preference | apt_repository | apt_update | archive_file | bash | batch | bff_package | breakpoint | build_essential | cab_package | chef_acl | chef_client | chef_client_config | chef_client_cron | chef_client_launchd | chef_client_scheduled_task | chef_client_systemd_timer | chef_client_trusted_certificate | chef_container | chef_data_bag | chef_data_bag_item | chef_environment | chef_gem | chef_group | chef_handler | chef_node | chef_organization | chef_role | chef_sleep | chef_user | chef_vault_secret | chocolatey_config | chocolatey_feature | chocolatey_package | chocolatey_source | cookbook_file | cron | cron_access | cron_d | csh | directory | dmg_package | dnf_package | dpkg_package | dsc_resource | dsc_script | execute | file | freebsd_package | gem_package | git | group | homebrew_cask | homebrew_package | homebrew_tap | homebrew_update | hostname | http_request | ifconfig | ips_package | kernel_module | ksh | launchd | link | locale | log | macos_userdefaults | macports_package | mdadm | mount | msu_package | notify_group | ohai | ohai_hint | openbsd_package | openssl_dhparam | openssl_ec_private_key | openssl_ec_public_key | openssl_rsa_private_key | openssl_rsa_public_key | openssl_x509_certificate | openssl_x509_crl | openssl_x509_request | osx_profile | package | pacman_package | paludis_package | perl | plist | portage_package | powershell_package | powershell_package_source | powershell_script | python | reboot | registry_key | remote_directory | remote_file | rhsm_errata | rhsm_errata_level | rhsm_register | rhsm_repo | rhsm_subscription | route | rpm_package | ruby | ruby_block | script | service | smartos_package | snap_package | solaris_package | ssh_known_hosts_entry | subversion | sudo | swap_file | sysctl | systemd_unit | template | timezone | user | user_ulimit | windows_ad_join | windows_audit_policy | windows_auto_run | windows_certificate | windows_dfs_folder | windows_dfs_namespace | windows_dfs_server | windows_dns_record | windows_dns_zone | windows_env | windows_feature | windows_feature_dism | windows_feature_powershell | windows_firewall_profile | windows_firewall_rule | windows_font | windows_package | windows_pagefile | windows_path | windows_printer | windows_printer_port | windows_security_policy | windows_service | windows_share | windows_shortcut | windows_task | windows_uac | windows_user_privilege | windows_workgroup | yum_package | yum_repository | zypper_package | zypper_repository

| Templates | Cookbook Repo | metadata.rb | Cookbook Versioning | Ruby Guide

Extension APIs

Handlers : Custom Handlers | Handler DSL | Community Handlers

| Compliance DSL

Knife Plugins : Cloud Plugins | Writing Custom Plugins

Ohai Plugins : Custom Plugins | Community Plugins

| Deprecations

Chef Infra Server

Overview

Infra Server Overview | Server Users | Authentication | Runbook | Services

Planning

Chef Infra Server Prerequisites | Capacity Planning

Installation

Install Chef Infra Server | Install High Availability | Airgap | Tiered Installation | Upgrades | Upgrade HA Cluster

Configure

chef-server.rb Settings | Chef Infra Server Optional Settings | chef-backend.rb Settings | Server Firewalls and Ports | Security

Manage

Backup and Restore | Backend Failure Recovery | Monitor | Tuning | Log Files

Reference

chef-server-ctl | chef-backend-ctl | Chef Infra Server API | Firewalls & Ports

Chef InSpec

Chef InSpec Overview | Install and Uninstall | Chef InSpec for the Cloud | Chef InSpec and Friends | Chef InSpec Glossary

Chef InSpec Reference

InSpec Executable | Profiles | Inputs | Matchers | Reporters | Configuration | Chef InSpec DSL | Profile Style Guide | Custom Resources | Plugins | kitchen-inspec | InSpec Shell | Chef Habitat Integration | Migration from Serverspec | Waivers

Chef InSpec Resources

InSpec Resources (Single Page)

OS Resources : aide_conf | apache | apache_conf | apt | audit_policy | auditd | auditd_conf | bash | bond | bridge | bsd_service | chocolatey_package | command | cpan | cran | crontab | csv | dh_params | directory | docker | docker_container | docker_image | docker_plugin | docker_service | elasticsearch | etc_fstab | etc_group | etc_hosts | etc_hosts_allow | etc_hosts_deny | file | filesystem | firewalld | gem | group | groups | grub_conf | host | http | iis_app | iis_site | inetd_conf | ini | interface | interfaces | ip6tables | iptables | json | kernel_module | kernel_parameter | key_rsa | launchd_service | limits_conf | login_defs | mount | mssql_session | mysql_conf | mysql_session | nginx | nginx_conf | npm | ntp_conf | oneget | oracledb_session | os | os_env | package | packages | parse_config | parse_config_file | passwd | pip | port | postfix_conf | postgres_conf | postgres_hba_conf | postgres_ident_conf | postgres_session | powershell | processes | rabbitmq_config | registry_key | runit_service | security_identifier | security_policy | service | shadow | ssh_config | sshd_config | ssl | sys_info | systemd_service | sysv_service | upstart_service | user | users | vbscript | virtualization | windows_feature | windows_firewall | windows_firewall_rule | windows_hotfix | windows_task | wmi | x509_certificate | xinetd_conf | xml | yaml | yum | zfs_dataset | zfs_pool

AWS Resources : aws_alb | aws_albs | aws_auto_scaling_group | aws_auto_scaling_groups | aws_cloudformation_stack | aws_cloudtrail_trail | aws_cloudtrail_trails | aws_cloudwatch_alarm | aws_cloudwatch_log_group | aws_cloudwatch_log_metric_filter | aws_config_delivery_channel | aws_config_recorder | aws_db_subnet_group | aws_db_subnet_groups | aws_dhcp_options | aws_dynamodb_table | aws_ebs_volume | aws_ebs_volumes | aws_ec2_instance | aws_ec2_instances | aws_ecr | aws_ecr_image Resource | aws_ecr_images | aws_ecr_repositories | aws_ecr_repository | aws_ecs_cluster | aws_ecs_clusters | aws_efs_file_system | aws_efs_file_systems | aws_eks_cluster | aws_eks_clusters | aws_elasticache_cluster | aws_elasticache_cluster_node | aws_elasticache_clusters | aws_elb | aws_elbs | aws_flow_log | aws_hosted_zone | aws_hosted_zones | aws_iam_access_key | aws_iam_access_keys | aws_iam_account_alias | aws_iam_group | aws_iam_groups | aws_iam_inline_policy | aws_iam_password_policy | aws_iam_policies | aws_iam_policy | aws_iam_role | aws_iam_roles | aws_iam_root_user | aws_iam_saml_provider | aws_iam_saml_providers | aws_iam_user | aws_iam_users | About the aws_internet_gateway Resource | aws_internet_gateways | aws_kms_key | aws_kms_keys | aws_lambda | aws_lambdas | aws_launch_configuration | aws_nat_gateway | aws_nat_gateways | aws_organizations_member | aws_rds_cluster | aws_rds_clusters | aws_rds_instance | aws_rds_instances | aws_region | aws_regions | aws_route_table | aws_route_tables | aws_s3_bucket | aws_s3_bucket_object | aws_s3_buckets | aws_security_group | aws_security_groups | aws_sns_subscription | aws_sns_topic | aws_sns_topics | aws_sqs_queue | aws_sqs_queues | aws_ssm_parameter | aws_ssm_parameters | aws_sts_caller_identity | aws_subnet | aws_subnets | aws_transit_gateway | aws_vpc | aws_vpcs

Azure Resources : azure_generic_resource | azure_resource_group | azure_virtual_machine | azure_virtual_machine_data_disk | azurerm_ad_user | azurerm_ad_users | azurerm_aks_cluster | azurerm_aks_clusters | azurerm_cosmosdb_database_account | azurerm_event_hub_authorization_rule | azurerm_event_hub_event_hub | azurerm_event_hub_namespace | azurerm_iothub | azurerm_iothub_event_hub_consumer_group | azurerm_iothub_event_hub_consumer_groups | azurerm_key_vault | azurerm_key_vault_key | azurerm_key_vault_keys | azurerm_key_vault_secret | azurerm_key_vault_secrets | azurerm_key_vaults | azurerm_load_balancer | azurerm_load_balancers | azurerm_locks | azurerm_management_group | azurerm_management_groups | azurerm_monitor_activity_log_alert | azurerm_monitor_activity_log_alerts | azurerm_monitor_log_profile | azurerm_monitor_log_profiles | azurerm_mysql_database | azurerm_mysql_databases | azurerm_mysql_server | azurerm_mysql_servers | azurerm_network_interface | azurerm_network_interfaces | azurerm_network_security_group | azurerm_network_security_groups | azurerm_network_watcher | azurerm_network_watchers | azurerm_postgresql_database | azurerm_postgresql_databases | azurerm_postgresql_server | azurerm_postgresql_servers | azurerm_resource_groups | azurerm_role_definition | azurerm_role_definitions | azurerm_security_center_policies | azurerm_security_center_policy | azurerm_sql_database | azurerm_sql_databases | azurerm_sql_server | azurerm_sql_servers | azurerm_storage_account_blob_container | azurerm_storage_account_blob_containers | azurerm_subnet | azurerm_subnets | azurerm_subscription | azurerm_virtual_machine | azurerm_virtual_machine_disk | azurerm_virtual_machine_disks | azurerm_virtual_machines | azurerm_virtual_network | azurerm_virtual_networks | azurerm_webapp | azurerm_webapps

GCP Resources : google_access_context_manager_access_policies | google_access_context_manager_access_policy | google_access_context_manager_service_perimeter | google_access_context_manager_service_perimeters | google_appengine_standard_app_version | google_appengine_standard_app_versions | google_bigquery_dataset | google_bigquery_datasets | google_bigquery_table | google_bigquery_tables | google_billing_project_billing_info | google_cloud_scheduler_job | google_cloud_scheduler_jobs | google_cloudbuild_trigger | google_cloudbuild_triggers | google_cloudfunctions_cloud_function | google_cloudfunctions_cloud_functions | google_compute_address | google_compute_addresses | google_compute_autoscaler | google_compute_autoscalers | google_compute_backend_bucket | google_compute_backend_buckets | google_compute_backend_service | google_compute_backend_services | google_compute_disk | google_compute_disks | google_compute_firewall | google_compute_firewalls | google_compute_forwarding_rule | google_compute_forwarding_rules | google_compute_global_address | google_compute_global_addresses | google_compute_global_forwarding_rule | google_compute_global_forwarding_rules | google_compute_health_check | google_compute_health_checks | google_compute_http_health_check | google_compute_http_health_checks | google_compute_https_health_check | google_compute_https_health_checks | google_compute_image | google_compute_instance | google_compute_instance_group | google_compute_instance_group_manager | google_compute_instance_group_managers | google_compute_instance_groups | google_compute_instance_template | google_compute_instance_templates | google_compute_instances | google_compute_network | google_compute_network_endpoint_group | google_compute_network_endpoint_groups | google_compute_networks | google_compute_node_group | google_compute_node_groups | google_compute_node_template | google_compute_node_templates | google_compute_project_info | google_compute_region | google_compute_region_backend_service | google_compute_region_backend_services | google_compute_region_instance_group_manager | google_compute_region_instance_group_managers | google_compute_regional_disk | google_compute_regions | google_compute_route | google_compute_router | google_compute_router_nat | google_compute_router_nats | google_compute_routers | google_compute_routes | google_compute_security_policies | google_compute_security_policy | google_compute_snapshot | google_compute_snapshots | google_compute_ssl_certificate | google_compute_ssl_certificates | google_compute_ssl_policies | google_compute_ssl_policy | google_compute_subnetwork | google_compute_subnetwork_iam_binding | google_compute_subnetwork_iam_policy | google_compute_subnetworks | google_compute_target_http_proxies | google_compute_target_http_proxy | google_compute_target_https_proxies | google_compute_target_https_proxy | google_compute_target_pool | google_compute_target_pools | google_compute_target_tcp_proxies | google_compute_target_tcp_proxy | google_compute_url_map | google_compute_url_maps | google_compute_vpn_tunnel | google_compute_vpn_tunnels | google_compute_zone | google_compute_zones | google_container_cluster | google_container_clusters | google_container_node_pool | google_container_node_pools | google_container_regional_cluster | google_container_regional_clusters | google_container_regional_node_pool | google_container_regional_node_pools | google_dataproc_cluster | google_dataproc_clusters | google_dns_managed_zone | google_dns_managed_zones | google_dns_resource_record_set | google_dns_resource_record_sets | google_filestore_instance | google_filestore_instances | google_iam_custom_role | google_iam_custom_roles | google_iam_organization_custom_role | google_iam_organization_custom_roles | google_iam_service_account | google_iam_service_account_key | google_iam_service_account_keys | google_iam_service_accounts | google_kms_crypto_key | google_kms_crypto_key_iam_binding | google_kms_crypto_key_iam_bindings | google_kms_crypto_key_iam_policy | google_kms_crypto_keys | google_kms_key_ring | google_kms_key_ring_iam_binding | google_kms_key_ring_iam_bindings | google_kms_key_ring_iam_policy | google_kms_key_rings | google_logging_folder_exclusion | google_logging_folder_exclusions | google_logging_folder_log_sink | google_logging_folder_log_sinks | google_logging_organization_log_sink | google_logging_organization_log_sinks | google_logging_project_exclusion | google_logging_project_exclusions | google_logging_project_sink | google_logging_project_sinks | google_ml_engine_model | google_ml_engine_models | google_organization | google_organization_iam_binding | google_organization_iam_policy | google_organization_policy | google_organizations | google_project | google_project_alert_policies | google_project_alert_policy | google_project_alert_policy_condition | google_project_iam_binding | google_project_iam_bindings | google_project_iam_custom_role | google_project_iam_custom_roles | google_project_iam_policy | google_project_logging_audit_config | google_project_metric | google_project_metrics | google_project_service | google_project_services | google_projects | google_pubsub_subscription | google_pubsub_subscription_iam_binding | google_pubsub_subscription_iam_policy | google_pubsub_subscriptions | google_pubsub_topic | google_pubsub_topic_iam_binding | google_pubsub_topic_iam_policy | google_pubsub_topics | google_redis_instance | google_redis_instances | google_resourcemanager_folder | google_resourcemanager_folder_iam_binding | google_resourcemanager_folder_iam_policy | google_resourcemanager_folders | google_resourcemanager_organization_policy | google_resourcemanager_project_iam_binding | google_resourcemanager_project_iam_policy | google_runtime_config_config | google_runtime_config_config_iam_binding | google_runtime_config_config_iam_policy | google_runtime_config_configs | google_runtime_config_variable | google_runtime_config_variables | google_service_account | google_service_account_key | google_service_account_keys | google_service_accounts | google_sourcerepo_repositories | google_sourcerepo_repository | google_spanner_database | google_spanner_databases | google_spanner_instance | google_spanner_instance_iam_binding | google_spanner_instance_iam_policy | google_spanner_instances | google_sql_database_instance | google_sql_database_instances | google_sql_user | google_sql_users | google_storage_bucket | google_storage_bucket_acl | google_storage_bucket_iam_binding | google_storage_bucket_iam_bindings | google_storage_bucket_iam_policy | google_storage_bucket_object | google_storage_bucket_objects | google_storage_buckets | google_storage_default_object_acl | google_storage_object_acl | google_user | google_users

Habitat Resources : habitat_package | habitat_packages | habitat_service | habitat_services

Chef Workstation

About Chef Workstation | Privacy and Telemetry | Install Chef Workstation

Chef Workstation Tools

Berkshelf

chef (executable) : chef executable (full page) | chef capture | chef env | chef exec | chef gem | chef generate attribute | chef generate cookbook | chef generate file | chef generate recipe | chef generate repo | chef generate resource | chef generate template | chef report cookbooks | chef report nodes | chef shell-init

| chef-apply (executable) | chef-run (executable) | chef-shell (executable) | chef-vault (executable) | ChefSpec | Chef Workstation App | config.rb (knife.rb) | Optional config.rb Settings | Cookstyle | Delivery CLI | Foodcritic

Test Kitchen : About Test Kitchen | kitchen (executable) | kitchen.yml | kitchen-vagrant

Knife : About Knife | Setting up Knife | Knife Common Options | config.rb (knife.rb) | knife azure | knife azurerm | knife bootstrap | knife client | knife configure | knife cookbook | knife cookbook site | knife data bag | knife delete | knife deps | knife diff | knife download | knife edit | knife environment | knife exec | knife list | knife node | knife opc | knife raw | knife recipe list | knife role | knife search | knife serve | knife show | knife ssh | knife ssl_check | knife ssl_fetch | knife status | knife supermarket | knife tag | knife upload | knife user | knife windows | knife xargs

| Upgrade Lab | Getting Started | Configure Chef Workstation | Troubleshooting

Effortless Pattern

Effortless Overview | Quick Start | Effortless Audit | Effortless Config | Variables and Config | What is Scaffolding

Release Notes

Chef Automate | Chef InSpec | Chef Workstation | Chef Infra Client | Chef Infra Server | Chef Manage

Legacy

Chef Manage

About the Management Console | manage.rb | chef-manage-ctl | Active Directory & LDAP | Configure SAML | Clients | Cookbooks | Data Bags | Environments | Nodes | Roles | Organizations & Groups | Users Send Feedback

Was this page helpful?