How Chef works
The Chef DK, a software development kit, includes:
- Test Kitchen, ChefSpec, Cookstyle and Foodcritic for testing;
- the chef-client agent that Chef Server uses to communicate with managed nodes;
- Ohai, a tool that detects common system details;
- Chef and Knife command-line tools; and
- the InSpec auditing framework.
Chef uses code packages called recipes, compiled into cookbooks, to define how to configure each managed node. A recipe describes the state a resource should be in at any given time. Chef compiles recipes inside cookbooks along with dependencies and necessary files, such as attributes, libraries and metadata, to support a particular configuration.
Chef is an agent-based tool wherein chef-client pulls the configuration information for the managed node from Chef Server. The chef-client installs on every node to execute the actual configuration, and it uses the Ruby programming language.
Agent-based configuration management pulls information from a central repository, Chef Server, in a model that overcomes poor network connectivity and enables flexible update rollouts. Policy modification and policy implementation are separate. Chef Server runs on any major distribution of Linux.
A user can share cookbooks on GitHub or in the Chef Supermarket, both of which enable other Chef users to use and manage their own versions of those cookbooks.
An administrator can define operational processes with the policy feature in the Chef Server. The admin can use policy to define server types, identify environment stages, map data types and specify cookbook details. InSpec also provides a way for IT organizations to discover what is currently deployed and how, which helps security professionals ensure that deployments comply with regulations.
Chef also offers tools such as Chef Analytics, Chef Backend, Chef Compliance and Chef Manage.