About Knife
knife is a command-line tool that provides an interface between a local chef-repo and the Chef server. knife helps users to manage:
- Nodes
- Cookbooks and recipes
- Roles
- Stores of JSON data (data bags), including encrypted data
- Environments
- Cloud resources, including provisioning
- The installation of the chef-client on management workstations
- Searching of indexed data on the Chef server
Note
../../includes_notes/includes_notes_knife_quick_reference.rst
Topic | Description |
---|---|
Working with Knife | knife runs from a management workstation and sits in-between a Chef server and an organization’s infrastructure. |
Common Options | There are many options that are available for all knife subcommands. |
knife includes the following subcommands:
Subcommand | Description |
---|---|
knife bootstrap | Use the knife bootstrap subcommand to run a bootstrap operation that installs the chef-client on the target system. The bootstrap operation must specify the IP address or FQDN of the target system. |
knife client | The knife client subcommand is used to manage an API client list and their associated RSA public key-pairs. This allows authentication requests to be made to the Chef server by any entity that uses the Chef server API, such as the chef-client and knife. |
knife configure | Use the knife configure subcommand to create the knife.rb and client.rb files so that they can be distributed to workstations and nodes. |
knife cookbook | The knife cookbook subcommand is used to interact with cookbooks that are located on the Chef server or the local chef-repo. |
knife cookbook site | The knife cookbook site subcommand is used to interact with cookbooks that are located at https://supermarket.chef.io. A user account is required for any community actions that write data to this site. The following arguments do not require a user account: download , search , install , and list . |
knife data bag | The knife data bag subcommand is used to manage arbitrary stores of globally available JSON data. |
knife delete | Use the knife delete subcommand to delete an object from a Chef server. This subcommand works similar to knife cookbook delete , knife data bag delete , knife environment delete , knife node delete , and knife role delete , but with a single verb (and a single action). |
knife deps | Use the knife deps subcommand to identify dependencies for a node, role, or cookbook. |
knife diff | Use the knife diff subcommand to compare the differences between files and directories on the Chef server and in the chef-repo. For example, to compare files on the Chef server prior to an uploading or downloading files using the knife download and knife upload subcommands, or to ensure that certain files in multiple production environments are the same. This subcommand is similar to the git diff command that can be used to diff what is in the chef-repo with what is synced to a git repository. |
knife download | Use the knife download subcommand to download roles, cookbooks, environments, nodes, and data bags from the Chef server to the current working directory. It can be used to back up data on the Chef server, inspect the state of one or more files, or to extract out-of-process changes users may have made to files on the Chef server, such as if a user made a change that bypassed version source control. This subcommand is often used in conjunction with knife diff , which can be used to see exactly what changes will be downloaded, and then knife upload , which does the opposite of knife download . |
knife edit | Use the knife edit subcommand to edit objects on the Chef server. This subcommand works similar to knife cookbook edit , knife data bag edit , knife environment edit , knife node edit , and knife role edit , but with a single verb (and a single action). |
knife environment | The knife environment subcommand is used to manage environments within a single organization on the Chef server. |
knife exec | The knife exec subcommand uses the knife configuration file to execute Ruby scripts in the context of a fully configured chef-client. Use this subcommand to run scripts that will only access Chef server one time (or otherwise very infrequently) or any time that an operation does not warrant full usage of the knife subcommand library. |
knife index rebuild | Use the knife index rebuild subcommand to rebuild the search indexes for the open source Chef server. This operation is destructive and may take some time. |
knife list | Use the knife list subcommand to view a list of objects on the Chef server. This subcommand works similar to knife cookbook list , knife data bag list , knife environment list , knife node list , and knife role list , but with a single verb (and a single action). |
knife node | The knife node subcommand is used to manage the nodes that exist on a Chef server. |
knife raw | Use the knife raw subcommand to send a REST request to an endpoint in the Chef server API. |
knife recipe list | Use the knife recipe list subcommand to view all of the recipes that are on a Chef server. A regular expression can be used to limit the results to recipes that match a specific pattern. The regular expression must be within quotes and not be surrounded by forward slashes (/). |
knife role | The knife role subcommand is used to manage the roles that are associated with one or more nodes on a Chef server. |
knife search | Use the knife search subcommand to run a search query for information that is indexed on a Chef server. |
knife serve | Use the knife serve subcommand to run a persistent chef-zero against the local chef-repo. (chef-zero is a lightweight Chef server that runs in-memory on the local machine.) This is the same as running the chef-client executable with the --local-mode option. The chef_repo_path is located automatically and the Chef server will bind to the first available port between 8889 and 9999 . knife serve will print the URL for the local Chef server, so that it may be added to the knife.rb file. |
knife show | Use the knife show subcommand to view the details of one (or more) objects on the Chef server. This subcommand works similar to knife cookbook show , knife data bag show , knife environment show , knife node show , and knife role show , but with a single verb (and a single action). |
knife ssh | Use the knife ssh subcommand to invoke SSH commands (in parallel) on a subset of nodes within an organization, based on the results of a search query made to the Chef server. |
knife ssl check |
Use the When this command is run, the certificate files ( Warning When verification of a remote server’s SSL certificate is disabled, the chef-client will issue a warning similar to “SSL validation of HTTPS requests is disabled. HTTPS connections are still encrypted, but the chef-client is not able to detect forged replies or man-in-the-middle attacks.” To configure SSL for the chef-client, set |
knife ssl_fetch |
Use the Warning It is the user’s responsibility to verify the authenticity of every SSL certificate before downloading it to the |
knife status | Use the knife status subcommand to display a brief summary of the nodes on a Chef server, including the time of the most recent successful chef-client run. |
knife tag | The knife tag subcommand is used to apply tags to nodes on a Chef server. |
knife upload |
Use the
(Roles and environments stored as Ruby data will not be uploaded.) This subcommand is often used in conjunction with |
knife user | The knife user subcommand is used to manage the list of users and their associated RSA public key-pairs. |
knife xargs | Use the knife xargs subcommand to take patterns from standard input, download as JSON, run a command against the downloaded JSON, and then upload any changes. |
© Chef Software, Inc.
Licensed under the Creative Commons Attribution 3.0 Unported License.
The Chef™ Mark and Chef Logo are either registered trademarks/service marks or trademarks/servicemarks of Chef, in the United States and other countries and are used with Chef Inc's permission.
We are not affiliated with, endorsed or sponsored by Chef Inc.
https://docs-archive.chef.io/release/11-18/knife.html