knife-client - Manage Chef API Clients
knife client sub-command (options)
Client subcommands follow a basic create, read, update, delete (CRUD) pattern. The Following subcommands are available:
knife client bulk delete regex (options)
Delete clients where the client name matches the regular expression regex on the Chef Server. The regular expression should be given as a quoted string, and not surrounded by forward slashes.
knife client create client name (options)
-a, --admin -f, --file FILECreate a new client. This generates an RSA keypair. The private key will
be displayed on STDOUT or written to the named file. The public half
will be stored on the Server. For chef-client systems, the private key
should be copied to the system as /etc/chef/client.pem.
Admin clients should be created for users that will use knife to
access the API as an administrator. The private key will generally be
copied to ~/.chef/client\_name.pem and referenced in the knife.rb
configuration file.
knife client delete client name (options)
Deletes a registered client.
client edit client name (options)
Edit a registered client.
client list (options)
-w, --with-uriList all registered clients.
client reregister client name (options)
-f, --file FILERegenerate the RSA keypair for a client. The public half will be stored on the server and the private key displayed on STDOUT or written to the named file. This operation will invalidate the previous keypair used by the client, preventing it from authenticating with the Chef Server. Use care when reregistering the validator client.
client show client name (options)
-a, --attribute ATTRShow a client. Output format is determined by the --format option.
Clients are identities used for communication with the Chef Server API, roughly equivalent to user accounts on the Chef Server, except that clients only communicate with the Chef Server API and are authenticated via request signatures.
In the typical case, there will be one client object on the server for each node, and the corresponding client and node will have identical names.
In the Chef authorization model, there is one special client, the "validator", which is authorized to create new non-administrative clients but has minimal privileges otherwise. This identity is used as a sort of "guest account" to create a client identity when initially setting up a host for management with Chef.
knife-node(1)
Chef was written by Adam Jacob adam@opscode.com with many contributions from the community.
This manual page was written by Joshua Timberman joshua@opscode.com. Permission is granted to copy, distribute and / or modify this document under the terms of the Apache 2.0 License.
Knife is distributed with Chef. http://wiki.opscode.com/display/chef/Home