Chef Tutorials – Part 2 – Configuring A Chef Infrastructure Workstation


This tutorial is part two (Part One Found Here) of a multi-part series detailing the basic use of Chef Infrastructure. I am making this series to help cement my knowledge of the Chef ecosystem, and provide the knowledge I am earning to other people without too many layers of abstraction. Below is an annotated command list which describes the process I used to configure my Chef Workstation. Note, what is not described is how I used Proxmox to generate the virtual machines which make up the server and clients. At some point I may create a post about my Proxmox environment. If you are interested in such an article, please do let me know.


  1. Ubuntu 20.04 Server with static IP Assignment and DNS preconfigured.
  2. 8 GB of Ram allocated to the server.
  3. 2 Dedicated Cores allocated to the server.
  4. 50 GB of storage space allocated to the server.
  5. SSH enabled on the server.

A note about workflow. Some people like interacting with linux directly using a display environment. I do not. It is perfectly reasonable to install the chef workstation onto Ubuntu 20.04 Desktop Edition and run it locally. I personally ssh into my chef workstation from my windows development machine. I will go into more detail concerning my personal workflow in another blog post.

Step 1 – Download the installation package


I recommend wget from your Chef Workstation server directly to access the installation media. I found the link by going to, right clicking on the ubuntu 20.04 download, and pasting the link into my wget command in the terminal.

Step 2 – Install the Chef Workstation package

$ sudo apt update -y && sudo apt upgrade -y
$ sudo apt install ./chef-workstation_20.11.180-1_amd64.deb -y

This will install chef workstation onto your ubuntu 20.04 server. To verify that it worked, type in the command below:

$ chef -v

The output should look something like this:

Chef Workstation version: 20.10.168
Chef Infra Client version: 16.6.14
Chef InSpec version: 4.23.11
Chef CLI version: 3.0.33
Chef Habitat version: 1.6.56
Test Kitchen version: 2.7.2
Cookstyle version: 6.21.1

Step 3 – Create Workstation Chef-Repo environment

For this step, we will go to our chef infrastructure server, which we spun up in the previous episode. Once you have logged into the Chef Manage GUI, go to the Administration Tab, and click on your organization. From the left hand sidebar, select the Starter Kit link.

When you have selected the Starter Kit link, select the “Download Starter Kit” Button. You will be prompted whether or not you would like to continue. The answer is yes, because this is the first starter kit you have created for this organization.

Once you have clicked Proceed, you will be prompted to download a zip file to your computer. This zip file contains the base Chef Starter kit for your workstation. Since I am not working directly from my workstation, I am going to SCP the downloaded file to my workstation machine. The command is below:

$ scp ~/Downloads/ administrator@development:~/Downloads/

Reformat that command however you need to match your environment, and put in your password when prompted to log in as administrator. Once you have finished transferring the files, unzip them to a safe location. I chose to put my file structure at /GIT/chef-repo. Do note that when you unzip the files, the chef-repo folder will be generated. Below is the commands I used to create the chef-repo environment.

$ mkdir /GIT/
$ apt install unzip
$ unzip ~/Downloads/ -d /GIT/

Step 4 – Join Chef Workstation to Chef Infra Server

Now that the chef-repo folder is configured, we will begin working out of that folder. Make sure you have moved to the /GIT/chef-repo folder for the commands which we will be running next. First, we are going to check to make sure that Chef Workstation can communicate with the Infrastructure Server. To do so, we will see if our Workstation can pull ssl certificates from the server.

$ knife ssl fetch

If all went well, you will see the output below (note the errors, because the certs are self signed):

WARNING: Certificates from chef-server.brooksnet.lan will be fetched and placed in your trusted_cert
       directory (/GIT/chef-repo/.chef/trusted_certs).

       Knife has no means to verify these are the correct certificates. You should
       verify the authenticity of these certificates after downloading.
Adding certificate for chef-server_brooksnet_lan in /GIT/chef-repo/.chef/trusted_certs/chef-server_brooksnet_lan.crt

The Warning message above lets us know that our Workstation was able to connect to the Infrastructure server successfully, but was unable to verify the authenticity of the security certificates it received from the server. This is fine in a test/dev environment, BUT MUST BE RECTIFIED PRIOR TO USE IN PRODUCTION.

Next, we are going to open the chef-repo config.rb file. This file contains information for the chef workstation to know how to communicate with the Infrastructure Server. We are going to add a line to the bottom of this config.rb file to allow us to connect to the Infrastructure Server without verifying the authenticity of the SSL certificate. Again, fine in test/dev, terrible in prod.

$ echo "ssl_verify_mode :verify_none" >> /GIT/chef-repo/.chef/config.rb

Now that we have purposefully made our client/server handshake less secure, we can now successfully verify that the chef workstation can use the ssl certificate given to it by the infrastructure server to communicate with the infrastructure server. From the /GIT/chef-repo/ folder, run the following command:

$ chef ssl check

If everything went correctly, you will have the output below displayed:

Connecting to host chef-server.brooksnet.lan:443
Successfully verified certificates from `chef-server.brooksnet.lan'

That is a pretty cool feeling. Your Chef Workstation is now provisioned and ready to use. In future installments of this series, we will go over the many things you can do with your Chef Workstation.

Leave a Comment