Using Oracle’s Chef Plugin To Provision Resource In Oracle Cloud Infrastructure

This article explains how one can use Chef and Oracle provided Chef Plugin to work with and provision resources in Oracle Cloud Infrastructure (OCI). This article demonstrates this with the use of hosted chef , however, most of the steps can be used similarly in the scenario in which you use your dedicated chef server installation.

What is Chef

Chef is a powerful automation platform that transforms infrastructure into code. Whether you’re operating in the cloud, on-premises, or in a hybrid environment, Chef automates how infrastructure is configured, deployed, and managed across your network, no matter its size.

This diagram shows how you develop, test, and deploy your Chef code

Image Courtesy

Chef Plugin for OCI

The knife-oci plugin allows users to interact with Oracle Cloud Infrastructure through chef knife. The project is open source and maintained by Oracle Corp. The home page for the project is here. Plugin can be downloaded from this location. Following are the knife-oci plugin commands available.

  • Launch an OCI instance and bootstrap it as a Chef node: knife oci server create
  • List OCI compartments. knife oci compartment list
  • Delete an OCI instance: knife oci server delete
  • List OCI instances in a given compartment. Note: All instances in the compartment are returned, not only those that are Chef nodes: knife oci server list
  • List the images in a compartment: knife oci image list
  • List the VCNs in a compartment: knife oci vcn list
  • List the subnets in a VCN: knife oci subnet list
  • List the shapes that may be used for a particular image type: knife oci shape list
  • List the availability domains for your tenancy: knife oci ad list

Steps to Setup and Provision into OCI

1. Create your hosted chef account

In hosted chef mode one’s cookbooks, roles and node definitions are stored in a cloud-based Chef server provisioned by Chef, Inc. One simply uploads the cookbooks and Chef does the rest. Though one can try this free with certain limitation, however, full enterprise use would require license.

  • Register and create your account at
  • Then login to your account, create one organization. An organization is the top-level entity for role-based access control in the Chef server.
  • Finally it will prompt you to download starter kit (Chef Repo). Download this to workstation which is your Chef workstation (i.e. with ChefDK installation) and unzip it at identified location. The Chef repository is your workspace area to organize all artifacts such as cookbooks and roles etc. knife is used to upload data to the Chef server from the Chef-Repo directory.
  • One of the unzipped directory would be .chef. Inside this directory there would a file knife.rb. This is a configuration file in which later you need to configure your OCI cloud account.
  • For subsequent steps make Chef-Repo directory that gets unzipped as your working directory.

2. Install ChefDK

From download and install the ChefDK binary for your platform. If not already, ensure that your path is set appropriately to execute chef executable.

3. Install Oracle provided plugin to use with OCI

Ensure that the workstation or server in which you are installing has internet connectivity. You may be required to set http and https proxy variables appropriately (See Then run following command to install Oracle provided chef plugin for OCI named knife-oci

chef gem install knife-oci

4. Identify and collect your OCI account details

  • Identify one OCI cloud account in which you want to provision VM.
  • Collect following OCIDs (Pl. see this URL for more details.)
  • 1) User OCID. See here to know how.
  • 2) Tenancy OCID. See here to know how.
  • 3) Your compartment OCID. In your cloud console click Identity in top menu, then click compartments on the left hand side menu, it will display compartments. Identity your compartment and click show to see the full OCID value of that compartment.
  • Create SSH Key pair in PEM format (not SSH-RSA format) for authentication of your cloud account. See here to know how. This is NOT the key pair for the VM that you will be provisioning. That you will create later.
  • 1) Have both keys created and available at your identified location
  • 2) Upload public key to your OCI account and generate fingerprint. See here to know how
  • Identify region in which you want to provision
  • Identify availability domain in which you want to provision

5. Configure knife-oci plugin configuration file

Prepare a text file say for ex. oci.txt and configure following parameters in it. This are sample values, use the one you find for your environment. Value of the key_file is the full path of private key file to authenticate your cloud account. User and tenancy is the OCID value of user account and your tenancy you found earlier.


Next, in the configuration file knife.rb, which we found in .chef directory of Chef Repo earlier, configure following parameters. Please give full path of the oci.txt just prepared in following knife.rb file. If you configure compartment_id in knife.rb, this compartment becomes the default compartment when you issue knife oci commands. You can override this by giving different compartment id in knife oci command.

knife[:oci_config_file] = 'D:\oci.txt'
knife[:compartment_id] = 'ocid1.compartment.oc1..aaaaaaaaldctk5h5nnvemgl6vudavygi276bq55wh6zbzldaewxqdcfw45fq'user=ocid1.user.oc1..aaaaaaaafnfudi6p2twvkqbonbuvuuzzzvnyly73rhodbln8ax6k5bvccikq

6. Provision Resource in OCI

  • Create SSH public key/private key pair to use for login to the provisioned instance/VM.
  • Also ensure that you create private key in openssh format as well. In following command this is what you provide
  • Identify the OCID value of the subnet (Either from console or by running knife oci subnet list command before running server create command)
  • 1) Similarly identify the OCID for the compartment in which you want to provision.
  • 2) Identify the value of image id by running knife oci image list command, if not known.
  • 3) Identify the value of shape by running the knife oci shape list command, if not known.
  • Construct command similar to below and run it to provision the VM in OCI. Command is a single line without line break.
knife oci server create    --availability-domain 'pmne:PHX-AD-3'   --compartment-id 'ocid1.compartment.oc1..aaaaaaaaldctk5h5nnvemgl6vudavygi276bq55wh8zbzldaewxqdcfw15fq'   --image-id 'ocid1.image.oc1.phx.aaaaaaaa4g2xpzlbrrdknqcjtzv2tvxcofjc55vdcmpxdlbohmtt7encpana'   --shape 'VM.Standard1.2'   --subnet-id 'ocid1.subnet.oc1.phx.aaaaaaaaf5nxlolz7k7v2on3rl94ythda4c7e5yhzgtyoamvrx5ret3v6d2q'   --ssh-authorized-keys-file D:\   --display-name OCIinstance   --identity-file D:\sample-private-openssh-key.ppk   --region 'us-phoenix-1'

This launches the VM and also bootstraps the new instance as the client of Chef Server. Then onward one can write/use cookbook in their chef repository and run it to the newly launched instance using knife command.