This does not intend to be a replacement for the tutorials on the Chef Website. In fact, I highly recommend reading and working through those tutorials as this blog intends to build on ideas and concepts presented there. In fact, most of this guide is based on the Chef Tutorial and Documentation on the same subject.

This page exists to document my workflows. So without further ado.

Chef Account Setup (Hosted Chef)

Head on over to the Sign Up Page to get signed up with a Hosted Chef. You can run Hosted Chef for free up to 5 nodes. If you need more than that then you’re looking at paying for nodes, or hosting your own Chef Server.

Knife Setup

Head over to The Organizations page in your manage interface (Administration -> Organizations). Find your organization, and select “Generate Knife Config”. You should download a knife.rb file.

Then head over to Users (Administration -> Users) and find your user, then select “Reset Key”. You should download a ` .pem ` file.

Create a ` ~/.chef ` directory, and move your newly downloaded files into the ` ~/.chef ` directory.

$ mkdir ~/.chef
$ mv ~/Downloads/{knife.rb,qubitrenegade.pem} ~/.chef

Knife.rb file

Your knife.rb will look like

# See for more information on knife configuration options

current_dir = File.dirname(__FILE__)
log_level                :info
log_location             STDOUT
node_name                "qubitrenegade"
client_key               "#{current_dir}/qubitrenegade.pem"
chef_server_url          ""
cookbook_path            ["#{current_dir}/../cookbooks"]

ChefDK Install

This guide assumes you’re not doing other Ruby development. If you use bundler and things get weird (Chef can’t find gems that are installed when you gem list), you can remove the ~/.chefdk/gems directory.

Download ChefDK

Head over to the [ChefDK Downloads page}( and select the appropriate package. For me, I selected the Red Hat 7 rpm.

$ wget -P /tmp
2018-02-04 17:34:40 (3.33 MB/s) - ‘/tmp/chefdk-2.4.17-1.el7.x86_64.rpm’ saved [106718859/106718859]

$ sha256sum /tmp/chefdk-2.4.17-1.el7.x86_64.rpm 
ab2d62b1eeb5248949f044f4c4bf489babe652fc649dc93cc2dac30607eb207e  /tmp/chefdk-2.4.17-1.el7.x86_64.rpm

$ sudo dnf install /tmp/chefdk-2.4.17-1.el7.x86_64.rpm
Running transaction
  Preparing        :                                                                                                                                                                                           1/1 
  Installing       : chefdk-2.4.17-1.el7.x86_64                                                                                                                                                                1/1 
  Running scriptlet: chefdk-2.4.17-1.el7.x86_64                                                                                                                                                                1/1 
Thank you for installing Chef Development Kit!
  Verifying        : chefdk-2.4.17-1.el7.x86_64                                                                                                                                                                1/1 

  chefdk.x86_64 2.4.17-1.el7                                                                                                                                                                                       


Configure ChefDK

Once our ChefDK package is installed, we need to set up our shell. (Windows users, head over to ChefDK on Windows)

echo 'eval "$(chef shell-init bash)"' >> ~/.bash_profile

Then we can either log in a new shell, or just source our file:

source ~/.bash_profile

If you’re using rbenv to manage Ruby, you’re own your own for now…


At this point you should have the ChefDK installed and should be able to communicate with your Hosted Chef account. We can verify by running a few commands:

$ chef -v
Chef Development Kit Version: 2.4.17
chef-client version: 13.6.4
delivery version: master (73ebb72a6c42b3d2ff5370c476be800fee7e5427)
berks version: 6.3.1
kitchen version: 1.19.2
inspec version: 1.45.13

$ knife client list
<your orgname>-validator

(note: I already have nodes registered, you likely will not. So you’ll likely only see the validator key)

SSL Errors

If you’re working with self signed certs or are behind some corporate proxies, Ruby will have a bad time validating SSL certs. While the best answer is always “fix your SSL”, but that is, unfortunately, not always a possible solution. These can be worked around with the below solutions.

Chef SSL Errors

Download SSL Certs

The first thing we can try is to download the SSL certs from the server.

$ knife ssl fetch
WARNING: Certificates from will be fetched and placed in your trusted_cert
directory (/home/qubitrenegade/.chef/trusted_certs).

Knife has no means to verify these are the correct certificates. You should
verify the authenticity of these certificates after downloading.

Adding certificate for wildcard_opscode_com in /home/qubitrenegade/.chef/trusted_certs/wildcard_opscode_com.crt
Adding certificate for DigiCert_SHA2_Secure_Server_CA in /home/qubitrenegade/.chef/trusted_certs/DigiCert_SHA2_Secure_Server_CA.crt

Disable SSL Checking

If you’re dealing with a proxy, the above may not work still. You can disable ssl checking with knife entirely, though this is not recommended, disabling SSL for Knife is documented below.

echo 'ssl_verify_mode :verify_none' >> ~/.chef/knife.rb

Again, this disables all SSL checking and is not recommended!!!

Berkshelf SSL Errors

Disable ssl checking for berkshelf:

mkdir ~/.berkshelf
echo '{"ssl":{"verify": false }}' > ~/.berkshelf/config.json


This should not be seen as condoning the use of docker in production! However, for the purposes of the next few posts, it will serve our needs. Again, this post mostly just follows the instructions found in the official documentation

# Remove old versions of Docker
sudo dnf -y remove docker docker-common docker-selinux docker-engine-selinux docker-engine

# install dnf plugins
sudo dnf -y install dnf-plugins-core

# add docker-ce repo
sudo dnf config-manager --add-repo

# install docker-ce
sudo dnf -y install docker-ce 

# start docker
sudo systemctl start docker

# optionally enable docker to start at boot
sudo systemctl enable docker

# and validate we can run a container
sudo docker run hello-world

# if you get an error like the following, your daemon probably isn't started.
$ sudo docker run hello-world
docker: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?.
See 'docker run --help'.

# Add your user to the docker group.
# This doesn't seem to work on F27?  Further investigation to follow
# Maybe try logging out then logging back in.
$ sudo usermod -aG docker $USER

First cookbook

I like to do my work in my ~/chef-dev directory. So let’s create this first.

$ mkdir ~/chef-dev
$ cd ~/chef-dev

Then we’ll create our first cookbook, this can be found on github, but it’s not much more than a base chef generate cookbook <cookbook name>.

$ chef generate cookbook my_test
$ cd my_test

Running Test Kitchen

At this point, we should be in our new cookbook directory, and be able to run kitchen test, but I’m having trouble and didn’t want to reboot at the moment…

So more on this later,


At this point, we should have:

  • installed the ChefDK,
  • installed Docker,
  • Configured our knife.rb
  • created our first cookbook using the ChefDK generator
  • Run Test Kitchen

We’re now ready to rock! Tune in next time when we discuss the cookbook development process.

  • Q