knife bootstrap
knife client
knife configure
knife cookbook
knife cookbook site
knife download
knife delete
knife edit
knife list
knife node
knife role
knife show
knife ssh
knife ssl check
knife ssl_fetch
knife status
knife upload
knife bootstrap
Bootstrap a node
1$ knife bootstrap 12.34.56.789 -P vanilla -x root -r 'recipe[apt],recipe[xfs],recipe[vim]'
Bootstrap a node: Use an SSH password and sudo whereas –sudo for execute a bootstrap operation with sudo.
1$ knife bootstrap 192.168.1.1 -x username -P PASSWORD --sudo
Bootstrap a node: Use an SSH password and sudo whereas –sudo for execute a bootstrap operation with sudo and –use-sudo-password for Perform a bootstrap operation with sudo
Also, specify the name and run list
1$ knife bootstrap 192.168.1.1 -x username -P PASSWORD --sudo --use-sudo-password --node-name node1 --run-list 'recipe[learn_chef_httpd]'
Bootstrap a node: using ssh user and password
1$knife bootstrap ADDRESS --ssh-user USER --ssh-password 'PASSWORD' --sudo --use-sudo-password --node-name node1
Bootstrap a node: using SSH identify file, for example ~/.ssh/my.pem
1$knife bootstrap ADDRESS --ssh-user USER --sudo --identity-file IDENTITY_FILE --node-name node1
Bootstrap a node: Use a file that contains a private key
1$ knife bootstrap 192.168.1.1 -x username -i ~/.ssh/id_rsa --sudo
Bootstrap a node: Fetch and execute an installation script from a URL
1$ knife bootstrap --bootstrap-install-sh http://mycustomserver.com/custom_install_chef_script.sh
Bootstrap a node: Specify options when using cURL
1$ knife bootstrap --bootstrap-curl-options "--proxy http://myproxy.com:8080"
Bootstrap a node: Specify options when using GNU Wget
1$ knife bootstrap --bootstrap-wget-options "-e use_proxy=yes -e http://myproxy.com:8080"
Bootstrap a node: Specify a custom installation command sequence
1$ knife bootstrap --bootstrap-install-command "curl -l http://mycustomserver.com/custom_install_chef_script.sh | sudo bash -s --"
Bootstrap a node: Bootstrap a local virtual machine using a forwarded port
Replace PORT with your SSH forwarded port, for example, 2222, and IDENTITY_FILE with your SSH identify file, for example /home/user/.vagrant/machines/default/virtualbox/private_key.
1$knife bootstrap localhost --ssh-port PORT --ssh-user vagrant --sudo --identity-file IDENTITY_FILE --node-name node1
knife cookbook
Delete a cookbook
1$ knife cookbook delete cookbook-name
1$ knife cookbook delete cookbook-name 0.8
Download a cookbook
1$ knife cookbook download cookbook-name
View a list of cookbooks
1$ knife cookbook list
Generate metadata
1$ knife cookbook metadata -a
Show cookbook data
1$ knife cookbook show cookbook-name
Test a cookbook
1$ knife cookbook test cookbook_name
Upload a cookbook
1$ knife cookbook upload cookbook_name
knife download
Use the knife download subcommand to download roles, cookbooks, environments, nodes, and data bags from the Chef server to the current working directory. It can be used to back up data on the Chef server, inspect the state of one or more files, or to extract out-of-process changes users may have made to files on the Chef server, such as if a user made a change that bypassed version source control.
Download the entire chef-repo
1$ knife download /
Download the /cookbooks directory
1$ knife download cookbooks
Download the /environments directory
1$ knife download environments
Download the /roles directory
1$ knife download roles
Download cookbooks and roles
1$ knife download cookbooks/apache\* roles/webserver.json
knife node
The knife node subcommand is used to manage the nodes that exist on a Chef server.
Create a node
1$ knife node create node1
Delete a node
1$ knife node delete node1
Edit a node
1$ knife node edit node1 -a
Delete all the chef nodes
123456
$ knife node bulk delete ip*
$ knife node bulk delete "^[0-9]{3}$"
$ knife node bulk delete .
Create a node using a JSON file
1$ knife node from file "PATH_TO_JSON_FILE"
View a list of nodes
1$ knife node list
Add a role
1$ knife node run_list add NODE_NAME 'role[ROLE_NAME]'
Add roles and recipes
1$ knife node run_list add NODE_NAME 'recipe[COOKBOOK::RECIPE_NAME],recipe[COOKBOOK::RECIPE_NAME],role[ROLE_NAME]'
Add a recipe with a FQDN
1$ knife node run_list add NODE_NAME 'recipe[COOKBOOK::RECIPE_NAME]'
Add a recipe with a cookbook
1$ knife node run_list add NODE_NAME 'COOKBOOK::RECIPE_NAME'
Add the default recipe
1$ knife node run_list add NODE_NAME 'COOKBOOK'
knife role
A role is a way to define certain patterns and processes that exist across nodes in an organization as belonging to a single job function. Each role consists of zero (or more) attributes and a run-list. Each node can have zero (or more) roles assigned to it. When a role is run against a node, the configuration details of that node are compared against the attributes of the role, and then the contents of that role’s run-list are applied to the node’s configuration details. When a chef-client runs, it merges its own attributes and run-lists with those contained within each assigned role.
Create a role
1$ knife role create role1
Create a role using JSON data
1$ knife role from file "path to JSON file"
Delete a role
1$ knife role delete devops
Edit a role
1$ knife role edit role1
View a list of roles
1$ knife role list -w
Use the show argument to view the details of a role.
1$ knife role show ROLE_NAME
knife client
The knife client subcommand is used to manage an API client list and their associated RSA public key-pairs. This allows authentication requests to be made to the Chef server by any entity that uses the Chef server API, such as the chef-client and knife.
Create an admin client
To create a chef-client that can access the Chef server API as an administrator—sometimes referred to as an “API chef-client”—with the name “exampleorg” and save its private key to a file, enter:
1Create an admin client for Enterprise Chef
1$ knife client create exampleorg -f "/etc/chef/client.pem"
To delete a client with the name “client_foo”, enter:
1$ knife client delete client_foo
To edit a client with the name “exampleorg”, enter:
1$ knife client edit exampleorg
knife configure
Use the knife configure subcommand to create the knife.rb and client.rb files so that they can be distributed to workstations and nodes.
The following examples show how to use this knife subcommand: Configure knife.rb
1$ knife configure
The following examples show how to use this knife subcommand: Configure client.rb
1$ knife configure client '/directory'
knife delete
Use the knife delete subcommand to delete an object from a Chef server. This subcommand works similar to knife cookbook delete, knife data bag delete, knife environment delete, knife node delete, and knife role delete, but with a single verb (and a single action).
knife list
Use the knife list subcommand to view a list of objects on the Chef server. This subcommand works similar to knife cookbook list, knife data bag list, knife environment list, knife node list, and knife role list, but with a single verb (and a single action).
knife ssh
Use the knife ssh subcommand to invoke SSH commands (in parallel) on a subset of nodes within an organization, based on the results of a search query made to the Chef server.
To find the uptime of all of web servers running Ubuntu on the Amazon EC2 platform, enter:
1$ knife ssh "role:web" "uptime" -x ubuntu -a ec2.public_hostname
Run the chef-client on all nodes
1$ knife ssh 'name:*' 'sudo chef-client'
To force a chef-client run on all of the web servers running Ubuntu on the Amazon EC2 platform, enter:
1$ knife ssh "role:web" "sudo chef-client" -x ubuntu -a ec2.public_hostname
To query for all nodes that have the webserver role and then use SSH to run the command sudo chef-client, enter:
1$ knife ssh "role:webserver" "sudo chef-client"
Upgrade all nodes
1$ knife ssh name:* "sudo aptitude upgrade -y"
knife ssl check
Use the knife ssl check subcommand to verify the SSL configuration for the Chef server or a location specified by a URL or URI. Invalid certificates will not be used by OpenSSL.
If the SSL certificate can be verified, the response to
1$ knife ssl check
The SSL certificates that are used by the chef-client may be verified by specifying the path to the client.rb file. Use the –config option (that is available to any knife command) to specify this path:
1$ knife ssl check --config /etc/chef/client.rb
Verify an external server’s SSL certificate
1$ knife ssl check https://www.chef.io
knife ssl_fetch
Use the knife ssl fetch subcommand to copy SSL certificates from an HTTPS server to the trusted_certs_dir directory that is used by knife and the chef-client to store trusted SSL certificates. When these certificates match the hostname of the remote server, running knife ssl fetch is the only step required to verify a remote server that is accessed by either knife or the chef-client.
1$ knife ssl check https://www.chef.io
Fetch the SSL certificates used by Knife from the Chef server
1$ knife ssl fetch
knife status
Use the knife status subcommand to display a brief summary of the nodes on a Chef server, including the time of the most recent successful chef-client run.
To include run-lists in the status, enter:
1$ knife status --run-list
To show the status for nodes on which the chef-client did not run successfully within the past hour, enter:
1$ knife status --hide-healthy
To show the status of a subset of nodes that are returned by a specific query, enter:
1$ knife status "role:web" --run-list
View status for all nodes
1$ knife status
knife upload
Use the knife upload subcommand to upload data to the Chef server from the current working directory in the chef-repo. The following types of data may be uploaded with this subcommand: Cookbooks Data bags Roles stored as JSON data Environments stored as JSON data (Roles and environments stored as Ruby data will not be uploaded.) This subcommand is often used in conjunction with knife diff, which can be used to see exactly what changes will be uploaded, and then knife download, which does the opposite of knife upload.
Upload the entire chef-repo
1$ knife upload .
Upload the /cookbooks directory
1$ knife upload cookbooks
Upload the /environments directory
1$ knife upload environments
Upload a single environment
1$ knife upload environments/production.json
Upload the /roles directory
1$ knife upload roles
Upload cookbooks and roles
1$ knife upload cookbooks/apache\* roles/webserver.json
Upload Single Cookbook
1$ knife cookbook upload [cookbook-name]
Upload ALL Cookbooks
12$ knife cookbook upload -a
$ knife cookbook upload --all
Freeze Cookbook Version (and Force Upload)
1$ knife cookbook upload prod-db --freeze
Upload Cookbook with All Dependencies
12$ knife cookbook upload thegeekstuff -d
$ knife cookbook upload thegeekstuff --include-dependencies
Increase Number of Concurrent Connections
1$ knife cookbook upload -a --concurrency 20
Specify Cookbook Directory Location
1234$ knife cookbook upload prod-db -o /root/chef-repo/cookbooks
$ knife cookbook upload prod-db -o /root/chef-repo/cookbooks:/home/chef/cookbooks
$ knife cookbook upload prod-db --cookbook-path /root/chef-repo/cookbooks
$ knife cookbook upload prod-db --cookbook-path /root/chef-repo/cookbooks:/home/chef/cookbooks
Upload Cookbooks using Upload sub-command
1$ knife upload cookbooks/prod-db
Upload ALL Cookbooks
12$ knife upload cookbooks
$ knife upload /cookbooks
Upload Roles, Nodes and Environments
123456789$ knife upload roles
$ knife upload nodes
$ knife upload environments
$ knife upload /roles
$ knife upload /nodes
$ knife upload /environments
$ knife upload roles/dba.json
$ knife upload nodes/webserver.json
$ knife upload environment/oracledb.json
Upload the Whole Chef Repo (or) Upload Selective Items
123$ knife upload .
$ knife upload /
$ knife upload cookbooks/prod* nodes/web*
Force Upload even when it’s not Changed Locally
1$ knife upload cookbooks/prod-db --freeze
Perform Dry Run to Verify what’ll get Uploaded
1$ knife upload cookbooks --force --dry-run
- Installing Jupyter: Get up and running on your computer - November 2, 2024
- An Introduction of SymOps by SymOps.com - October 30, 2024
- Introduction to System Operations (SymOps) - October 30, 2024