Provided by: chef_11.8.2-2_all bug

NAME

       knife-client - The man page for the knife client subcommand.

       When a node runs the chef-client for the first time, it generally does not yet have an API
       client identity, and so it cannot make authenticated requests to the server. This is where
       the validation client---known as the chef-validator---comes in. When the chef-client runs,
       it checks if it has a client key. If the client key does not exist, it  then  attempts  to
       borrow  the identity of the chef-validator to register itself with the server. In order to
       register with the server, the private key for the chef-validator needs to be copied to the
       host and placed in /etc/chef/validation.pem.

       Once  the  chef-client  has  registered  itself  with  the  server,  it no longer uses the
       validation client for anything. It is recommended that you delete the private key for  the
       chef-validator  from  the  host after the host has registered or use the delete_validation
       recipe    that     can     be     found     in     the     chef-client     cookbook     (‐
       https://github.com/opscode-cookbooks/chef-client).

       The  knife client subcommand is used to manage an API client list and their associated RSA
       public key-pairs. This allows authentication requests to be made  to  the  server  by  any
       entity that uses the Chef Server API, such as the chef-client and Knife.

       This subcommand has the following syntax:

       $ knife client [ARGUMENT] (options)

COMMON OPTIONS

       The following options can be run with all Knife sub-commands and plug-ins:

       -c CONFIG, --config CONFIG
              The configuration file to use.

       --color
              Indicates that colored output will be used.

       -d, --disable-editing
              Indicates that $EDITOR will not be opened; data will be accepted as-is.

       --defaults
              Indicates  that  Knife  will  use  the  default  value, instead of asking a user to
              provide one.

       -e EDITOR, --editor EDITOR
              The $EDITOR that is used for all interactive commands.

       -E ENVIRONMENT, --environment ENVIRONMENT
              The name of the environment. When this option is added to a  command,  the  command
              will run only against the named environment.

       -f FILE_NAME, --file FILE_NAME
              Indicates that the private key will be saved to a specified file name.

       -F FORMAT, --format FORMAT
              The output format: summary (default), text, json, yaml, and pp.

       -h, --help
              Shows help for the command.

       -k KEY, --key KEY
              The  private key that Knife will use to sign requests made by the API client to the
              server.

       --no-color
              Indicates that color will not be used in the output.

       -p PASSWORD, --password PASSWORD
              The user password.

       --print-after
              Indicates that data will be shown after a destructive operation.

       -s URL, --server-url URL
              The URL for the server.

       -u USER, --user USER
              The user name used by Knife to sign requests made by the API client to the  server.
              Authentication will fail if the user name does not match the private key.

       -v, --version
              The version of the chef-client.

       -V, --verbose
              Set for more verbose outputs. Use -VV for maximum verbosity.

       -y, --yes
              Indicates  that  the  response  to all confirmation prompts will be "Yes" (and that
              Knife will not ask for confirmation).

BULK DELETE

       The bulk delete argument is used to delete any API client that matches a  pattern  defined
       by  a  regular  expression.  The  regular  expression  must  be  within  quotes and not be
       surrounded by forward slashes (/).

       Syntax

       This argument has the following syntax:

       $ knife client bulk delete REGEX

       Options

       This command does not have any specific options.

CREATE

       The create argument is used to create a new API client. This process will generate an  RSA
       key  pair  for  the  named API client. The public key will be stored on the server and the
       private key will be displayed on STDOUT or written to a named file.

       · For  the  chef-client,  the  private  key  should   be   copied   to   the   system   as
         /etc/chef/client.pem.

       · For Knife, the private key is typically copied to ~/.chef/client_name.pem and referenced
         in the knife.rb configuration file.

       Syntax

       This argument has the following syntax:

       $ knife client create CLIENT_NAME (options)

       Options

       This argument has the following options:

       -a, --admin
              Indicates that a client will be created as an admin client. This is  required  when
              users  of  the  open  source  server  need  to  access  the  Chef  Server API as an
              administrator. This option only works when used with the  open  source  server  and
              will have no effect when used with Hosted Chef or Private Chef.

       Examples

       To  create  a  Chef  Admin client with the name "exampleorg" and save its private key to a
       file, enter:

       $ knife client create exampleorg -a -f "/etc/chef/client.pem"

       When running the create argument on Hosted Chef or Private Chef, be sure to  omit  the  -a
       option:

       $ knife client create exampleorg -f "/etc/chef/client.pem"

DELETE

       The delete argument is used to delete a registered API client.

       Syntax

       This argument has the following syntax:

       $ knife client delete CLIENT_NAME

       Options

       This command does not have any specific options.

       Examples

       To delete a client with the name "client_foo", enter:

       $ knife client delete client_foo

       Type Y to confirm a deletion.

EDIT

       The  edit  argument  is  used  to  edit  the details of a registered API client. When this
       argument is run, Knife will open $EDITOR to enable editing of the admin  attribute.  (None
       of  the other attributes should be changed using this argument.) When finished, Knife will
       update the server with those changes.

       Syntax

       This argument has the following syntax:

       $ knife client edit CLIENT_NAME

       Options

       This command does not have any specific options.

       Examples

       To edit a client with the name "exampleorg", enter:

       $ knife client edit exampleorg

LIST

       The list argument is used to view a list of registered API client.

       Syntax

       This argument has the following syntax:

       $ knife client list (options)

       Options

       This argument has the following options:

       -w, --with-uri
              Indicates that the corresponding URIs will be shown.

       Examples

       To verify the API client list for the server, enter:

       $ knife client list

       to return something similar to:

       exampleorg
       i-12345678
       rs-123456

       To verify that an API client can authenticate to the server correctly, try getting a  list
       of clients using -u and -k options to specify its name and private key:

       $ knife client list -u ORGNAME -k .chef/ORGNAME.pem

REREGISTER

       The  reregister  argument  is  used  to  regenerate an RSA key pair for an API client. The
       public key will be stored on the server and the private key will be displayed on STDOUT or
       written to a named file.

       Note   Running this argument will invalidate the previous RSA key pair, making it unusable
              during authentication to the server.

       Syntax

       This argument has the following syntax:

       $ knife client reregister CLIENT_NAME (options)

       Options

       This argument has the following options:

       -f FILE_NAME, --file FILE_NAME
              Indicates that the private key will be saved to a specified file name.

       Examples

       To regenerate the RSA key pair for a client named "testclient" and save it to a file named
       "rsa_key", enter:

       $ knife client regenerate testclient -f rsa_key

SHOW

       The show argument is used to show the details of an API client.

       Syntax

       This argument has the following syntax:

       $ knife client show CLIENT_NAME (options)

       Options

       This argument has the following options:

       -a ATTR, --attribute ATTR
              The attribute (or attributes) to show.

       Examples

       To view a client named "testclient", enter:

       $ knife client show testclient

       to return something like:

       admin:       false
       chef_type:   client
       json_class:  Chef::ApiClient
       name:        testclient
       public_key:

       To  view  information in JSON format, use the -F common option as part of the command like
       this:

       $ knife role show devops -F json

       Other formats available include text, yaml, and pp.

AUTHOR

       Opscode

                                           Chef 11.8.0                            KNIFE-CLIENT(1)