Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Pull request Compare This branch is 1779 commits behind chef:master.
Fetching latest commit...
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.



This cookbook configures a Chef client or server installed via RubyGems. If Chef was installed from OS packages, please use the “chef” cookbook to configure Chef itself.


This cookbook requires Chef installed from RubyGems. Chef v0.8.x+.


Server bootstrap is tested on Ubuntu 9.10, 9.04, 8.10 and 8.04, Debian 5.0.

Client bootstrap is tested on the above, plus CentOS 5.3, Fedora 10, OpenBSD 4.6, FreeBSD 7.1 and Gentoo. OpenSolaris 11 is also tested, but there's a bug in Ohai that requires some manual intervention (OHAI-122).


Opscode cookbooks,

Both clients and servers:

  • runit

Servers only:

  • couchdb

  • rabbitmq_chef

  • openssl

  • zlib

  • xml

  • java

The couchdb and rabbitmq_chef recipes may be naive depending on the platform. The contents can be reviewed in the opscode/cookbooks repository to check if a particular platform is supported. If not, manual installation and modifications to the recipes will be required.


Cookbook attributes are namespaced 'bootstrap[:chef]' - eg: 'bootstrap[:chef][:client_version]'. You may wish to change some of these locations to customize for your environment. For the bootstrap process this is done with a JSON data file passed to chef-solo.


Sets the umask for files created by the server process.


Set up the URLs the client should connect to with this. Default is 'http', which tells the client to connect to 'server:4000'. If you want to set up your chef-server to use an SSL front-end, set this to 'https' and the URLs will be 'server/'. The bootstrap::server recipe does not support an SSL front-end configuration, see chef::server_proxy for an example.


Specifies the init style to use. Default 'runit'. Other possible values 'init', 'bsd', any other string will be treated as unknown.

If your platform doesn't have a 'runit' package or if the cookbook doesn't detect it, but you stil want to use runit, set init_style to 'none' and install runit separately.


This is the base location where chef will store its associated data. Default '/srv/chef' for RubyGems installed systems. The location preference varies by platform. The default is a filesystem hiearchy standard suggestion[0]. Some other locations you may consider, by platform:

Debian and Red Hat based Linux distros (Ubuntu, CentOS, Fedora, etc):

  • /var/lib/chef

Any BSD and Gentoo:

  • /var/chef


Location for pidfiles on systems using init scripts. Default '/var/run/chef'.

If init_style is 'init', this is used, and should match what the init script itself uses for the PID files.


Location where the client will cache cookbooks and other data. Default is 'cache' underneath the bootstrap[:chef][:path] location. Some Linux distributions might prefer /var/cache/chef instead.


Used by the Chef server as the base location to “serve” cookbooks, roles and other assets. Default is /srv/chef.


Port for the chef-server API process. Default is 4000.


Port for the chef-server-webui process. Default is 4040.


Whether the web user interface should be installed and enabled. Default is 'false'. In Chef versions prior to 0.8 the webui provided the API, but 0.8 split them apart so now the webui is optional. See the Chef wiki [1] for major changes in 0.8.


Set a random, secure default password for the webui user. See /etc/chef/server.rb when the chef-solo run completes for the value of web_ui_admin_default_password to log into the webui. This password is generated with the openssl cookbook, though can be set with JSON.

server_version, client_version

Set the version of the Gems to install. This can be used to upgrade Chef automatically[2]. The chef gems are not managed by the Opscode Chef cookbook, however.


Number of seconds to run chef-client periodically. Default '1800' (30 minutes).


Splay interval to randomly add to interval. Default '20'.


Directory where logs are stored if logs are not sent to STDOUT. Systems using runit should send logs to STDOUT as runit manages log output. Default '/var/log/chef'. Runit's logs are in /etc/sv/SERVICE_NAME/log/main/current, where SERVICE_NAME is the name of the service, e.g., 'chef-client', 'chef-server', 'chef-solr' etc. See the recipes for the runit_services that get set up.

client_log, indexer_log, server_log

Location of the client, indexer and server logs, respectively. Default 'STDOUT' on systems with runit, '/var/log/chef/{client,indexer,server}.log' on other systems.


Fully qualified domain name of the server. Default is the current node's fqdn as detected by Ohai. For clients, set this to the hostname of your environment's Chef Server.


The validation_token used to automatically authorize chef-clients. Default is a random string generated every time chef-solo runs. Use chef-client -t 'validation_token' to automatically validate the client.





Opscode stores this cookbook and some others (see the requirements above) on S3. Use chef-solo:

sudo chef-solo -j chef.json -c solo.rb -r

You set the attributes through the chef.json file, and tell Solo where to put them with solo.rb.


Common attributes you may wish to adjust for the client:


"bootstrap": {
  "chef": {
    "url_type": "http",
    "init_style": "runit",
    "server_port": "4000",
    "path": "/srv/chef",
    "server_fqdn": "localhost.localdomain",
"recipes": "bootstrap::client"



Note server_port is a new attribute, you don't have to set it… but if you do, your clients need to know where it goes.

Common attributes you may wish to adjust for the server:


"bootstrap": {
  "chef": {
    "url_type": "http",
    "init_style": "runit",
    "path": "/srv/chef",
    "server_port": "4000",
    "serve_path": "/srv/chef",
    "server_fqdn": "localhost.localdomain",
"recipes": "bootstrap::server"


Note that the server recipe includes the client recipe as well, since we recommend managing the chef-server with Chef.

For more information on usage and next steps, please see the Chef wiki.



Joshua Timberman <>


Joshua Sierles <>

Copyright 2008-2009, Opscode, Inc Copyright 2009, 37signals

Licensed under the Apache License, Version 2.0 (the “License”); you may not use this file except in compliance with the License. You may obtain a copy of the License at

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an “AS IS” BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and

Something went wrong with that request. Please try again.