Provided by: chef_13.8.7-2_all bug

NAME

       knife-client - The man page for the knife client subcommand.

       Every  request made by the chef-client to the Chef server must be an authenticated request
       using the Chef server API and a private key. When the chef-client makes a request  to  the
       Chef  server,  the  chef-client  authenticates each request using a private key located in
       /etc/chef/client.pem.

       However, during the first chef-client run, this private key does not exist.  Instead,  the
       chef-client will attempt to use the private key assigned to the chef-validator, located in
       /etc/chef/validation.pem. (If, for any reason, the chef-validator is  unable  to  make  an
       authenticated request to the Chef server, the initial chef-client run will fail.)

       During  the  initial  chef-client  run, the chef-client will register with the Chef server
       using the private key assigned to the chef-validator, after  which  the  chef-client  will
       obtain a client.pem private key for all future authentication requests to the Chef server.

       After  the  initial  chef-client  run has completed successfully, the chef-validator is no
       longer required and may be deleted from the node. Use the delete_validation  recipe  found
       in  the chef-client cookbook (https://github.com/chef-cookbooks/chef-client) to remove the
       chef-validator.

       The knife client subcommand is used to manage an API client list and their associated  RSA
       public key-pairs. This allows authentication requests to be made to the Chef server by any
       entity that uses the Chef server API, such as the chef-client and knife.

COMMON OPTIONS

       The following options may be used with any of the arguments available to the knife  client
       subcommand:

       --chef-zero-port PORT
              The port on which chef-zero will listen.

       -c CONFIG_FILE, --config CONFIG_FILE
              The configuration file to use.

       -d, --disable-editing
              Use to prevent the $EDITOR from being opened and to accept data as-is.

       --defaults
              Use to have knife use the default value instead of asking a user to provide one.

       -e EDITOR, --editor EDITOR
              The $EDITOR that is used for all interactive commands.

       -E ENVIRONMENT, --environment ENVIRONMENT
              The  name  of  the environment. When this option is added to a command, the command
              will run only against the named environment.

       -F FORMAT, --format FORMAT
              The output format: summary (default), text, json, yaml, and pp.

       -h, --help
              Shows help for the command.

       -k KEY, --key KEY
              The private key that knife will use to sign requests made by the API client to  the
              Chef server.

       --[no-]color
              Use to view colored output.

       --print-after
              Use to show data after a destructive operation.

       -s URL, --server-url URL
              The URL for the Chef server.

       -u USER, --user USER
              The  user  name  used  by knife to sign requests made by the API client to the Chef
              server. Authentication will fail if the user name does not match the private key.

       -V, --verbose
              Set for more verbose outputs. Use -VV for maximum verbosity.

       -v, --version
              The version of the chef-client.

       -y, --yes
              Use to respond to all confirmation prompts with  "Yes".  knife  will  not  ask  for
              confirmation.

       -z, --local-mode
              Use  to  run  the  chef-client  in  local  mode. This allows all commands that work
              against the Chef server to also work against the local chef-repo.

BULK DELETE

       The bulk delete argument is used to delete any API client that matches a  pattern  defined
       by  a  regular  expression.  The  regular  expression  must  be  within  quotes and not be
       surrounded by forward slashes (/).

       Syntax

       This argument has the following syntax:

          $ knife client bulk delete REGEX

       Options

       This command does not have any specific options.

CREATE

       The create argument is used to create a new API client. This process will generate an  RSA
       key  pair  for  the named API client. The public key will be stored on the Chef server and
       the private key will be displayed on STDOUT or written to a named file.

       · For  the  chef-client,  the  private  key  should   be   copied   to   the   system   as
         /etc/chef/client.pem.

       · For knife, the private key is typically copied to ~/.chef/client_name.pem and referenced
         in the knife.rb configuration file.

       Syntax

       This argument has the following syntax:

          $ knife client create CLIENT_NAME (options)

       Options

       This argument has the following options:

       -a, --admin
              Use to create a client as an admin client. This is required for any user to  access
              Open  Source  Chef  as  an administrator. This option only works when used with the
              open source Chef server and will have no effect when used with Enterprise Chef.

       -f FILE, --file FILE
              Use to save a private key to the specified file name.

       --validator
              Use to create the client as the chef-validator. Default value: true.

       Examples

       To   create   a   chef-client   that   can   access   the   Chef   server   API   as    an
       administrator---sometimes referred to as an "API chef-client"---with the name "exampleorg"
       and save its private key to a file, enter:

          $ knife client create exampleorg -a -f "/etc/chef/client.pem"

       When running the create argument on Enterprise Chef, be sure to omit the -a option:

          $ knife client create exampleorg -f "/etc/chef/client.pem"

DELETE

       The delete argument is used to delete a registered API client.

       Syntax

       This argument has the following syntax:

          $ knife client delete CLIENT_NAME

       Options

       This command does not have any specific options.

       Examples

       To delete a client with the name "client_foo", enter:

          $ knife client delete client_foo

       Type Y to confirm a deletion.

EDIT

       The edit argument is used to edit the details  of  a  registered  API  client.  When  this
       argument  is  run, knife will open $EDITOR to enable editing of the admin attribute. (None
       of the other attributes should be changed using this argument.) When finished, knife  will
       update the Chef server with those changes.

       Syntax

       This argument has the following syntax:

          $ knife client edit CLIENT_NAME

       Options

       This command does not have any specific options.

       Examples

       To edit a client with the name "exampleorg", enter:

          $ knife client edit exampleorg

LIST

       The list argument is used to view a list of registered API client.

       Syntax

       This argument has the following syntax:

          $ knife client list (options)

       Options

       This argument has the following options:

       -w, --with-uri
              Use to show the corresponding URIs.

       Examples

       To verify the API client list for the Chef server, enter:

          $ knife client list

       to return something similar to:

          exampleorg
          i-12345678
          rs-123456

       To  verify that an API client can authenticate to the Chef server correctly, try getting a
       list of clients using -u and -k options to specify its name and private key:

          $ knife client list -u ORGNAME -k .chef/ORGNAME.pem

REREGISTER

       The reregister argument is used to regenerate an RSA key  pair  for  an  API  client.  The
       public  key  will  be  stored  on the Chef server and the private key will be displayed on
       STDOUT or written to a named file.

       NOTE:
          Running this argument will invalidate the previous RSA key  pair,  making  it  unusable
          during authentication to the Chef server.

       Syntax

       This argument has the following syntax:

          $ knife client reregister CLIENT_NAME (options)

       Options

       This argument has the following options:

       -f FILE_NAME, --file FILE_NAME
              Use to save a private key to the specified file name.

       Examples

       To regenerate the RSA key pair for a client named "testclient" and save it to a file named
       "rsa_key", enter:

          $ knife client regenerate testclient -f rsa_key

SHOW

       The show argument is used to show the details of an API client.

       Syntax

       This argument has the following syntax:

          $ knife client show CLIENT_NAME (options)

       Options

       This argument has the following options:

       -a ATTR, --attribute ATTR
              The attribute (or attributes) to show.

       Examples

       To view a client named "testclient", enter:

          $ knife client show testclient

       to return something like:

          admin:       false
          chef_type:   client
          json_class:  Chef::ApiClient
          name:        testclient
          public_key:

       To view information in JSON format, use the -F common option as part of the  command  like
       this:

          $ knife role show devops -F json

       Other formats available include text, yaml, and pp.

AUTHOR

       Chef

                                            Chef 12.0                             KNIFE-CLIENT(1)