1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Working with Knife — chef-client Man Pages</title>
<link rel="stylesheet" href="_static/guide.css" type="text/css" />
<link rel="stylesheet" href="_static/pygments.css" type="text/css" />
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT: './',
VERSION: '',
COLLAPSE_INDEX: false,
FILE_SUFFIX: '.html',
HAS_SOURCE: true
};
</script>
<script type="text/javascript" src="_static/jquery.js"></script>
<script type="text/javascript" src="_static/underscore.js"></script>
<script type="text/javascript" src="_static/doctools.js"></script>
</head>
<body>
<div style="background-color: #212c35; text-align: left; padding: 0px 0px 0px 0px">
<a href="http://docs.opscode.com/"><img src="_static/chef_html_logo.png" border="0" alt="Chef"/></a>
</div>
<div class="document">
<div class="documentwrapper">
<div class="body">
<div class="section" id="working-with-knife">
<h1>Working with Knife<a class="headerlink" href="#working-with-knife" title="Permalink to this headline">¶</a></h1>
<p>Knife runs from a management workstation and sits in-between a Chef server and an organization’s infrastructure. Knife interacts with a Chef server by using the same REST API that is used by a chef-client. Role-based authentication controls (RBAC) can be used to authorize changes when Knife is run with Enterprise Chef. Knife is configured during workstation setup, but subsequent modifications can be made using the knife.rb configuration file.</p>
<div class="section" id="json-data-format">
<h2>JSON Data Format<a class="headerlink" href="#json-data-format" title="Permalink to this headline">¶</a></h2>
<p>Most data is entered using a text editor in JSON format, unless the <tt class="docutils literal"><span class="pre">--disable-editing</span></tt> option is entered as part of a command. (Encrypted data bags use YAML, which is a superset of JSON.) JSON is a common, language-independent data format that provides a simple text representation of arbitrary data structures. For more information about JSON, see <a class="reference external" href="http://www.json.org/">http://www.json.org/</a> or <a class="reference external" href="http://en.wikipedia.org/wiki/JSON">http://en.wikipedia.org/wiki/JSON</a>.</p>
<div class="section" id="set-the-text-editor">
<h3>Set the Text Editor<a class="headerlink" href="#set-the-text-editor" title="Permalink to this headline">¶</a></h3>
<p>Some Knife commands, such as <tt class="docutils literal"><span class="pre">knife</span> <span class="pre">data</span> <span class="pre">bag</span> <span class="pre">edit</span></tt>, require that information be edited as JSON data using a text editor. For example, the following command:</p>
<div class="highlight-bash"><div class="highlight"><pre><span class="nv">$ </span>knife data bag edit admins admin_name
</pre></div>
</div>
<p>will open up the text editor with data similar to:</p>
<div class="highlight-javascript"><div class="highlight"><pre><span class="p">{</span>
<span class="s2">"id"</span><span class="o">:</span> <span class="s2">"admin_name"</span>
<span class="p">}</span>
</pre></div>
</div>
<p>Changes to that file can then be made:</p>
<div class="highlight-javascript"><div class="highlight"><pre><span class="p">{</span>
<span class="s2">"id"</span><span class="o">:</span> <span class="s2">"Justin C."</span>
<span class="s2">"description"</span><span class="o">:</span> <span class="s2">"I am passing the time by letting time pass over me ..."</span>
<span class="p">}</span>
</pre></div>
</div>
<p>The type of text editor that is used by Knife can be configured by adding an entry to the knife.rb file or by setting an <tt class="docutils literal"><span class="pre">EDITOR</span></tt> environment variable. For example, to configure the text editor to always open with vim, add the following to the knife.rb file:</p>
<div class="highlight-ruby"><div class="highlight"><pre><span class="n">knife</span><span class="o">[</span><span class="ss">:editor</span><span class="o">]</span> <span class="o">=</span> <span class="s2">"/usr/bin/vim"</span>
</pre></div>
</div>
<p>When a Microsoft Windows file path is enclosed in a double-quoted string (” ”), the same backslash character (<tt class="docutils literal"><span class="pre">\</span></tt>) that is used to define the file path separator is also used in Ruby to define an escape character. The knife.rb file is a Ruby file; therefore, file path separators must be escaped. In addition, spaces in the file path must be replaced with <tt class="docutils literal"><span class="pre">~1</span></tt> so that the length of each section within the file path is not more than 8 characters. For example, if EditPad Pro is the text editor of choice and is located at the following path:</p>
<div class="highlight-python"><div class="highlight"><pre>C:\\Program Files (x86)\EditPad Pro\EditPad.exe
</pre></div>
</div>
<p>the setting in the knife.rb file would be similar to:</p>
<div class="highlight-ruby"><div class="highlight"><pre><span class="n">knife</span><span class="o">[</span><span class="ss">:editor</span><span class="o">]</span> <span class="o">=</span> <span class="s2">"C:</span><span class="se">\\</span><span class="s2">Progra~1</span><span class="se">\\</span><span class="s2">EditPa~1</span><span class="se">\\</span><span class="s2">EditPad.exe"</span>
</pre></div>
</div>
<p>One approach to working around the double- vs. single-quote issue is to put the single-quotes outside of the double-quotes. For example, for Notepad++:</p>
<div class="highlight-ruby"><div class="highlight"><pre><span class="n">knife</span><span class="o">[</span><span class="ss">:editor</span><span class="o">]</span> <span class="o">=</span> <span class="s1">'"C:\Program Files (x86)\Notepad++\notepad++.exe -nosession -multiInst"'</span>
</pre></div>
</div>
<p>for Sublime Text:</p>
<div class="highlight-ruby"><div class="highlight"><pre><span class="n">knife</span><span class="o">[</span><span class="ss">:editor</span><span class="o">]</span> <span class="o">=</span> <span class="s1">'"C:\Program Files\Sublime Text 2\sublime_text.exe --wait"'</span>
</pre></div>
</div>
<p>for TextPad:</p>
<div class="highlight-ruby"><div class="highlight"><pre><span class="n">knife</span><span class="o">[</span><span class="ss">:editor</span><span class="o">]</span> <span class="o">=</span> <span class="s1">'"C:\Program Files (x86)\TextPad 7\TextPad.exe"'</span>
</pre></div>
</div>
<p>and for vim:</p>
<div class="highlight-ruby"><div class="highlight"><pre><span class="n">knife</span><span class="o">[</span><span class="ss">:editor</span><span class="o">]</span> <span class="o">=</span> <span class="s1">'"C:\Program Files (x86)\vim\vim74\gvim.exe"'</span>
</pre></div>
</div>
</div>
</div>
<div class="section" id="using-quotes">
<h2>Using Quotes<a class="headerlink" href="#using-quotes" title="Permalink to this headline">¶</a></h2>
<p>Values can be entered with double quotes (” ”) or single quotes (‘ ‘), but this should be done consistently.</p>
</div>
<div class="section" id="sub-commands">
<h2>Sub-commands<a class="headerlink" href="#sub-commands" title="Permalink to this headline">¶</a></h2>
<p>Knife comes with a collection of built in subcommands that work together to provide all of the functionality required to take specific actions against any object in an organization, including cookbooks, nodes, roles, data bags, environments, and users. A Knife plugin extends the functionality beyond built-in subcommands.</p>
<p>Knife has the following subcommands: <tt class="docutils literal"><span class="pre">bootstrap</span></tt>, <tt class="docutils literal"><span class="pre">client</span></tt>, <tt class="docutils literal"><span class="pre">configure</span></tt>, <tt class="docutils literal"><span class="pre">cookbook</span></tt>, <tt class="docutils literal"><span class="pre">cookbook</span> <span class="pre">site</span></tt>, <tt class="docutils literal"><span class="pre">data</span> <span class="pre">bag</span></tt>, <tt class="docutils literal"><span class="pre">delete</span></tt>, <tt class="docutils literal"><span class="pre">deps</span></tt>, <tt class="docutils literal"><span class="pre">diff</span></tt>, <tt class="docutils literal"><span class="pre">download</span></tt>, <tt class="docutils literal"><span class="pre">edit</span></tt>, <tt class="docutils literal"><span class="pre">environment</span></tt>, <tt class="docutils literal"><span class="pre">exec</span></tt>, <tt class="docutils literal"><span class="pre">index</span> <span class="pre">rebuild</span></tt>, <tt class="docutils literal"><span class="pre">list</span></tt>, <tt class="docutils literal"><span class="pre">node</span></tt>, <tt class="docutils literal"><span class="pre">recipe</span> <span class="pre">list</span></tt>, <tt class="docutils literal"><span class="pre">role</span></tt>, <tt class="docutils literal"><span class="pre">search</span></tt>, <tt class="docutils literal"><span class="pre">show</span></tt>, <tt class="docutils literal"><span class="pre">ssh</span></tt>, <tt class="docutils literal"><span class="pre">status</span></tt>, <tt class="docutils literal"><span class="pre">tag</span></tt>, <tt class="docutils literal"><span class="pre">upload</span></tt>, <tt class="docutils literal"><span class="pre">user</span></tt>, and <tt class="docutils literal"><span class="pre">xargs</span></tt>.</p>
<div class="admonition note">
<p class="first admonition-title">Note</p>
<p class="last">The following subcommands run only against the open source Chef server: <tt class="docutils literal"><span class="pre">index</span> <span class="pre">rebuild</span></tt> and <tt class="docutils literal"><span class="pre">user</span></tt>.</p>
</div>
</div>
<div class="section" id="verb-sub-commands">
<h2>Verb Sub-commands<a class="headerlink" href="#verb-sub-commands" title="Permalink to this headline">¶</a></h2>
<p>Knife includes a set of subcommands that are built around common verbs: <tt class="docutils literal"><span class="pre">delete</span></tt>, <tt class="docutils literal"><span class="pre">deps</span></tt>, <tt class="docutils literal"><span class="pre">diff</span></tt>, <tt class="docutils literal"><span class="pre">download</span></tt>, <tt class="docutils literal"><span class="pre">edit</span></tt>, <tt class="docutils literal"><span class="pre">list</span></tt>, <tt class="docutils literal"><span class="pre">show</span></tt>, <tt class="docutils literal"><span class="pre">upload</span></tt>, <tt class="docutils literal"><span class="pre">xargs</span></tt>. These subcommands allow Knife to issue commands that interact with any object stored in the chef-repo or stored on the Chef server. Some important principles behind this group of subcommands includes:</p>
<ul class="simple">
<li>A command that works with each object in the chef-repo. The subcommands specify the desired action (the “verb”), and then directory in which that object resides (<tt class="docutils literal"><span class="pre">clients</span></tt>, <tt class="docutils literal"><span class="pre">cookbooks/</span></tt>, <tt class="docutils literal"><span class="pre">data_bags/</span></tt>, <tt class="docutils literal"><span class="pre">environments/</span></tt>, <tt class="docutils literal"><span class="pre">nodes</span></tt>, <tt class="docutils literal"><span class="pre">roles/</span></tt>, and <tt class="docutils literal"><span class="pre">users</span></tt>). For example: <tt class="docutils literal"><span class="pre">download</span> <span class="pre">cookbooks/</span></tt></li>
<li>A command that works with certain objects in Enterprise Chef, including <tt class="docutils literal"><span class="pre">acls</span></tt>, <tt class="docutils literal"><span class="pre">groups</span></tt>, and <tt class="docutils literal"><span class="pre">containers</span></tt></li>
<li>Uses the Chef server as if it were a file system, allowing the chef-repo on the Chef server to behave like a mirror of the chef-repo on the workstation. The Chef server will have the same objects as the local chef-repo. To make changes to the files on the Chef server, just download files from the Chef server or upload files from the chef-repo</li>
<li>The context from which a command is run matters. For example, when working in the <tt class="docutils literal"><span class="pre">roles/</span></tt> directory, Knife will know what is being worked with. Enter <tt class="docutils literal"><span class="pre">knife</span> <span class="pre">show</span> <span class="pre">base.json</span></tt> and Knife will return the base role from the Chef server. From the chef-repo root, enter <tt class="docutils literal"><span class="pre">knife</span> <span class="pre">show</span> <span class="pre">roles/base.json</span></tt> to get the same result</li>
<li>Parallel requests can be made to the Chef server and are configurable on a per-command basis</li>
</ul>
<div class="section" id="wildcard-search">
<h3>Wildcard Search<a class="headerlink" href="#wildcard-search" title="Permalink to this headline">¶</a></h3>
<p>A wildcard matching pattern can be used for substring matches that replace zero (or more) characters. There are two types of wildcard patterns:</p>
<ul class="simple">
<li>A question mark (”?”) can be used to replace exactly one character (as long as that character is not the first character)</li>
<li>An asterisk (“*”) can be used to replace any number of characters (including zero)</li>
</ul>
<p>Wildcard patterns must be escaped (using a backslash) so that the wildcard itself can reach the Chef server. If they are not escaped, the wildcard is expanded into the actual filenames and Knife will not know the wildcard was intended to be used. For example, if the Chef server has data bags named <tt class="docutils literal"><span class="pre">aardvarks</span></tt>, <tt class="docutils literal"><span class="pre">anagrams</span></tt>, and <tt class="docutils literal"><span class="pre">arp_tables</span></tt>, but the local file system only has <tt class="docutils literal"><span class="pre">aardvarks</span></tt> and <tt class="docutils literal"><span class="pre">anagrams</span></tt>, escaping vs. not escaping the wildcard pattern will yield different results:</p>
<div class="highlight-bash"><div class="highlight"><pre><span class="nv">$ </span>knife list data_bags/a<span class="se">\*</span>
</pre></div>
</div>
<p>asks the Chef server for everything starting with the letter “a” and will return:</p>
<div class="highlight-bash"><div class="highlight"><pre><span class="nv">$ </span>aardvarks/ anagrams/ arp_tables/
</pre></div>
</div>
<p>But, the following:</p>
<div class="highlight-bash"><div class="highlight"><pre><span class="nv">$ </span>knife list data_bags/a*
</pre></div>
</div>
<p>will return:</p>
<div class="highlight-bash"><div class="highlight"><pre><span class="nv">$ </span>aardvarks/ anagrams/
</pre></div>
</div>
<p>Which is the same as entering:</p>
<div class="highlight-bash"><div class="highlight"><pre><span class="nv">$ </span>knife list data_bags/aardvarks data_bags/anagrams
</pre></div>
</div>
<p>to return:</p>
<div class="highlight-bash"><div class="highlight"><pre><span class="nv">$ </span>aardvarks/ anagrams/
</pre></div>
</div>
</div>
</div>
<div class="section" id="plug-ins">
<h2>Plug-ins<a class="headerlink" href="#plug-ins" title="Permalink to this headline">¶</a></h2>
<p>Chef provides the following plugins, which work the same as built-in subcommands (including common options), but must be installed separately (using RubyGems): <strong>knife azure</strong>, <strong>knife bluebox</strong>, <strong>knife ec2</strong>, <strong>knife eucalyptus</strong>, <strong>knife google</strong>, <strong>knife hp</strong>, <strong>knife linode</strong>, <strong>knife openstack</strong>, <strong>knife rackspace</strong>, <strong>knife terremark</strong>, <strong>knife vcloud</strong>, and <strong>knife windows</strong>.</p>
<p>The community provides many other plugins for Knife: <a class="reference external" href="http://community.opscode.com/">http://community.opscode.com/</a>.</p>
</div>
<div class="section" id="syntax">
<h2>Syntax<a class="headerlink" href="#syntax" title="Permalink to this headline">¶</a></h2>
<p>All Knife subcommands have the following syntax:</p>
<blockquote>
<div>knife subcommand [ARGUMENT] (options)</div></blockquote>
<p>Each subcommand has its own set of arguments and options.</p>
<div class="admonition note">
<p class="first admonition-title">Note</p>
<p class="last">All syntax examples in this document show variables in ALL_CAPS. For example <tt class="docutils literal"><span class="pre">-u</span> <span class="pre">PORT_LIST</span></tt> (where PORT_LIST is a comma-separated list of local and public UDP ports) or <tt class="docutils literal"><span class="pre">-F</span> <span class="pre">FORMAT</span></tt> (where FORMAT determines the output format, either <tt class="docutils literal"><span class="pre">summary</span></tt>, <tt class="docutils literal"><span class="pre">text</span></tt>, <tt class="docutils literal"><span class="pre">json</span></tt>, <tt class="docutils literal"><span class="pre">yaml</span></tt>, or <tt class="docutils literal"><span class="pre">pp</span></tt>). These variables often require specific values that are unique to each organization.</p>
</div>
</div>
<div class="section" id="many-users-same-repo">
<h2>Many Users, Same Repo<a class="headerlink" href="#many-users-same-repo" title="Permalink to this headline">¶</a></h2>
<p>It is possible for multiple users to access the Chef server using the same knife.rb file. (A user can even access multiple organizations if, for example, each instance of the chef-repo contained the same copy of the knife.rb file.) This can be done by adding the knife.rb file to the chef-repo, and then using environment variables to handle the user-specific credential details and/or sensitive values. For example:</p>
<div class="highlight-ruby"><div class="highlight"><pre><span class="n">current_dir</span> <span class="o">=</span> <span class="no">File</span><span class="o">.</span><span class="n">dirname</span><span class="p">(</span><span class="bp">__FILE__</span><span class="p">)</span>
<span class="n">user</span> <span class="o">=</span> <span class="no">ENV</span><span class="o">[</span><span class="s1">'OPSCODE_USER'</span><span class="o">]</span> <span class="o">||</span> <span class="no">ENV</span><span class="o">[</span><span class="s1">'USER'</span><span class="o">]</span>
<span class="n">node_name</span> <span class="n">user</span>
<span class="n">client_key</span> <span class="s2">"</span><span class="si">#{</span><span class="no">ENV</span><span class="o">[</span><span class="s1">'HOME'</span><span class="o">]</span><span class="si">}</span><span class="s2">/.chef/</span><span class="si">#{</span><span class="n">user</span><span class="si">}</span><span class="s2">.pem"</span>
<span class="n">validation_client_name</span> <span class="s2">"</span><span class="si">#{</span><span class="no">ENV</span><span class="o">[</span><span class="s1">'ORGNAME'</span><span class="o">]</span><span class="si">}</span><span class="s2">-validator"</span>
<span class="n">validation_key</span> <span class="s2">"</span><span class="si">#{</span><span class="no">ENV</span><span class="o">[</span><span class="s1">'HOME'</span><span class="o">]</span><span class="si">}</span><span class="s2">/.chef/</span><span class="si">#{</span><span class="no">ENV</span><span class="o">[</span><span class="s1">'ORGNAME'</span><span class="o">]</span><span class="si">}</span><span class="s2">-validator.pem"</span>
<span class="n">chef_server_url</span> <span class="s2">"https://api.opscode.com/organizations/</span><span class="si">#{</span><span class="no">ENV</span><span class="o">[</span><span class="s1">'ORGNAME'</span><span class="o">]</span><span class="si">}</span><span class="s2">"</span>
<span class="n">syntax_check_cache_path</span> <span class="s2">"</span><span class="si">#{</span><span class="no">ENV</span><span class="o">[</span><span class="s1">'HOME'</span><span class="o">]</span><span class="si">}</span><span class="s2">/.chef/syntax_check_cache"</span>
<span class="n">cookbook_path</span> <span class="o">[</span><span class="s2">"</span><span class="si">#{</span><span class="n">current_dir</span><span class="si">}</span><span class="s2">/../cookbooks"</span><span class="o">]</span>
<span class="n">cookbook_copyright</span> <span class="s2">"Your Company, Inc."</span>
<span class="n">cookbook_license</span> <span class="s2">"apachev2"</span>
<span class="n">cookbook_email</span> <span class="s2">"cookbooks@yourcompany.com"</span>
<span class="c1"># Amazon AWS</span>
<span class="n">knife</span><span class="o">[</span><span class="ss">:aws_access_key_id</span><span class="o">]</span> <span class="o">=</span> <span class="no">ENV</span><span class="o">[</span><span class="s1">'AWS_ACCESS_KEY_ID'</span><span class="o">]</span>
<span class="n">knife</span><span class="o">[</span><span class="ss">:aws_secret_access_key</span><span class="o">]</span> <span class="o">=</span> <span class="no">ENV</span><span class="o">[</span><span class="s1">'AWS_SECRET_ACCESS_KEY'</span><span class="o">]</span>
<span class="c1"># Rackspace Cloud</span>
<span class="n">knife</span><span class="o">[</span><span class="ss">:rackspace_api_username</span><span class="o">]</span> <span class="o">=</span> <span class="no">ENV</span><span class="o">[</span><span class="s1">'RACKSPACE_USERNAME'</span><span class="o">]</span>
<span class="n">knife</span><span class="o">[</span><span class="ss">:rackspace_api_key</span><span class="o">]</span> <span class="o">=</span> <span class="no">ENV</span><span class="o">[</span><span class="s1">'RACKSPACE_API_KEY'</span><span class="o">]</span>
</pre></div>
</div>
</div>
</div>
</div>
</div>
<div class="clearer"></div>
</div>
</body>
</html>
|