1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
|
.TH "CHEF-CLIENT" "8" "Chef 11.8.0" "" "chef-client"
.SH NAME
chef-client \- The man page for the chef-client command line tool.
.
.nr rst2man-indent-level 0
.
.de1 rstReportMargin
\\$1 \\n[an-margin]
level \\n[rst2man-indent-level]
level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
-
\\n[rst2man-indent0]
\\n[rst2man-indent1]
\\n[rst2man-indent2]
..
.de1 INDENT
.\" .rstReportMargin pre:
. RS \\$1
. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
. nr rst2man-indent-level +1
.\" .rstReportMargin post:
..
.de UNINDENT
. RE
.\" indent \\n[an-margin]
.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
.nr rst2man-indent-level -1
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.\" Man page generated from reStructuredText.
.
.sp
A chef\-client is an agent that runs locally on every node that is registered with the server. When a chef\-client is run, it will perform all of the steps that are required to bring the node into the expected state, including:
.INDENT 0.0
.IP \(bu 2
Registering and authenticating the node with the server
.IP \(bu 2
Building the node object
.IP \(bu 2
Synchronizing cookbooks
.IP \(bu 2
Compiling the resource collection by loading each of the required cookbooks, including recipes, attributes, and all other dependencies
.IP \(bu 2
Taking the appropriate and required actions to configure the node
.IP \(bu 2
Looking for exceptions and notifications, handling each as required
.UNINDENT
.sp
The chef\-client executable can be run as a command\-line tool.
.IP Note
A client.rb file is used to specify the configuration details for the chef\-client. This file is the default configuration file and is loaded every time the chef\-client executable is run. The chef\-client executable can be run as a daemon. On UNIX\- and Linux\-based machines, the configuration file is located at: /etc/chef/client.rb. On Microsoft Windows machines, the configuration file is located at C:chefclient.rb.
.RE
.SH OPTIONS
.sp
This command has the following syntax:
.sp
.nf
.ft C
chef\-client OPTION VALUE OPTION VALUE ...
.ft P
.fi
.sp
This command has the following options:
.INDENT 0.0
.TP
.B \fB\-A\fP, \fB\-\-fatal\-windows\-admin\-check\fP
Indicates that a chef\-client run should fail if the chef\-client does not have administrator privileges in Microsoft Windows.
.TP
.B \fB\-c CONFIG\fP, \fB\-\-config CONFIG\fP
The configuration file to use.
.TP
.B \fB\-d\fP, \fB\-\-daemonize\fP
Indicates that the executable will be run as a daemon. This option is only available on machines that run in UNIX or Linux environments. For machines that are running Microsoft Windows that require similar functionality, use the \fBchef\-client::service\fP recipe in the \fBchef\-client\fP cookbook: \fI\%http://community.opscode.com/cookbooks/chef-client\fP. This will install a chef\-client service under Microsoft Windows using the Windows Service Wrapper.
.TP
.B \fB\-E ENVIRONMENT_NAME\fP, \fB\-\-environment ENVIRONMENT_NAME\fP
The name of the environment.
.TP
.B \fB\-f\fP, \fB\-\-[no\-]fork\fP
Indicates that a chef\-client run will be contained in a secondary process with dedicated RAM. When the chef\-client run is complete the RAM will be returned to the master process. This option helps ensure that a chef\-client will use a steady amount of RAM over time because the master process will not run recipes. This option will also help prevent memory leaks (such as those that can be introduced by the code contained within a poorly designed cookbook). Use \fB\-\-no\-fork\fP to disable running the chef\-client in fork node. Default value: \fB\-\-fork\fP.
.TP
.B \fB\-F FORMAT\fP, \fB\-\-format FORMAT\fP
The output format: \fBsummary\fP (default), \fBtext\fP, \fBjson\fP, \fByaml\fP, and \fBpp\fP.
.TP
.B \fB\-\-force\-formatter\fP
Indicates that formatter output will be used instead of logger output.
.TP
.B \fB\-\-force\-logger\fP
Indicates that logger output will be used instead of formatter output.
.TP
.B \fB\-g GROUP\fP, \fB\-\-group GROUP\fP
The name of the group that owns a process. This is required when starting any executable as a daemon.
.TP
.B \fB\-h\fP, \fB\-\-help\fP
Shows help for the command.
.TP
.B \fB\-i SECONDS\fP, \fB\-\-interval SECONDS\fP
The frequency (in seconds) at which the chef\-client runs. This value is configured for the chef\-client application run time, rather than in \fBChef::Config\fP. Default value: \fB1800\fP.
.TP
.B \fB\-j PATH\fP, \fB\-\-json\-attributes PATH\fP
The path to a file that contains JSON data. Use this option to override attributes that are set from other locations, such as from within a cookbook or by a role.
.TP
.B \fB\-k KEY_FILE\fP, \fB\-\-client_key KEY_FILE\fP
The location of the file which contains the client key. Default value: \fB/etc/chef/client.pem\fP.
.TP
.B \fB\-K KEY_FILE\fP, \fB\-\-validation_key KEY_FILE\fP
The location of the file which contains the key used when a chef\-client is registered with a server. A validation key is signed using the \fBvalidation_client_name\fP for authentication. Default value: \fB/etc/chef/validation.pem\fP.
.TP
.B \fB\-l LEVEL\fP, \fB\-\-log_level LEVEL\fP
The level of logging that will be stored in a log file: \fBdebug\fP, \fBinfo\fP, \fBwarn\fP, \fBerror\fP, or \fBfatal\fP.
.TP
.B \fB\-L LOGLOCATION\fP, \fB\-\-logfile c\fP
The location in which log file output files will be saved. If this location is set to something other than \fBSTDOUT\fP, standard output logging will still be performed (otherwise there would be no output other than to a file). This is recommended when starting any executable as a daemon. Default value: \fBSTDOUT\fP.
.TP
.B \fB\-\-[no\-]color\fP
Indicates that color will not be used in the output. Default setting: \fB\-\-color\fP.
.TP
.B \fB\-N NODE_NAME\fP, \fB\-\-node\-name NODE_NAME\fP
The name of the node.
.TP
.B \fB\-o RUN_LIST_ITEM\fP, \fB\-\-override\-runlist RUN_LIST_ITEM\fP
Replace the current run list with the specified items.
.TP
.B \fB\-\-once\fP
Indicates that the chef\-client is run once and that interval and splay options are cancelled.
.TP
.B \fB\-P PID_FILE\fP, \fB\-\-pid PID_FILE\fP
The location in which a process identification number (pid) is saved. An executable, when started as a daemon, will write the pid to the specified file. Default value: \fB/tmp/name\-of\-executable.pid\fP.
.TP
.B \fB\-R\fP, \fB\-\-enable\-reporting\fP
Indicates that data collection reporting is enabled during a chef\-client run.
.TP
.B \fB\-s SECONDS\fP, \fB\-\-splay SECONDS\fP
A number (in seconds) to add to the \fBinterval\fP that is used to determine the frequency of chef\-client runs. This number can help prevent server load when there are many clients running at the same time.
.TP
.B \fB\-S CHEF_SERVER_URL\fP, \fB\-\-server CHEF_SERVER_URL\fP
The URL for the server.
.TP
.B \fB\-u USER\fP, \fB\-\-user USER\fP
The user that owns a process. This is required when starting any executable as a daemon.
.TP
.B \fB\-v\fP, \fB\-\-version\fP
The version of the chef\-client.
.TP
.B \fB\-W\fP, \fB\-\-why\-run\fP
Indicates that the executable will be run in why\-run mode, which is a type of chef\-client run that does everything except modify the system. Use why\-run mode to understand why the chef\-client makes the decisions that it makes and to learn more about the current and proposed state of the system.
.UNINDENT
.SH RUN WITH ELEVATED PRIVILEGES
.sp
The chef\-client may need to be run with elevated privileges in order to get a recipe to converge correctly. On UNIX and UNIX\-like operating systems this can be done by running the command as root. On Microsoft Windows this can be done by running the command prompt as an administrator.
.SS Linux
.sp
On Linux, the following error sometimes occurs when the permissions used to run the chef\-client are incorrect:
.sp
.nf
.ft C
$ chef\-client
[Tue, 29 Nov 2011 19:46:17 \-0800] INFO: *** Chef 10.X.X ***
[Tue, 29 Nov 2011 19:46:18 \-0800] WARN: Failed to read the private key /etc/chef/client.pem: #<Errno::EACCES: Permission denied \- /etc/chef/client.pem>
.ft P
.fi
.sp
This can be resolved by running the command as root. There are a few ways this can be done:
.INDENT 0.0
.IP \(bu 2
Log in as root and then run the chef\-client
.IP \(bu 2
Use \fBsu\fP to become the root user, and then run the chef\-client. For example:
.INDENT 2.0
.INDENT 3.5
.sp
.nf
.ft C
$ su
.ft P
.fi
.UNINDENT
.UNINDENT
.UNINDENT
.sp
and then:
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
$ chef\-client
.ft P
.fi
.UNINDENT
.UNINDENT
.INDENT 0.0
.IP \(bu 2
Use the sudo utility
.INDENT 2.0
.INDENT 3.5
.sp
.nf
.ft C
$ sudo chef\-client
.ft P
.fi
.UNINDENT
.UNINDENT
.IP \(bu 2
Give a user access to read \fB/etc/chef\fP and also the files accessed by the chef\-client. This requires super user privileges and, as such, is not a recommended approach
.UNINDENT
.SS Windows
.sp
On Microsoft Windows, running without elevated privileges (when they are necessary) is an issue that fails silently. It will appear that the chef\-client completed its run successfully, but the changes will not have been made. When this occurs, do one of the following to run the chef\-client as the administrator:
.INDENT 0.0
.IP \(bu 2
Log in to the administrator account. (This is not the same as an account in the administrator\(aqs security group.)
.IP \(bu 2
Run the chef\-client process from the administrator account while being logged into another account. Run the following command:
.INDENT 2.0
.INDENT 3.5
.sp
.nf
.ft C
$ runas /user:Administrator "cmd /C chef\-client"
.ft P
.fi
.sp
This will prompt for the administrator account password.
.UNINDENT
.UNINDENT
.IP \(bu 2
Open a command prompt by right\-clicking on the command prompt application, and then selecting \fBRun as administrator\fP. After the command window opens, the chef\-client can be run as the administrator
.UNINDENT
.SH EXAMPLES
.sp
\fBStart a Chef run when the chef\-client is running as a daemon\fP
.sp
A chef\-client that is running as a daemon can be woken up and started by sending the process a \fBSIGUSR1\fP. For example, to trigger a chef\-client run on a machine running Linux:
.sp
.nf
.ft C
$ sudo killall \-USR1 chef\-client
.ft P
.fi
.sp
\fBStart a Chef run manually\fP
.sp
.nf
.ft C
$ ps auxw|grep chef\-client
.ft P
.fi
.sp
to return something like:
.sp
.nf
.ft C
root 66066 0.9 0.0 2488880 264 s001 S+ 10:26AM 0:03.05
/System/Library/Frameworks/Ruby.framework/Versions/1.8/usr/bin/ruby /usr/bin/chef\-client \-i 3600 \-s 20
.ft P
.fi
.sp
and then enter:
.sp
.nf
.ft C
$ sudo kill \-USR1 66066
.ft P
.fi
.SH AUTHOR
Opscode
.\" Generated by docutils manpage writer.
.
|