xenial (1) knife-client.1.gz

Provided by: chef_12.3.0-3ubuntu1_all bug

NAME

       knife-client - The man page for the knife client subcommand.

       Every  request made by the chef-client to the Chef server must be an authenticated request using the Chef
       server API and a private key. When the chef-client makes a request to the Chef  server,  the  chef-client
       authenticates each request using a private key located in /etc/chef/client.pem.

       However, during the first chef-client run, this private key does not exist. Instead, the chef-client will
       attempt to use the private key assigned to the chef-validator, located in /etc/chef/validation.pem.  (If,
       for  any  reason,  the  chef-validator is unable to make an authenticated request to the Chef server, the
       initial chef-client run will fail.)

       During the initial chef-client run, the chef-client will register with the Chef server using the  private
       key  assigned to the chef-validator, after which the chef-client will obtain a client.pem private key for
       all future authentication requests to the Chef server.

       After the initial chef-client run has completed successfully, the chef-validator is  no  longer  required
       and  may  be deleted from the node. Use the delete_validation recipe found in the chef-client cookbook (‐
       https://github.com/opscode-cookbooks/chef-client) to remove the chef-validator.

       The knife client subcommand is used to manage  an  API  client  list  and  their  associated  RSA  public
       key-pairs.  This allows authentication requests to be made to the Chef server by any entity that uses the
       Chef server API, such as the chef-client and knife.

COMMON OPTIONS

       The following options may be used with any of the arguments available to the knife client subcommand:

       --chef-zero-port PORT
              The port on which chef-zero will listen.

       -c CONFIG_FILE, --config CONFIG_FILE
              The configuration file to use.

       -d, --disable-editing
              Use to prevent the $EDITOR from being opened and to accept data as-is.

       --defaults
              Use to have knife use the default value instead of asking a user to provide one.

       -e EDITOR, --editor EDITOR
              The $EDITOR that is used for all interactive commands.

       -E ENVIRONMENT, --environment ENVIRONMENT
              The name of the environment. When this option is added to a command, the  command  will  run  only
              against the named environment.

       -F FORMAT, --format FORMAT
              The output format: summary (default), text, json, yaml, and pp.

       -h, --help
              Shows help for the command.

       -k KEY, --key KEY
              The private key that knife will use to sign requests made by the API client to the Chef server.

       --[no-]color
              Use to view colored output.

       --print-after
              Use to show data after a destructive operation.

       -s URL, --server-url URL
              The URL for the Chef server.

       -u USER, --user USER
              The  user  name  used  by  knife  to  sign  requests  made  by  the API client to the Chef server.
              Authentication will fail if the user name does not match the private key.

       -V, --verbose
              Set for more verbose outputs. Use -VV for maximum verbosity.

       -v, --version
              The version of the chef-client.

       -y, --yes
              Use to respond to all confirmation prompts with "Yes". knife will not ask for confirmation.

       -z, --local-mode
              Use to run the chef-client in local mode. This allows all commands  that  work  against  the  Chef
              server to also work against the local chef-repo.

BULK DELETE

       The  bulk  delete  argument  is used to delete any API client that matches a pattern defined by a regular
       expression. The regular expression must be within quotes and not be surrounded by forward slashes (/).

       Syntax

       This argument has the following syntax:

          $ knife client bulk delete REGEX

       Options

       This command does not have any specific options.

CREATE

       The create argument is used to create a new API client. This process will generate an RSA  key  pair  for
       the  named  API  client.  The  public  key  will be stored on the Chef server and the private key will be
       displayed on STDOUT or written to a named file.

       • For the chef-client, the private key should be copied to the system as /etc/chef/client.pem.

       • For knife, the private key is  typically  copied  to  ~/.chef/client_name.pem  and  referenced  in  the
         knife.rb configuration file.

       Syntax

       This argument has the following syntax:

          $ knife client create CLIENT_NAME (options)

       Options

       This argument has the following options:

       -a, --admin
              Use  to  create  a  client as an admin client. This is required for any user to access Open Source
              Chef as an administrator. This option only works when used with the open source  Chef  server  and
              will have no effect when used with Enterprise Chef.

       -f FILE, --file FILE
              Use to save a private key to the specified file name.

       --validator
              Use to create the client as the chef-validator. Default value: true.

       Examples

       To  create  a chef-client that can access the Chef server API as an administrator---sometimes referred to
       as an "API chef-client"---with the name "exampleorg" and save its private key to a file, enter:

          $ knife client create exampleorg -a -f "/etc/chef/client.pem"

       When running the create argument on Enterprise Chef, be sure to omit the -a option:

          $ knife client create exampleorg -f "/etc/chef/client.pem"

DELETE

       The delete argument is used to delete a registered API client.

       Syntax

       This argument has the following syntax:

          $ knife client delete CLIENT_NAME

       Options

       This command does not have any specific options.

       Examples

       To delete a client with the name "client_foo", enter:

          $ knife client delete client_foo

       Type Y to confirm a deletion.

EDIT

       The edit argument is used to edit the details of a registered API client.  When  this  argument  is  run,
       knife will open $EDITOR to enable editing of the admin attribute. (None of the other attributes should be
       changed using this argument.) When finished, knife will update the Chef server with those changes.

       Syntax

       This argument has the following syntax:

          $ knife client edit CLIENT_NAME

       Options

       This command does not have any specific options.

       Examples

       To edit a client with the name "exampleorg", enter:

          $ knife client edit exampleorg

LIST

       The list argument is used to view a list of registered API client.

       Syntax

       This argument has the following syntax:

          $ knife client list (options)

       Options

       This argument has the following options:

       -w, --with-uri
              Use to show the corresponding URIs.

       Examples

       To verify the API client list for the Chef server, enter:

          $ knife client list

       to return something similar to:

          exampleorg
          i-12345678
          rs-123456

       To verify that an API client can authenticate to the Chef server correctly, try getting a list of clients
       using -u and -k options to specify its name and private key:

          $ knife client list -u ORGNAME -k .chef/ORGNAME.pem

REREGISTER

       The  reregister  argument is used to regenerate an RSA key pair for an API client. The public key will be
       stored on the Chef server and the private key will be displayed on STDOUT or written to a named file.

       NOTE:
          Running this  argument  will  invalidate  the  previous  RSA  key  pair,  making  it  unusable  during
          authentication to the Chef server.

       Syntax

       This argument has the following syntax:

          $ knife client reregister CLIENT_NAME (options)

       Options

       This argument has the following options:

       -f FILE_NAME, --file FILE_NAME
              Use to save a private key to the specified file name.

       Examples

       To  regenerate  the  RSA  key pair for a client named "testclient" and save it to a file named "rsa_key",
       enter:

          $ knife client regenerate testclient -f rsa_key

SHOW

       The show argument is used to show the details of an API client.

       Syntax

       This argument has the following syntax:

          $ knife client show CLIENT_NAME (options)

       Options

       This argument has the following options:

       -a ATTR, --attribute ATTR
              The attribute (or attributes) to show.

       Examples

       To view a client named "testclient", enter:

          $ knife client show testclient

       to return something like:

          admin:       false
          chef_type:   client
          json_class:  Chef::ApiClient
          name:        testclient
          public_key:

       To view information in JSON format, use the -F common option as part of the command like this:

          $ knife role show devops -F json

       Other formats available include text, yaml, and pp.

AUTHOR

       Chef

                                                    Chef 12.0                                    KNIFE-CLIENT(1)