How to install and configure Chef Plugin for vRealize Orchestrator

In this guide I will walk you through installing and configuring the new Chef Plugin for vRealize Orchestrator. This allows vRO to automate common tasks in Chef as well as integrate with cloud automation solutions like vRealize Automation. The plug-in includes out of the box workflows for the most common Chef tasks so there is no need for you to reinvent the wheel creating your own custom workflows anymore. Let’s get started.


Open the vRealize Orchestrator Control Center and login as root and what ever password you set when you first installed the appliance.

Browse to the plugin’s then click Manage plugin’s

Browse to the Chef plugin and click install

Accept the EULA and click install

Next, we need to restart the vRO server, click the Home link

Now click startup options

Now click Restart

No login to the vRO client and change to RUN view then go to the plugins tab to verify that the Chef Plugin was installed

Now go back to the workflows tab and go to library folder, then CHEF then Configuration and run the Add Chef Host Workflow

You will need a user created on the Chef Server with Admin access and you will also need the Client PEM private Key

To verify everything is talking, run the Add New Roles workflow

Browse to the Chef Server we added earlier and enter a name for the new Role and click submit

Back on the Chef Server verify the new role was created

You’re all ready to control Chef from vRealize Orchestrator! Enjoy!

Remember sharing is caring!

17 Replies to “How to install and configure Chef Plugin for vRealize Orchestrator”

  1. Pingback: How to integrate vRealize Automation 7 with Chef –

  2. Simply want to say your article is as surprising. The clearness on your put up is simply
    spectacular and that i can assume you’re a professional on this
    subject. Fine along with your permission let me to grasp your
    RSS feed to keep up to date with coming near near post.
    Thanks 1,000,000 and please keep up the gratifying work.

  3. Error from Chef Server: “Invalid signature for user or client ‘chfadmin'” (Workflow:Add New Role / Add Role (item2)#1) – test
    [2016-09-26 22:18:28.455] [E] Workflow execution stack:

    Base off of step Browse to the Chef Server we added earlier and enter a name for the new Role and click submit

    Is this

  4. Hello Ryan,

    I believe some steps you’re missing in this tutorial which is relevant to install chef-client on user VM. I follow all of your steps but getting only hostname entries in chef server when node added.
    I logged to user VM and checked but chef client packages not installed.

  5. Hi Ryan,

    Thanks for sharing the great blog and in details description, appreciate your efforts for sharing the knowledge..
    I have followed your steps and able to integrate chef with VRA but still my provisioned VMs doesn’t have the chef client installed.. also please share if there is any links for windows VM chef agent integration tutorials.

    • Hi Sunil,
      Thank you for the kind words. Does the provisioned VM have access to the internet? The procedure is expecting to be able to pull binaries from Chef over the internet.

  6. were are running into a issue with the chef.guestaccount which seems will only work as root. Even with the password encrypted it shows up as plain text under the deployment properties. if I check the vm properties file it is encrypted. We are running a script to change the password after deployment. Unfortunately we have to wait until the Chef pieces are completed which leaves the box opne to hacking with the root account for a few minutes,. Is there anyway to get that password encrypted under the deployment properties?

  7. Hi Ryan, this is an excellent post, thank you for sharing this. I do have a question for you sir, I am running into a problem when testing “Add New Role”, getting (Error from Chef Server: “Invalid signature for user or client ‘tkhan'” (Workflow:Add New Role / Add Role (item2)#1)). I found two .pem certs on my Chef server, the user cert (tkhan.pem) and the organization cert (/etc/opscode/cumulus-validator.pem). I’ve unregistered/registered my Chef server with both certs, yet Add New Role testing still fails. Any thoughts on how to rectify this? Thank you kindly.


    • Issue fixed, I was keep trying the server certs. The correct cert was found under Chef Workstation under “/root/chef-repo/.chef/tkhan.pem”. Thanks again.

  8. Hi Ryan My developers want vra to insert the org secret file onto the vm, I add the key to the field yet on the vm that is created the org secret key is not installed. The Developers are expecting a key file created. It seems like a simple process yet not seeing the file. Also they would like to us 2 separate keys one for production and a separate key for non prod. Looking at the process listed about wondering how to make that work as it looks like it would just overwrite. Thanks for any help provided

  9. I have followed same and added chef plugin in vra 8.13 and then added chef host but after that when i tried to execute chef get roles worklfow i got ssl error
    ERRORError in (Workflow:Chef Server Status / Get Status (item1)#54824) Unexpected error: the trustAnchors parameter must be non-empty

    please help me out for this

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.