About Chef Workstation
Chef Workstation is an all-in-one package that gives you everything you need to get started with Chef infrastructure automation. With a single installation, you get tools for configuration management, compliance scanning, cookbook development, dependency resolution, and testing.
Chef Workstation is the primary toolkit for Chef infrastructure engineers. You can use Chef Workstation to:
- Define automation: Generate cookbooks and write configuration policy using Chef’s declarative resources, or use community cookbooks from Chef Supermarket.
- Manage secrets: Encrypt and manage sensitive data, such as passwords and certificates, using Chef Vault.
- Scan for compliance: Run Chef InSpec profiles against remote systems to detect and remediate security and configuration issues.
- Test locally: Validate your cookbooks with Test Kitchen and Cookstyle before deploying to production.
Components
Chef Workstation includes the following fully integrated tools:
Core development tools
- Chef CLI (
chef-cli): Primary command-line interface for Chef development workflows, providing unified access to common Chef operations - Chef Infra Client: Latest release candidate of the Chef Infra Client, enabling infrastructure automation and configuration management
- Knife: Essential tool for interacting with Chef Infra Server, managing nodes, cookbooks, roles, and other Chef objects
- Chef InSpec: Latest release candidate of InSpec, enabling compliance and security testing.
Testing and quality assurance
- Chef Test Kitchen Enterprise: Comprehensive testing framework for validating infrastructure code across multiple platforms and environments
- Chef InSpec: Compliance and security testing framework for auditing infrastructure and applications against security standards and regulations
- Cookstyle: Ruby and Chef cookbook linting tool that enforces style guidelines and best practices
- Fauxhai: Mock Ohai data generator for testing purposes, enabling rapid cookbook testing without requiring actual systems
Dependency and secret management
- Berkshelf: Cookbook dependency manager that streamlines the process of managing and retrieving cookbook dependencies
- Chef Vault: Secure data management tool for encrypting and managing secrets within Chef workflows
- Ohai: System profiling tool that detects and reports system attributes for use in Chef recipes
Get started
To get started with Chef Workstation:
Cookbook development workflow
Use the following workflow when creating, developing, and testing your cookbooks:
Generate a new cookbook with
chef generate cookbook <COOKBOOK_NAME>This creates a cookbook with a default recipe, a
kitchen.ymlconfiguration for Test Kitchen Enterprise, and a starter Chef InSpec profile.Write cookbook recipes in the
recipesdirectory.Create a Chef InSpec profile that verifies that your cookbook runs successfully.
Lint the cookbook with Cookstyle (
cookstyle .) to check for style issues.Run Test Kitchen Enterprise (
kitchen converge) to converge your cookbook in a local VM or container and verify it works:This command does the following:
- Creates a VM, container, or cloud instance.
- Installs the provisioner (Chef Infra Client) on the instance.
- Loads the cookbook and Test Kitchen config on the instance.
- Runs the cookbook to bring the instance into the state defined in the cookbook.
Use Test Kitchen Enterprise to run your InSpec profile (
kitchen verify) against the converged instance.Test Kitchen reports a pass or fail for each control defined in the InSpec profile.
Destroy the Test Kitchen Enterprise instance (
kitchen destroy) when you’re done.If your tests fail, update your cookbook and InSpec profile, re-converge your cookbook and re-verify your InSpec profile until all tests pass.
Before deploying in a production environment, test your cookbook in a matching environment.
Deploy your cookbooks to production only after they pass all acceptance tests.