1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
|
.TH "KNIFE-SSH" "1" "Chef 11.8.0" "" "knife ssh"
.SH NAME
knife-ssh \- The man page for the knife ssh subcommand.
.
.nr rst2man-indent-level 0
.
.de1 rstReportMargin
\\$1 \\n[an-margin]
level \\n[rst2man-indent-level]
level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
-
\\n[rst2man-indent0]
\\n[rst2man-indent1]
\\n[rst2man-indent2]
..
.de1 INDENT
.\" .rstReportMargin pre:
. RS \\$1
. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
. nr rst2man-indent-level +1
.\" .rstReportMargin post:
..
.de UNINDENT
. RE
.\" indent \\n[an-margin]
.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
.nr rst2man-indent-level -1
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.\" Man page generated from reStructuredText.
.
.sp
The \fBknife ssh\fP subcommand is used to invoke SSH commands (in parallel) on a subset of nodes within an organization, based on the results of a search query.
.sp
\fBSyntax\fP
.sp
This argument has the following syntax:
.sp
.nf
.ft C
$ knife ssh SEARCH_QUERY SSH_COMMAND (options)
.ft P
.fi
.sp
\fBOptions\fP
.sp
This subcommand has the following options:
.INDENT 0.0
.TP
.B \fB\-a SSH_ATTR\fP, \fB\-\-attribute SSH_ATTR\fP
The attribute that is used when opening the SSH connection. The default attribute is the FQDN of the host. Other possible values include a public IP address, a private IP address, or a hostname.
.TP
.B \fB\-A\fP, \fB\-\-forward\-agent\fP
Indicates that SSH agent forwarding is enabled.
.TP
.B \fB\-c CONFIG_FILE\fP, \fB\-\-config CONFIG_FILE\fP
The configuration file to use.
.TP
.B \fB\-C NUM\fP, \fB\-\-concurrency NUM\fP
The number of allowed concurrent connections.
.TP
.B \fB\-\-chef\-zero\-port PORT\fP
The port on which chef\-zero will listen.
.TP
.B \fB\-\-[no\-]color\fP
Indicates whether colored output will be used.
.TP
.B \fB\-d\fP, \fB\-\-disable\-editing\fP
Indicates that $EDITOR will not be opened; data will be accepted as\-is.
.TP
.B \fB\-\-defaults\fP
Indicates that Knife will use the default value, instead of asking a user to provide one.
.TP
.B \fB\-e EDITOR\fP, \fB\-\-editor EDITOR\fP
The $EDITOR that is used for all interactive commands.
.TP
.B \fB\-E ENVIRONMENT\fP, \fB\-\-environment ENVIRONMENT\fP
The name of the environment. When this option is added to a command, the command will run only against the named environment.
.TP
.B \fB\-F FORMAT\fP, \fB\-\-format FORMAT\fP
The output format: \fBsummary\fP (default), \fBtext\fP, \fBjson\fP, \fByaml\fP, and \fBpp\fP.
.TP
.B \fB\-G GATEWAY\fP, \fB\-\-ssh\-gateway GATEWAY\fP
The SSH tunnel or gateway that is used to run a bootstrap action on a machine that is not accessible from the workstation.
.TP
.B \fB\-h\fP, \fB\-\-help\fP
Shows help for the command.
.TP
.B \fB\-i IDENTITY_FILE\fP, \fB\-\-identity\-file IDENTIFY_FILE\fP
The SSH identity file used for authentication. Key\-based authentication is recommended.
.TP
.B \fB\-k KEY\fP, \fB\-\-key KEY\fP
The private key that Knife will use to sign requests made by the API client to the server.
.TP
.B \fB\-m\fP, \fB\-\-manual\-list\fP
Indicates that a search query is a space\-separated list of servers. If there is more than one item in the list, put quotes around the entire list. For example: \fB\-\-manual\-list "server01 server 02 server 03"\fP
.TP
.B \fB\-\-[no\-]host\-key\-verify\fP
Use \fB\-\-no\-host\-key\-verify\fP to disable host key verification. Default setting: \fB\-\-host\-key\-verify\fP.
.TP
.B \fBOTHER\fP
The shell type. Possible values: \fBinteractive\fP, \fBscreen\fP, \fBtmux\fP, \fBmacterm\fP, or \fBcssh\fP. (\fBcsshx\fP is deprecated in favor of \fBcssh\fP.)
.TP
.B \fB\-p PORT\fP, \fB\-\-ssh\-port PORT\fP
The SSH port.
.TP
.B \fB\-P PASSWORD\fP, \fB\-\-ssh\-password PASSWORD\fP
The SSH password. This can be used to pass the password directly on the command line. If this option is not specified (and a password is required) Knife will prompt for the password.
.TP
.B \fB\-\-print\-after\fP
Indicates that data will be shown after a destructive operation.
.TP
.B \fB\-s URL\fP, \fB\-\-server\-url URL\fP
The URL for the server.
.TP
.B \fBSEARCH_QUERY\fP
The search query used to return a list of servers to be accessed using SSH and the specified \fBSSH_COMMAND\fP. This option uses the same syntax as the search sub\-command.
.TP
.B \fBSSH_COMMAND\fP
The command that will be run against the results of a search query.
.TP
.B \fB\-u USER\fP, \fB\-\-user USER\fP
The user name used by Knife to sign requests made by the API client to the server. Authentication will fail if the user name does not match the private key.
.TP
.B \fB\-v\fP, \fB\-\-version\fP
The version of the chef\-client.
.TP
.B \fB\-V\fP, \fB\-\-verbose\fP
Set for more verbose outputs. Use \fB\-VV\fP for maximum verbosity.
.TP
.B \fB\-x USER_NAME\fP, \fB\-\-ssh\-user USER_NAME\fP
The SSH user name.
.TP
.B \fB\-y\fP, \fB\-\-yes\fP
Indicates that the response to all confirmation prompts will be "Yes" (and that Knife will not ask for confirmation).
.TP
.B \fB\-z\fP, \fB\-\-local\-mode\fP
Indicates that the chef\-client will be run in local mode, which allows all commands that work against the server to also work against the local chef\-repo.
.UNINDENT
.sp
\fBExamples\fP
.sp
To find the uptime of all of web servers running Ubuntu on the Amazon EC2 platform, enter:
.sp
.nf
.ft C
$ knife ssh "role:web" "uptime" \-x ubuntu \-a ec2.public_hostname
.ft P
.fi
.sp
to return something like:
.sp
.nf
.ft C
ec2\-174\-129\-127\-206.compute\-1.amazonaws.com 13:50:47 up 1 day, 23:26, 1 user, load average: 0.25, 0.18, 0.11
ec2\-67\-202\-63\-102.compute\-1.amazonaws.com 13:50:47 up 1 day, 23:33, 1 user, load average: 0.12, 0.13, 0.10
ec2\-184\-73\-9\-250.compute\-1.amazonaws.com 13:50:48 up 16:45, 1 user, load average: 0.30, 0.22, 0.13
ec2\-75\-101\-240\-230.compute\-1.amazonaws.com 13:50:48 up 1 day, 22:59, 1 user, load average: 0.24, 0.17, 0.11
ec2\-184\-73\-60\-141.compute\-1.amazonaws.com 13:50:48 up 1 day, 23:30, 1 user, load average: 0.32, 0.17, 0.15
.ft P
.fi
.sp
.nf
.ft C
$ knife ssh \(aqname:*\(aq \(aqsudo chef\-client\(aq
.ft P
.fi
.sp
To force a chef\-client run on all of the web servers running Ubuntu on the Amazon EC2 platform, enter:
.sp
.nf
.ft C
$ knife ssh "role:web" "sudo chef\-client" \-x ubuntu \-a ec2.public_hostname
.ft P
.fi
.sp
to return something like:
.sp
.nf
.ft C
ec2\-67\-202\-63\-102.compute\-1.amazonaws.com [Fri, 22 Oct 2010 14:18:37 +0000] INFO: Starting Chef Run (Version 0.9.10)
ec2\-174\-129\-127\-206.compute\-1.amazonaws.com [Fri, 22 Oct 2010 14:18:37 +0000] INFO: Starting Chef Run (Version 0.9.10)
ec2\-184\-73\-9\-250.compute\-1.amazonaws.com [Fri, 22 Oct 2010 14:18:38 +0000] INFO: Starting Chef Run (Version 0.9.10)
ec2\-75\-101\-240\-230.compute\-1.amazonaws.com [Fri, 22 Oct 2010 14:18:38 +0000] INFO: Starting Chef Run (Version 0.9.10)
ec2\-184\-73\-60\-141.compute\-1.amazonaws.com [Fri, 22 Oct 2010 14:18:38 +0000] INFO: Starting Chef Run (Version 0.9.10)
ec2\-174\-129\-127\-206.compute\-1.amazonaws.com [Fri, 22 Oct 2010 14:18:39 +0000] INFO: Chef Run complete in 1.419243 seconds
ec2\-174\-129\-127\-206.compute\-1.amazonaws.com [Fri, 22 Oct 2010 14:18:39 +0000] INFO: cleaning the checksum cache
ec2\-174\-129\-127\-206.compute\-1.amazonaws.com [Fri, 22 Oct 2010 14:18:39 +0000] INFO: Running report handlers
ec2\-174\-129\-127\-206.compute\-1.amazonaws.com [Fri, 22 Oct 2010 14:18:39 +0000] INFO: Report handlers complete
ec2\-67\-202\-63\-102.compute\-1.amazonaws.com [Fri, 22 Oct 2010 14:18:39 +0000] INFO: Chef Run complete in 1.578265 seconds
ec2\-67\-202\-63\-102.compute\-1.amazonaws.com [Fri, 22 Oct 2010 14:18:39 +0000] INFO: cleaning the checksum cache
ec2\-67\-202\-63\-102.compute\-1.amazonaws.com [Fri, 22 Oct 2010 14:18:39 +0000] INFO: Running report handlers
ec2\-67\-202\-63\-102.compute\-1.amazonaws.com [Fri, 22 Oct 2010 14:18:39 +0000] INFO: Report handlers complete
ec2\-184\-73\-9\-250.compute\-1.amazonaws.com [Fri, 22 Oct 2010 14:18:40 +0000] INFO: Chef Run complete in 1.638884 seconds
ec2\-184\-73\-9\-250.compute\-1.amazonaws.com [Fri, 22 Oct 2010 14:18:40 +0000] INFO: cleaning the checksum cache
ec2\-184\-73\-9\-250.compute\-1.amazonaws.com [Fri, 22 Oct 2010 14:18:40 +0000] INFO: Running report handlers
ec2\-184\-73\-9\-250.compute\-1.amazonaws.com [Fri, 22 Oct 2010 14:18:40 +0000] INFO: Report handlers complete
ec2\-75\-101\-240\-230.compute\-1.amazonaws.com [Fri, 22 Oct 2010 14:18:40 +0000] INFO: Chef Run complete in 1.540257 seconds
ec2\-75\-101\-240\-230.compute\-1.amazonaws.com [Fri, 22 Oct 2010 14:18:40 +0000] INFO: cleaning the checksum cache
ec2\-75\-101\-240\-230.compute\-1.amazonaws.com [Fri, 22 Oct 2010 14:18:40 +0000] INFO: Running report handlers
ec2\-75\-101\-240\-230.compute\-1.amazonaws.com [Fri, 22 Oct 2010 14:18:40 +0000] INFO: Report handlers complete
ec2\-184\-73\-60\-141.compute\-1.amazonaws.com [Fri, 22 Oct 2010 14:18:40 +0000] INFO: Chef Run complete in 1.502489 seconds
ec2\-184\-73\-60\-141.compute\-1.amazonaws.com [Fri, 22 Oct 2010 14:18:40 +0000] INFO: cleaning the checksum cache
ec2\-184\-73\-60\-141.compute\-1.amazonaws.com [Fri, 22 Oct 2010 14:18:40 +0000] INFO: Running report handlers
ec2\-184\-73\-60\-141.compute\-1.amazonaws.com [Fri, 22 Oct 2010 14:18:40 +0000] INFO: Report handlers complete
.ft P
.fi
.sp
To query for all nodes that have the "webserver" role and then use SSH to run the command "sudo chef\-client", enter:
.sp
.nf
.ft C
$ knife ssh "role:webserver" "sudo chef\-client"
.ft P
.fi
.sp
.nf
.ft C
$ knife ssh name:* "sudo aptitude upgrade \-y"
.ft P
.fi
.sp
To specify the shell type used on the nodes returned by a search query:
.sp
.nf
.ft C
$ knife ssh roles:opscode\-omnitruck macterm
.ft P
.fi
.sp
where \fBscreen\fP is one of the following values: \fBcssh\fP, \fBinteractive\fP, \fBmacterm\fP, \fBscreen\fP, or \fBtmux\fP. If the node does not have the shell type installed, Knife will return an error similar to the following:
.sp
.nf
.ft C
you need the rb\-appscript gem to use knife ssh macterm.
\(ga(sudo) gem install rb\-appscript\(ga to install
ERROR: LoadError: cannot load such file \-\- appscript
.ft P
.fi
.SH AUTHOR
Chef
.\" Generated by docutils manpage writer.
.
|