Chef Solo Provisioner

~> This community maintained provisioner is currently unmaintained; if you are interested in contributing or taking ownership of it, please reach out to us at packer@hashicorp.com. More details can be found in the README.

Type: chef-solo

The Chef solo Packer provisioner installs and configures software on machines built by Packer using chef-solo. Cookbooks can be uploaded from your local machine to the remote machine or remote paths can be used.

The provisioner will even install Chef onto your machine if it isn't already installed, using the official Chef installers provided by Chef Inc.

Basic Example

The example below is fully functional and expects cookbooks in the "cookbooks" directory relative to your working directory.

provisioner "chef-solo" {
  cookbook_paths = ["cookbooks"]
}

provisioner "chef-solo" {
  cookbook_paths = ["cookbooks"]
}

Configuration Reference

The reference of available configuration options is listed below. No configuration is actually required, but at least run_list is recommended.

chef_environment (string) - The name of the chef_environment sent to the Chef server. By default this is empty and will not use an environment
chef_license (string) - As of Chef v15, Chef requires users to accept a license. Defaults to accept-silent when skip_install is false and install_command is unset. Possible values are accept, accept-silent and accept-no-persist. For details see Accepting the Chef License.
config_template (string) - Path to a template that will be used for the Chef configuration file. By default Packer only sets configuration it needs to match the settings set in the provisioner configuration. If you need to set configurations that the Packer provisioner doesn't support, then you should use a custom configuration template. See the dedicated "Chef Configuration" section below for more details.
cookbook_paths (array of strings) - This is an array of paths to "cookbooks" directories on your local filesystem. These will be uploaded to the remote machine in the directory specified by the staging_directory. By default, this is empty.
data_bags_path (string) - The path to the "data_bags" directory on your local filesystem. These will be uploaded to the remote machine in the directory specified by the staging_directory. By default, this is empty.
encrypted_data_bag_secret_path (string) - The path to the file containing the secret for encrypted data bags. By default, this is empty, so no secret will be available.
environments_path (string) - The path to the "environments" directory on your local filesystem. These will be uploaded to the remote machine in the directory specified by the staging_directory. By default, this is empty.
execute_command (string) - The command used to execute Chef. This has various configuration template variables available. See below for more information.
guest_os_type (string) - The target guest OS type, either "unix" or "windows". Setting this to "windows" will cause the provisioner to use Windows friendly paths and commands. By default, this is "unix".
install_command (string) - The command used to install Chef. This has various configuration template variables available. See below for more information.
prevent_sudo (boolean) - By default, the configured commands that are executed to install and run Chef are executed with sudo. If this is true, then the sudo will be omitted. This has no effect when guest_os_type is windows.
remote_cookbook_paths (array of strings) - A list of paths on the remote machine where cookbooks will already exist. These may exist from a previous provisioner or step. If specified, Chef will be configured to look for cookbooks here. By default, this is empty.
roles_path (string) - The path to the "roles" directory on your local filesystem. These will be uploaded to the remote machine in the directory specified by the staging_directory. By default, this is empty.
run_list (array of strings) - The run list for Chef. By default this is empty.
skip_install (boolean) - If true, Chef will not automatically be installed on the machine using the Chef omnibus installers.
staging_directory (string) - This is the directory where all the configuration of Chef by Packer will be placed. By default this is /tmp/packer-chef-solo when guest_os_type unix and $env:TEMP/packer-chef-solo when windows. This directory doesn't need to exist but must have proper permissions so that the user that Packer uses is able to create directories and write into this folder. If the permissions are not correct, use a shell provisioner prior to this to configure it properly.
version (string) - The version of Chef to be installed. By default this is empty which will install the latest version of Chef.

Parameters common to all provisioners:

pause_before (duration) - Sleep for duration before execution.
max_retries (int) - Max times the provisioner will retry in case of failure. Defaults to zero (0). Zero means an error will not be retried.
only (array of string) - Only run the provisioner for listed builder(s) by name.

override (object) - Override the builder with different settings for a specific builder, eg :

In HCL2:

source "null" "example1" {
  communicator = "none"
}

source "null" "example2" {
  communicator = "none"
}

build {
  sources = ["source.null.example1", "source.null.example2"]
  provisioner "shell-local" {
    inline = ["echo not overridden"]
    override = {
      example1 = {
        inline = ["echo yes overridden"]
      }
    }
  }
}

source "null" "example1" {
  communicator = "none"
}
 
source "null" "example2" {
  communicator = "none"
}
 
build {
  sources = ["source.null.example1", "source.null.example2"]
  provisioner "shell-local" {
    inline = ["echo not overridden"]
    override = {
      example1 = {
        inline = ["echo yes overridden"]
      }
    }
  }
}

In JSON:

{
  "builders": [
    {
      "type": "null",
      "name": "example1",
      "communicator": "none"
    },
    {
      "type": "null",
      "name": "example2",
      "communicator": "none"
    }
  ],
  "provisioners": [
    {
      "type": "shell-local",
      "inline": ["echo not overridden"],
      "override": {
        "example1": {
          "inline": ["echo yes overridden"]
        }
      }
    }
  ]
}

{
  "builders": [
    {
      "type": "null",
      "name": "example1",
      "communicator": "none"
    },
    {
      "type": "null",
      "name": "example2",
      "communicator": "none"
    }
  ],
  "provisioners": [
    {
      "type": "shell-local",
      "inline": ["echo not overridden"],
      "override": {
        "example1": {
          "inline": ["echo yes overridden"]
        }
      }
    }
  ]
}

timeout (duration) - If the provisioner takes more than for example 1h10m1s or 10m to finish, the provisioner will timeout and fail.

Node Attribute Mapping

An arbitrary mapping of JSON that will be available as node attributes while running Chef.

json_string (string) - The JSON string can be encoded using the jsonencode template function.

  json_string = jsonencode({
    "a" = "b"
    "foo" = {
      "bar" = "val"
      "number" = 1
    }
  })

  json_string = jsonencode({
    "a" = "b"
    "foo" = {
      "bar" = "val"
      "number" = 1
    }
  })

Chef Configuration

By default, Packer uses a simple Chef configuration file in order to set the options specified for the provisioner. But Chef is a complex tool that supports many configuration options. Packer allows you to specify a custom configuration template if you'd like to set custom configurations.

The default value for the configuration template is:

cookbook_path [{{.CookbookPaths}}]

cookbook_path [{{.CookbookPaths}}]

This template is a configuration template and has a set of variables available to use:

ChefEnvironment - The current enabled environment. Only non-empty if the environment path is set.
ChefLicense - The Chef license acceptance value.
CookbookPaths is the set of cookbook paths ready to embedded directly into a Ruby array to configure Chef.
DataBagsPath is the path to the data bags folder.
EncryptedDataBagSecretPath - The path to the encrypted data bag secret
EnvironmentsPath - The path to the environments folder.
RolesPath - The path to the roles folder.

Execute Command

By default, Packer uses the following command (broken across multiple lines for readability) to execute Chef:

{{if .Sudo}}sudo {{end}}chef-solo \
  --no-color \
  -c {{.ConfigPath}} \
  -j {{.JsonPath}}

{{if .Sudo}}sudo {{end}}chef-solo \
  --no-color \
  -c {{.ConfigPath}} \
  -j {{.JsonPath}}

When guest_os_type is set to "windows", Packer uses the following command to execute Chef. The full path to Chef is required because the PATH environment variable changes don't immediately propagate to running processes.

c:/opscode/chef/bin/chef-solo.bat \
  --no-color \
  -c {{.ConfigPath}} \
  -j {{.JsonPath}}

c:/opscode/chef/bin/chef-solo.bat \
  --no-color \
  -c {{.ConfigPath}} \
  -j {{.JsonPath}}

This command can be customized using the execute_command configuration. As you can see from the default value above, the value of this configuration can contain various template variables, defined below:

ConfigPath - The path to the Chef configuration file.
JsonPath - The path to the JSON attributes file for the node.
Sudo - A boolean of whether to sudo the command or not, depending on the value of the prevent_sudo configuration.

Install Command

By default, Packer uses the following command (broken across multiple lines for readability) to install Chef. This command can be customized if you want to install Chef in another way.

curl -L https://omnitruck.chef.io/install.sh | \
  {{if .Sudo}}sudo{{end}} bash -s --{{if .Version}} -v {{.Version}}{{end}}

curl -L https://omnitruck.chef.io/install.sh | \
  {{if .Sudo}}sudo{{end}} bash -s --{{if .Version}} -v {{.Version}}{{end}}

When guest_os_type is set to "windows", Packer uses the following command to install the latest version of Chef:

powershell.exe -Command \". { iwr -useb https://omnitruck.chef.io/install.ps1 } | iex; install\"

powershell.exe -Command \". { iwr -useb https://omnitruck.chef.io/install.ps1 } | iex; install\"

This command can be customized using the install_command configuration.