xenial (1) knife-ssl-fetch.1.gz

Provided by: chef_12.3.0-3ubuntu1_all bug

NAME

       knife-ssl-fetch - The man page for the knife ssl fetch subcommand.

       The  knife  ssl  fetch  subcommand  is  used  to  copy  SSL  certificates  from  an  HTTPS  server to the
       trusted_certs_dir directory that is used by knife and the chef-client to store trusted SSL  certificates.
       When these certificates match the hostname of the remote server, running knife ssl fetch is the only step
       required to verify a remote server that is accessed by either knife or the chef-client.

       WARNING:
          It is the user's responsibility to verify the authenticity of every SSL certificate before downloading
          it  to the trusted_certs_dir directory. knife will use any certificate in that directory as if it is a
          100% trusted and authentic SSL certificate. knife will not be able to determine if any certificate  in
          this  directory  has  been  tampered with, is forged, malicious, or otherwise harmful. Therefore it is
          essential that users take the proper steps before downloading certificates into this directory.

       Syntax

       This subcommand has the following syntax:

          $ knife ssl fetch URI_FOR_HTTPS_SERVER

       Options

       This subcommand has the following options:

       -a SSH_ATTR, --attribute SSH_ATTR
              The attribute that is used when opening the SSH connection. The default attribute is the  FQDN  of
              the host. Other possible values include a public IP address, a private IP address, or a hostname.

       -A, --forward-agent
              Use to enable SSH agent forwarding.

       -c CONFIG_FILE, --config CONFIG_FILE
              The configuration file to use.

       -C NUM, --concurrency NUM
              The number of allowed concurrent connections.

       --chef-zero-port PORT
              The port on which chef-zero will listen.

       --[no-]color
              Use to view colored output.

       -d, --disable-editing
              Use to prevent the $EDITOR from being opened and to accept data as-is.

       --defaults
              Use to have knife use the default value instead of asking a user to provide one.

       -e EDITOR, --editor EDITOR
              The $EDITOR that is used for all interactive commands.

       -E ENVIRONMENT, --environment ENVIRONMENT
              The  name  of  the  environment. When this option is added to a command, the command will run only
              against the named environment.

       -F FORMAT, --format FORMAT
              The output format: summary (default), text, json, yaml, and pp.

       -G GATEWAY, --ssh-gateway GATEWAY
              The SSH tunnel or gateway that is used to run  a  bootstrap  action  on  a  machine  that  is  not
              accessible from the workstation.

       -h, --help
              Shows help for the command.

       -i IDENTITY_FILE, --identity-file IDENTIFY_FILE
              The SSH identity file used for authentication. Key-based authentication is recommended.

       -k KEY, --key KEY
              The private key that knife will use to sign requests made by the API client to the Chef server.

       -m, --manual-list
              Use  to define a search query as a space-separated list of servers. If there is more than one item
              in the list, put quotes around the entire list. For example:  --manual-list  "server01  server  02
              server 03"

       --[no-]host-key-verify
              Use --no-host-key-verify to disable host key verification. Default setting: --host-key-verify.

       OTHER  The shell type. Possible values: interactive, screen, tmux, macterm, or cssh. (csshx is deprecated
              in favor of cssh.)

       -p PORT, --ssh-port PORT
              The SSH port.

       -P PASSWORD, --ssh-password PASSWORD
              The SSH password. This can be used to pass the password directly on  the  command  line.  If  this
              option is not specified (and a password is required) knife will prompt for the password.

       --print-after
              Use to show data after a destructive operation.

       -s URL, --server-url URL
              The URL for the Chef server.

       SEARCH_QUERY
              The  search  query  used  to  return  a list of servers to be accessed using SSH and the specified
              SSH_COMMAND. This option uses the same syntax as the search sub-command.

       SSH_COMMAND
              The command that will be run against the results of a search query.

       -u USER, --user USER
              The user name used by knife to  sign  requests  made  by  the  API  client  to  the  Chef  server.
              Authentication will fail if the user name does not match the private key.

       -v, --version
              The version of the chef-client.

       -V, --verbose
              Set for more verbose outputs. Use -VV for maximum verbosity.

       -x USER_NAME, --ssh-user USER_NAME
              The SSH user name.

       -y, --yes
              Use to respond to all confirmation prompts with "Yes". knife will not ask for confirmation.

       -z, --local-mode
              Use  to  run  the  chef-client  in local mode. This allows all commands that work against the Chef
              server to also work against the local chef-repo.

       Examples

       The following examples show how to use this knife subcommand:

       Fetch the SSL certificates used by Knife from the Chef server

          $ knife ssl fetch

       Fetch the SSL certificates used by the chef-client from the Chef server

          $ knife ssl fetch -c /etc/chef/client.rb

       Fetch SSL certificates from a URL or URI

          $ knife ssl fetch URL_or_URI

       for example:

          $ knife ssl fetch https://www.getchef.com

AUTHOR

       Chef

                                                    Chef 12.0                                 KNIFE-SSL-FETCH(1)