Getting started with InSpec

InSpec is an open-source testing framework to verify your infrastructure satisfies the design requirements.

In this article, we will learn to install and use InSpec with Chef.

Install InSpec

  1. Navigate to, and download the installer for the operating system of your workstation.
  2. Execute the downloaded installer.

Start to use InSpec

To use InSpec as the default integration testing tool in Chef Test Kitchen

  1. Open the .kitchen.yml file of the cookbook,
  2. Add the following lines to the file:
      name: inspec
  3. Add this to every suite, so InSpec will search for the test files in the test/recipes directory. Otherwise, the test file needs to be in the test/recipes/SUITE_NAME directory
         - test/recipes
  4. Create a folder structure in the cookbook folder for the InSpec integration tests,
  5. Create an integration test for your recipe. Create a new file in the test/recipes folder and name it RECIPE_NAME_test.rb. For the default recipe call it default_test.rb,
  6. The following is a simple example of an InSpec integration test:
    # # encoding: utf-8
    # Inspec test for recipe my_cookbook::default
    # The Inspec reference, with examples and extensive documentation, can be
    # found at
     describe user('root') do
     it { should exist }
     skip 'This is an example test, replace with your own test.'
    describe port(80) do
     it { should_not be_listening }
     skip 'This is an example test, replace with your own test.'

As you can see, the syntax of InSpec is (intentionally) very similar to ServerSpec, that it replaces. It is very easy to convert existing ServerSpec integration tests to InSpec compliance tests.

Differences between ServerSpec and InSpec

ServerSpec “process”

changed from

 describe process('PROCESS_NAME') do
   it { should be_running }


describe processes('PROCESS_NAME') do
  its('states') { should eq ['R<'] }

Undefined method or attribute error in a Chef recipe

There are multiple reasons Chef can display the following error message

 Undefined method or attribute `...' on `node'


There are multiple ways to reference an attribute in a Chef recipe:

node['ATTRIBUTE_NAME'] (the recommended way)
node[:ATTRIBUTE_NAME]  ( use it only if the single or double quotes (' or ") would cause a problem in the expression)


To check if the attribute value is nil, use the following format:

if ( !node['ATTRIBUTE_NAME'].nil? )

If you use the node.ATTRIBUTE_NAME format and the value is nil Chef throws the above error message.

Add SSH key to a Jenkins Git step

To access a Git repository Jenkins can use an SSH key.

To add the SSH key to the Jenkins server use the following Chef script

Store the SSH key in an encrypted data bag called “keys”.

 "id": "ci_private_keys",
 "ci_github_key": "-----BEGIN RSA PRIVATE KEY-----\n...\n-----END RSA PRIVATE KEY-----",


Add the following to the Jenkins Chef recipe

  • Install Git
package 'git'
  • Install the Git and Credentials Jenkins plugins
jenkins_plugin 'git'
jenkins_plugin 'credentials'
  • Copy the SSH key to the Jenkins server
rsa_key = data_bag_item('keys', 'ci_private_keys')
file '/var/lib/jenkins/.ssh/id_rsa' do
  content "#{rsa_key['ci_github_key']}"
  owner 'jenkins'
  group 'jenkins'
  mode '0600'
  • Add to the known hosts
bash 'provide RSA fingerprint' do
  code <<-EOF
   ssh-keyscan >> /var/lib/jenkins/.ssh/known_hosts
   chown jenkins.jenkins /var/lib/jenkins/.ssh/known_hosts
  not_if{system('grep /var/lib/jenkins/.ssh/known_hosts')}


To specify the SSH key in the Git step

  1. When the Jenkins server is operational, navigate to the Web interface
  2. Create a new Jenkins project
  3. In the Source Code Management section
    1. Select Git
    2. Enter the SSH URL of the repository
    3. When you are adding the first project, click the Add button to create the credential

      1. Click Jenkins to select the credentials provider
      2. Select SSH Username with private key as the Kind
      3. Enter the username you used when you created the SSH key for the Git repository
      4. Select From the Jenkins master ~/.ssh as the Private Key
      5. Click the Add button
    4. In the Credentials drop down select the credential you have created (the Git user name)


Chef custom resource is using the same property name as the called resource

When you create a Chef custom resource, you can call other resources including custom resources you have created. For ease of use it can be convenient to use the same property name as the called resource use.

property :delay_mins,          Fixnum, default: 3

reboot 'Hostname was changed' do
 reason reboot_reason
 delay_mins delay_mins
 action :request_reboot

When you you execute the code, chef will display the following error message:

property delay_mins is declared in both reboot[Hostname was changed] and utils_reboot[hostname_reboot] action :request_reboot. Use new_resource.delay_mins instead.

To tell Chef that you want to use the property you have created in this custom resource, add new_resource. in front of your property:

property :delay_mins,          Fixnum, default: 3

reboot 'Hostname was changed' do
 reason reboot_reason
 delay_mins new_resource.delay_mins
 action :request_reboot

NoMethodError: undefined method `exists?’ for Chef::Resource::File:Class

When you create a Chef custom resource and use the File class, you need to make slight a change in the syntax you use.

In a Chef recipe you can use

if File.exists?("#{FileName}")

to check for the existence of a file. If we use the same line in a Chef custom resource, we get the error message:

NoMethodError: undefined method `exists?’ for Chef::Resource::File:Class

In a Chef custom resource, you need to add :: in front of the File class to make it work

The leading :: tells Chef not to look for the “File” class in the Chef namespace.

if ::File.exists?("#{FileName}")


Chef file locations

When the Chef cookbook is tested in Test Kitchen

The .kitchen.yml file contains the username to run the Chef cookbook. It is specified under platforms:, transport:, username:

Use that value in place of USER_NAME_FROM_KITCHEN_YML below

Cookbook location

When the Chef recipes are executed, all cookbooks are stored on the node. You can examine the code to make sure your latest changes are reflected on the machine.

On Linux


On Linux under Test Kitchen

/tmp/kitchen/cookbooks and

On Windows


On Windows under Test Kitchen



The log of the Chef client run

The output of the Chef cookbook execution is in the chef.log or chef-client.log file

On Linux


On Windows

The log of the first Chef Client run. The log entries of the initial Chef Client run are saved here.


The log of subsequent Chef Client runs. After the initial Chef Client run, the rest of the log entries are collected in this file.



Chef saves information on the hard drive when scripts are executed. If there is a failure, the stack trace of the last error is saved in the chef-stacktrace.out file.

On Linux


On Linux under Test Kitchen


On Windows


On Windows under Test Kitchen


Ohai output

All the information that Ohai collects on the instance, is saved in the failed-run-data.json file, even if there is no error. It is a great resource to find get

Cloud info

  • cloud-specific information under “cloud
  • cloud instance information under “ec2

Computer info

  • CPU and memory configuration under “cpu“, “cs_info“, “memory
  • drive sizes and network settings under “filesystem” and “network

Operating system info

  • operating system information under “os_info
  • list of enabled Windows features under “dism_features
  • the list of installed applications under “packages

Chef info

  • Chef client configuration values under “chef_client
  • the Chef node information under “chef_type”: “node
  • the Chef run list under “run_list
  • list of Chef cookbooks and their versions under “cookbooks
  • list of the executed recipes under “recipes
  • the value of the passed in Chef attributes under “normal
  • the value of the Chef cookbook attributes under “chef_client” and the cookbook name
  • all the information on the Chef resources under “json_class
  • the stack trace of the last error under “exception

On Linux


On Linux under Test Kitchen


On Windows


On Windows under Test Kitchen


Data Bags

On Linux under Test Kitchen


On Windows under Test Kitchen



Internalize Chocolatey packages

To access Chocolatey packages in your private network you need to download them from the Internet and store them at a location where all servers can access them. You can internalize Chocolatey packages if you have a Chocolatey Business subscription.

You can use an Artifactory server to host the internalized packages.

List of available packages

To get the list of the available Chocolatey packages on an Artifactory server

choco list -s http://ARTIFACTORY_SERVER_URL/artifactory/api/nuget/ARTIFACTORY_REPOSITORY_NAME

Non copyrighted applications

If the Chocolatey package does not contain copyrighted components, Chocolatey can download and repackage the entire package, including the application.

Download a Chocolatey package from the Internet and store it on your local drive

choco download PACKAGE_NAME --internalize

To store the Chocolatey packages on an Artifactory server

  • The Artifactory server has to have a Pro license
  • Create a NuGet type local repository

Upload the package from your local drive to an Artifactory server


Copyrighted applications

If the Chocolatey package installs an application that is copyrighted, the author of the package cannot publish the copyrighted source, but can place the download location and installation process into the package.

Internalize the package

To download the necessary files and create a custom Chocolatey package with copyrighted application source:

    1. Download the Chocolatey package without the internalize option
      choco download PACKAGE_NAME


      choco download javaruntime
    2. Delete the small .nupkg files. These are too small to contain the installer files. We will recreate them in a subfolder with the downloaded installer files.
    3. Find the package folder in the download sub-folder that has a tools subfolder. In the case of “javaruntime”, the real package is the “jre8”, not “javaruntime”.
    4. Open the tools\chocolateyInstall.ps1 file
    5. Find the download urls of the installer files.

       Some scripts contain variables for the version of the application, so you have to manually assemble the final download URL.
    6. Assemble the actual download URL and download the application source with your web browser,
    7. Place the downloaded installer files into the tools folder,
    8. Update the chocolateyInstall.ps1 to point to the installer files in the package:
      • Add the following before the $url =… and $url64 =… statements
        $toolsDir = "$(Split-Path -parent $MyInvocation.MyCommand.Definition)"
      • Replace the the $url =… and $url64 =… statements. Use the actual file names, and make sure to use double quotes () for the string interpolation to work!
        $url = "$toolsDir\32_BIT_INSTALLER_FILE"
        $url64 = "$toolsDir\64_BIT_INSTALLER_FILE"

      • Add

        to the Install-ChocolateyPackage  line.

    9. Right click the .nuspec file in the package folder and select Compile Chocolatey Package

      (or execute choco pack PATH\TO\NUSPEC.nuspec)
    10. The package is created in the folder of the .nuspec file and the file name is the composite of id + “.” + version tag values in the .nuspec file.

Upload the package to the local repository

  • In the command line execute

    Video tutorials

  • Package Synchronizer

Launch Windows instances locally with Chef Test Kitchen

Most Linux distributions are free, and do not require product keys to launch them.

The steps below are based on the great article at

I have summarized the steps below to create a free Virtual Box Windows Server 2012R2 image on your workstation, so Test Kitchen can use Vagrant and Virtual Box to launch Windows instances and test cookbooks locally fast and free.

Install the Vagrant WinRm plugin

vagrant plugin install vagrant-winrm

Get BoxCutter

Create the Windows image with BoxCutter. This process will take 30 minutes or more to fully configure the Windows image. The download step may time out on slower VPN connections. In that case disconnect the VPN connection and try it again without it. In case of any error, just execute the last command again and if it can, the process will continue from the point of error.

cd ~/
mkdir boxcutter
cd boxcutter
git clone
cd windows

Modify the BoxCutter JSON file

Change the ~/boxcutter/windows/eval-win2012r2-standard.json file to avoid the error message:

virtualbox-iso: Removing floppy drive…
==> virtualbox-iso: Error removing floppy controller: VBoxManage error: VBoxManage: error: The machine ‘eval-win2012r2-standard’ is already locked for a session (or being unlocked)
==> virtualbox-iso: VBoxManage: error: Details: code VBOX_E_INVALID_OBJECT_STATE (0x80bb0007), component MachineWrap, interface IMachine, callee nsISupports
==> virtualbox-iso: VBoxManage: error: Context: “LockMachine(a->session, LockType_Write)” at line 1038 of file VBoxManageStorageController.cpp

  • Change “headless”: “false”, to “headless”: “true”,
  • Add under “headless”: “true”,
"shutdown_timeout": "60m",
"post_shutdown_delay": "120s",


  • Add under every occurrence of “headless”: “{{ user `headless` }}”,
"shutdown_timeout": "{{ user `shutdown_timeout` }}",
"post_shutdown_delay": "{{ user `post_shutdown_delay` }}",

Create the virtual machine

make virtualbox/eval-win2012r2-standard

Add the image to Vagrant

vagrant box add windows-2012r2 ./box/virtualbox/

Test the virtual machine

Your .kitchen.yml file should look like this

  name: vagrant

  name: chef_zero

  - name: windows-2012r2

  - name: MY_SUITE_NAME


You may need to execute the kitchen converge commands as sudo to be able to launch the Windows instance.

DevOps Engineering part 1. (Mac) – Install the DevOps development tools on Macintosh

Lock the screen

To be able to lock the screen from the menu bar:

  1. In Finder search for Keychain Access and start it,
  2. In the Keychain Access menu select Preferences,
  3. Check the Show keychain status in menu bar checkbox,
    This will place a lock icon in the menu bar.

To lock your screen

  1. Click the lock icon in the menu bar
  2. Select Lock Screen

Show the full path in Finder

  1. Open Finder
  2. In the View menu select Show Path Bar
    Finder will show the full path of the current folder at the bottom of the window. 

To jump to a folder shown in the path bar just double click it.

Show hidden files and folders

  1. Open the terminal and execute the following line
    defaults write AppleShowAllFiles YES
  2. For the change to take effect relaunch Finder.
    • Press the ‘Option/Alt’ key, right click on the Finder icon in the dock and click Relaunch

Apple Id without credit card

If you don’t have an Apple ID create one. You can obtain one without a credit card:

  1. Start iTunes on your Macintosh,
  2. Click the drop down menu in the upper left corner,
  3. If Apps is visible, select it, otherwise click Edit Menu
    • Select Apps, and click Done to display it in the drop down.
  4. Search for a free app in the App Store and start to download it,
  5. Create a new Apple Id and select None for credit card type.

Show the user home directory

  1. Open Finder
  2. In the Finder menu select Preferences
  3. In the Favorites section select the checkbox next to your user name

Create a directory for optional applications

Create the opt folder in the root of the hard disk.

Memory usage monitor

  1. Download  Dr.Cleaner Elite from the App Store to be able to monitor memory, CPU and network usage from the Menu Bar.

UTC Clock in the menu bar

BitBar is a plugin manager that can display plugins in the menu bar. One of them is World Clock that can display multiple clocks in a drop down of the menu.

Install BitBar

  1. Navigate to
  2. Click the Get BitBar button
  3. Clock the downloaded ZIP file to extract the application
  4. Move the BitBar application to the Applications folder
  5. Launch BitBar form the Launcher
    • The first time BitBar launches, opens the Finder to point to the BitBar plugins folder
      • Click the New Folder button to create a folder for plugins in the Documents folder: BitBar Plugins
      • Click the Use As Plugins Directory to select the new folder as the plugins folder

Add World Clock to BitBar

  1. Navigate to
  2. Click the + Add to BitBar button

Customize World Clock

To customize World Clock edit the file in the BitBar Plugins folder

To change the displayed timezones, edit the ZONES variable inthe file:

ZONES="US/Pacific UTC Europe/London Europe/Berlin Asia/Kolkata Asia/Tokyo Australia/Sydney"

To change the display format, edit the data formats.

  1. To remove the seconds from the menu bar, delete the :%S from the format line
date -u +'%H:%M UTC'

To add the day of the week and date to the clocks in the World Clock drop down


  • %a for the day of the week
  • %Y for the four digit year
  • %b for the name of the month
  • %d for the date
  • %z for the time zone offset
echo "$(TZ=$zone date +'%H:%M - %a, %Y %b %d %z') $zone"

To refresh the dropdown formats after making changes in the config file

  1. Click the World Clock in the menu bar
  2. Select Preferences, Refresh all



Homebrew can install packages on your Macintosh that apple does not provide.

Installation instructions are at


NPM is another package manager. Install it to be able to install other applications later on this page, including the SQL Command utility

brew install node

Remote Desktop Client

Download the Microsoft Remote Desktop app from the App Store

  1. Open the App Store
  2. Search for “microsoft remote desktop”
  3. Click the Microsoft Remote Desktop icon
  4. Click the blue Get button
  5. Click the green Install App button

Text Editor


  1. Download it from
  2. Double click the downloaded ZIP file to extract the application,
  3. Drag the Atom application into Applications

Configure Atom

Turn off auto indent on paste to stop Atom reformatting your code.

  1. In the Atom menu select Preferences
  2. On the left side select Editor
    • Uncheck Auto Indent On Paste
    • Check Show Indent Guide
    • Set Tab Type to soft to place 2 spaces when you press the tab key

Terminal Window


Install iTerm2, a smart terminal emulator to issue Bash commands and log into Linux servers.

  1. Download iTerm2 from
  2. Double click the downloaded ZIP file to extract the application,
  3. Move the iTerm application to Applications.

iTerm2 configuration

Enable unlimited scroll back

  1. Start iTerm2 and open the preferences window by pressing ⌘, (command-comma)
  2. On the Terminal tab click the Unlimited scrollback check box.

Start iTerm2 from Finder

To be able to open iTerm2 in any folder from Finder follow the steps below based on

  1. Start Automator,
  2. Select Service and click Choose,

  3. On the top of the screen set Service receives selected to files and folders,
  4. Set in to Finder,

  5. On the second side bar from the left double click Run AppleScript,

  6. Paste the code from the website referenced above into the editor window replacing the sample script in the editor window,
  7. In the File menu save the script,
  8. Do not run it, it does not execute in the Automator.

To use it

  1. Open Finder and navigate to the location you want to work in,
  2. Right click a folder to work in that folder or a file to work in the current folder
  3. Select Services, iTerm2 in Finder


“Solarized” color scheme

  1. Download the color scheme to the Desktop with the following Bash command:
    curl -o ~/Desktop/solarized.itermcolors
  2. Import the color scheme to iTerm2
    • Press ⌘, (command-comma) to open the Preferences window
    • Select Profiles
    • In the lower right corner of the Colors tab click the Color Presets… drop down
    • Select Import
    • On the Desktop select the downloaded solarized.itermcolors file
    • In the  Color Presets… drop down select Solarized Dark

 Meslo Powerline font

  • Import the Meslo Powerline font with the following bash command:
    git clone && cd fonts && ./
  • Select the font in iTerm2
    • Press ⌘, (command-comma) to open the Preferences window
    • Select Profiles
    • On the Font section of the Text tab click the Change Font button
    • Select the 12pt Meslo LG L Regular for Powerline

Make the prompt shorter

to remove your username@computername from the prompt

  • Edit the ~/.zshrc file
  • Add the following line

Colored prompt

To color the prompt:

  • Download the agnoster theme
sh -c "$(curl -fsSL"
  • Edit the ~/.zshrc file and set the ZSH_THEME to ZSH_THEME=”agnoster”

More configuration suggestions are at

Information on how terminals read settings at


  • Navigate to to download Git for Windows. The page automatically downloads the installer for the operating system you use.
  • This app is not trusted by Apple, so to install it
    • Control-click the downloaded file and select Open
    • Click the Open button to confirm the action

Configure Git

If you use two factor authentication

Create a Personal Access Token to use it as password in the command line tools,

  • Log into GitHub and in the pull down at the upper right select Settings,
  • On the left select Personal access tokens and click the Generate new token button,
  • Enter a description for your token (so you can keep track and revoke them individually later, should you have a security breach),
  • Select all options to be able to use the token for administration,
  • Click the Generate button,
  • Copy the token (40 characters long) and use that as your password on the command line.git


Download VirtualBox from and follow the instructions to install it.

At the time of writing this was the section where the installer files were referenced


Run the downloaded installer file and accept all default values.

The installer starts the application.

Configure VirtualBox


To share the connectivity of the host computer with the virtual machine, mainly if you use VPN

  • In Virtual box click Settings
  • Select Network
  • Attach the network adapter to NAT

Copy and paste

To enable copy and paste between the virtual machine and the host ( your workstation )

  1. On the General tab of the Settings page select the Bidirectional shared clipboard

Shared Folders

Specify the shared folder on your workstation

  • In the VirtualBox menu select Preferences
  • On the Shared Folders tab click the + icon
  • Select your home folder on your workstation

Enable shared folders on the virtual machines

To be able to use shared folders between the host ( your workstation ) and the virtual machine.

  • Select the virtual machine window on your workstation,
  • In the Devices menu of Virtual Box select Insert Guest Additions CD image…
  • In the virtual machine start Windows Explorer,
  • Open the VirtualBox Guest Additions CD,
  • Start VBoxWindowsAdditions.exe,

The shared folders are available in the Windows explorer as the D: drive



  • Click the virtual machine screen to start to control it with the mouse
  • Press Command multiple times to release the mouse



The default credentials of a Vagrant server are:

  • UserName: vagrant
  • Password: vagrant

Windows in Vagrant

To test your cookbook on a Windows virtual machine locally, create one for Vagrant. See Launch Windows instances locally with Chef Test Kitchen for the details.


Ruby is already a part of the operating system.

Chef Development Kit

Terraform by Hashicorp

 Terraform Installation

  • Download Terraform from
  • Double click the downloaded ZIP file to extract the application
  • Create a directory, terraform for the Terraform application in the /opt folder
  • Move the Terraform application into the terraform directoryin the /opt folder

Add the location to the path

Depending on the terminal window you use, it may open different configuration files. If you use iTerm2 you need to update the path in the~/.zshrc file.  Other terminal windows usually read the configuration from the  ~/.bash_profile file. To be safe you can add the following to both configuration files:

# PATH Export
export PATH


Graphviz is a Dependency Graph Visualization Software. We will use this utility to display the Terraform graphs.

To install execute the following in the terminal

brew install graphviz


The Amazon Web Services command line interface installation will set up your workstation to launch instances in AWS from Test Kitchen. If you know you will work with AWS, see DevOps Engineering part 3. – Working with AWS for the AWS CLI installation.

SQL Command

To be able to execute Microsoft SQL commands from the command line or through Terraform, install the MS SQL utility

npm install -g sql-cli


We use Packer to create custom AWS AMIs that contain the fundamental configuration and applications that are common in every instance we launch.

Install Packer

  • Add the Packer installation directory to the system path

Working with Windows servers from the Mac

If you want to work with Windows servers, you may need to run Windows applications on your workstation.

See Minimum Windows workstation setup to work with Windows servers


Set up the DevOps development environment in Beginner’s Guide to DevOps Engineering part 2.


to the Tutorials page