Limited Time Offer!

For Less Than the Cost of a Starbucks Coffee, Access All DevOpsSchool Videos on YouTube Unlimitedly.
Master DevOps, SRE, DevSecOps Skills!

Enroll Now

Chef Tutorials: knife command line reference

knife bootstrap

knife client

knife configure

knife cookbook

knife cookbook site

knife download

knife delete

knife edit

knife list

knife node

knife role

knife show

knife ssh

knife ssl check

knife ssl_fetch

knife status

knife upload

knife bootstrap

Bootstrap a node

1$ knife bootstrap 12.34.56.789 -P vanilla -x root -r 'recipe[apt],recipe[xfs],recipe[vim]'

Bootstrap a node: Use an SSH password and sudo whereas –sudo for execute a bootstrap operation with sudo.

1$ knife bootstrap 192.168.1.1 -x username -P PASSWORD --sudo

Bootstrap a node: Use an SSH password and sudo whereas –sudo for execute a bootstrap operation with sudo and –use-sudo-password for Perform a bootstrap operation with sudo
Also, specify the name and run list

1$ knife bootstrap 192.168.1.1 -x username -P PASSWORD --sudo --use-sudo-password --node-name node1 --run-list 'recipe[learn_chef_httpd]'

Bootstrap a node: using ssh user and password

1$knife bootstrap ADDRESS --ssh-user USER --ssh-password 'PASSWORD' --sudo --use-sudo-password --node-name node1

Bootstrap a node: using SSH identify file, for example ~/.ssh/my.pem

1$knife bootstrap ADDRESS --ssh-user USER --sudo --identity-file IDENTITY_FILE --node-name node1

Bootstrap a node: Use a file that contains a private key

1$ knife bootstrap 192.168.1.1 -x username -i ~/.ssh/id_rsa --sudo

Bootstrap a node: Fetch and execute an installation script from a URL

1$ knife bootstrap --bootstrap-install-sh http://mycustomserver.com/custom_install_chef_script.sh

Bootstrap a node: Specify options when using cURL

1$ knife bootstrap --bootstrap-curl-options "--proxy http://myproxy.com:8080"

Bootstrap a node: Specify options when using GNU Wget

1$ knife bootstrap --bootstrap-wget-options "-e use_proxy=yes -e http://myproxy.com:8080"

Bootstrap a node: Specify a custom installation command sequence

1$ knife bootstrap --bootstrap-install-command "curl -l http://mycustomserver.com/custom_install_chef_script.sh | sudo bash -s --"

Bootstrap a node: Bootstrap a local virtual machine using a forwarded port
Replace PORT with your SSH forwarded port, for example, 2222, and IDENTITY_FILE with your SSH identify file, for example /home/user/.vagrant/machines/default/virtualbox/private_key.

1$knife bootstrap localhost --ssh-port PORT --ssh-user vagrant --sudo --identity-file IDENTITY_FILE --node-name node1

knife cookbook

Delete a cookbook

1$ knife cookbook delete cookbook-name
1$ knife cookbook delete cookbook-name 0.8

Download a cookbook

1$ knife cookbook download cookbook-name

View a list of cookbooks

1$ knife cookbook list

Generate metadata

1$ knife cookbook metadata -a

Show cookbook data

1$ knife cookbook show cookbook-name

Test a cookbook

1$ knife cookbook test cookbook_name

Upload a cookbook

1$ knife cookbook upload cookbook_name

knife download

Use the knife download subcommand to download roles, cookbooks, environments, nodes, and data bags from the Chef server to the current working directory. It can be used to back up data on the Chef server, inspect the state of one or more files, or to extract out-of-process changes users may have made to files on the Chef server, such as if a user made a change that bypassed version source control.
Download the entire chef-repo

1$ knife download /

Download the /cookbooks directory

1$ knife download cookbooks

Download the /environments directory

1$ knife download environments

Download the /roles directory

1$ knife download roles

Download cookbooks and roles

1$  knife download cookbooks/apache\* roles/webserver.json

knife node

The knife node subcommand is used to manage the nodes that exist on a Chef server.
Create a node

1$ knife node create node1

Delete a node

1$ knife node delete node1

Edit a node

1$ knife node edit node1 -a

Delete all the chef nodes

123456
$ knife node bulk delete ip*
$ knife node bulk delete "^[0-9]{3}$"
$ knife node bulk delete .
  
  

Create a node using a JSON file

1$ knife node from file "PATH_TO_JSON_FILE"

View a list of nodes

1$ knife node list

Add a role

1$ knife node run_list add NODE_NAME 'role[ROLE_NAME]'

Add roles and recipes

1$ knife node run_list add NODE_NAME 'recipe[COOKBOOK::RECIPE_NAME],recipe[COOKBOOK::RECIPE_NAME],role[ROLE_NAME]'

Add a recipe with a FQDN

1$ knife node run_list add NODE_NAME 'recipe[COOKBOOK::RECIPE_NAME]'

Add a recipe with a cookbook

1$ knife node run_list add NODE_NAME 'COOKBOOK::RECIPE_NAME'

Add the default recipe

1$ knife node run_list add NODE_NAME 'COOKBOOK'

knife role

A role is a way to define certain patterns and processes that exist across nodes in an organization as belonging to a single job function. Each role consists of zero (or more) attributes and a run-list. Each node can have zero (or more) roles assigned to it. When a role is run against a node, the configuration details of that node are compared against the attributes of the role, and then the contents of that role’s run-list are applied to the node’s configuration details. When a chef-client runs, it merges its own attributes and run-lists with those contained within each assigned role.
Create a role

1$ knife role create role1

Create a role using JSON data

1$ knife role from file "path to JSON file"

Delete a role

1$ knife role delete devops

Edit a role

1$ knife role edit role1

View a list of roles

1$ knife role list -w

Use the show argument to view the details of a role.

1$ knife role show ROLE_NAME

knife client

The knife client subcommand is used to manage an API client list and their associated RSA public key-pairs. This allows authentication requests to be made to the Chef server by any entity that uses the Chef server API, such as the chef-client and knife.
Create an admin client
To create a chef-client that can access the Chef server API as an administrator—sometimes referred to as an “API chef-client”—with the name “exampleorg” and save its private key to a file, enter:

1Create an admin client for Enterprise Chef
1$ knife client create exampleorg -f "/etc/chef/client.pem"

To delete a client with the name “client_foo”, enter:

1$ knife client delete client_foo

To edit a client with the name “exampleorg”, enter:

1$ knife client edit exampleorg

knife configure

Use the knife configure subcommand to create the knife.rb and client.rb files so that they can be distributed to workstations and nodes.
The following examples show how to use this knife subcommand: Configure knife.rb

1$ knife configure

The following examples show how to use this knife subcommand: Configure client.rb

1$ knife configure client '/directory'

knife delete

Use the knife delete subcommand to delete an object from a Chef server. This subcommand works similar to knife cookbook delete, knife data bag delete, knife environment delete, knife node delete, and knife role delete, but with a single verb (and a single action).

knife list

Use the knife list subcommand to view a list of objects on the Chef server. This subcommand works similar to knife cookbook list, knife data bag list, knife environment list, knife node list, and knife role list, but with a single verb (and a single action).

knife ssh

Use the knife ssh subcommand to invoke SSH commands (in parallel) on a subset of nodes within an organization, based on the results of a search query made to the Chef server.
To find the uptime of all of web servers running Ubuntu on the Amazon EC2 platform, enter:

1$ knife ssh "role:web" "uptime" -x ubuntu -a ec2.public_hostname

Run the chef-client on all nodes

1$ knife ssh 'name:*' 'sudo chef-client'

To force a chef-client run on all of the web servers running Ubuntu on the Amazon EC2 platform, enter:

1$ knife ssh "role:web" "sudo chef-client" -x ubuntu -a ec2.public_hostname

To query for all nodes that have the webserver role and then use SSH to run the command sudo chef-client, enter:

1$ knife ssh "role:webserver" "sudo chef-client"

Upgrade all nodes

1$ knife ssh name:* "sudo aptitude upgrade -y"

knife ssl check

Use the knife ssl check subcommand to verify the SSL configuration for the Chef server or a location specified by a URL or URI. Invalid certificates will not be used by OpenSSL.
If the SSL certificate can be verified, the response to

1$ knife ssl check

The SSL certificates that are used by the chef-client may be verified by specifying the path to the client.rb file. Use the –config option (that is available to any knife command) to specify this path:

1$ knife ssl check --config /etc/chef/client.rb

Verify an external server’s SSL certificate

1$ knife ssl check https://www.chef.io

knife ssl_fetch

Use the knife ssl fetch subcommand to copy SSL certificates from an HTTPS server to the trusted_certs_dir directory that is used by knife and the chef-client to store trusted SSL certificates. When these certificates match the hostname of the remote server, running knife ssl fetch is the only step required to verify a remote server that is accessed by either knife or the chef-client.

1$ knife ssl check https://www.chef.io

Fetch the SSL certificates used by Knife from the Chef server

1$ knife ssl fetch

knife status

Use the knife status subcommand to display a brief summary of the nodes on a Chef server, including the time of the most recent successful chef-client run.
To include run-lists in the status, enter:

1$ knife status --run-list

To show the status for nodes on which the chef-client did not run successfully within the past hour, enter:

1$ knife status --hide-healthy

To show the status of a subset of nodes that are returned by a specific query, enter:

1$ knife status "role:web" --run-list

View status for all nodes

1$ knife status

knife upload

Use the knife upload subcommand to upload data to the Chef server from the current working directory in the chef-repo. The following types of data may be uploaded with this subcommand: Cookbooks Data bags Roles stored as JSON data Environments stored as JSON data (Roles and environments stored as Ruby data will not be uploaded.) This subcommand is often used in conjunction with knife diff, which can be used to see exactly what changes will be uploaded, and then knife download, which does the opposite of knife upload.
Upload the entire chef-repo

1$ knife upload .

Upload the /cookbooks directory

1$ knife upload cookbooks

Upload the /environments directory

1$ knife upload environments

Upload a single environment

1$ knife upload environments/production.json

Upload the /roles directory

1$ knife upload roles

Upload cookbooks and roles

1$ knife upload cookbooks/apache\* roles/webserver.json

Upload Single Cookbook

1$ knife cookbook upload [cookbook-name]

Upload ALL Cookbooks

12$ knife cookbook upload -a
$ knife cookbook upload --all

Freeze Cookbook Version (and Force Upload)

1$ knife cookbook upload prod-db --freeze

Upload Cookbook with All Dependencies

12$ knife cookbook upload thegeekstuff -d
$ knife cookbook upload thegeekstuff --include-dependencies

Increase Number of Concurrent Connections

1$ knife cookbook upload -a --concurrency 20

Specify Cookbook Directory Location

1234$ knife cookbook upload prod-db -o /root/chef-repo/cookbooks
$ knife cookbook upload prod-db -o /root/chef-repo/cookbooks:/home/chef/cookbooks
$ knife cookbook upload prod-db --cookbook-path /root/chef-repo/cookbooks
$ knife cookbook upload prod-db --cookbook-path /root/chef-repo/cookbooks:/home/chef/cookbooks

Upload Cookbooks using Upload sub-command

1$ knife upload cookbooks/prod-db

Upload ALL Cookbooks

12$ knife upload cookbooks
$ knife upload /cookbooks

Upload Roles, Nodes and Environments

123456789$ knife upload roles
$ knife upload nodes
$ knife upload environments
$ knife upload /roles
$ knife upload /nodes
$ knife upload /environments
$ knife upload roles/dba.json
$ knife upload nodes/webserver.json
$ knife upload environment/oracledb.json

Upload the Whole Chef Repo (or) Upload Selective Items

123$ knife upload . 
$ knife upload /
$ knife upload cookbooks/prod* nodes/web*

Force Upload even when it’s not Changed Locally

1$ knife upload cookbooks/prod-db --freeze

Perform Dry Run to Verify what’ll get Uploaded

1$ knife upload cookbooks --force --dry-run
Rajesh Kumar
Follow me
Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x