1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
|
knife-client(1) -- Manage Chef API Clients
========================================
## SYNOPSIS
__knife__ __client__ _sub-command_ _(options)_
## SUB-COMMANDS
Client subcommands follow a basic create, read, update, delete (CRUD)
pattern. The Following subcommands are available:
## BULK DELETE
__knife client bulk delete__ _regex_ _(options)_
Delete clients where the client name matches the regular expression
_regex_ on the Chef Server. The regular expression should be given as a
quoted string, and not surrounded by forward slashes.
## CREATE
__knife client create__ _client name_ _(options)_
* `-a`, `--admin `:
Create the client as an admin
* `-f`, `--file FILE`:
Write the key to a file
Create a new client. This generates an RSA keypair. The private key will
be displayed on _STDOUT_ or written to the named file. The public half
will be stored on the Server. For _chef-client_ systems, the private key
should be copied to the system as `/etc/chef/client.pem`.
Admin clients should be created for users that will use _knife_ to
access the API as an administrator. The private key will generally be
copied to `~/.chef/client\_name.pem` and referenced in the `knife.rb`
configuration file.
## DELETE
__knife client delete__ _client name_ _(options)_
Deletes a registered client.
## EDIT
__client edit__ _client name_ _(options)_
Edit a registered client.
## LIST
__client list__ _(options)_
* `-w`, `--with-uri`:
Show corresponding URIs
List all registered clients.
## REREGISTER
__client reregister__ _client name_ _(options)_
* `-f`, `--file FILE`:
Write the key to a file
Regenerate the RSA keypair for a client. The public half will be stored
on the server and the private key displayed on _STDOUT_ or written to
the named file. This operation will invalidate the previous keypair used
by the client, preventing it from authenticating with the Chef Server.
Use care when reregistering the validator client.
## SHOW
__client show__ _client name_ _(options)_
* `-a`, `--attribute ATTR`:
Show only one attribute
Show a client. Output format is determined by the --format option.
## DESCRIPTION
Clients are identities used for communication with the Chef Server API,
roughly equivalent to user accounts on the Chef Server, except that
clients only communicate with the Chef Server API and are authenticated
via request signatures.
In the typical case, there will be one client object on the server for
each node, and the corresponding client and node will have identical
names.
In the Chef authorization model, there is one special client, the
"validator", which is authorized to create new non-administrative
clients but has minimal privileges otherwise. This identity is used as a
sort of "guest account" to create a client identity when initially
setting up a host for management with Chef.
## SEE ALSO
__knife-node__(1)
## AUTHOR
Chef was written by Adam Jacob <adam@opscode.com> with many contributions from the community.
## DOCUMENTATION
This manual page was written by Joshua Timberman <joshua@opscode.com>.
Permission is granted to copy, distribute and / or modify this document under the terms of the Apache 2.0 License.
## CHEF
Knife is distributed with Chef. <http://docs.chef.io>
|
