Knife is a command line utility that comes with chef and is used to interact with the chef server which is used to manage chef. Management in chef includes many tasks.

• Managing nodes
• Uploading cookbooks and recipes from the local chef repository to the chef server
• Managing roles
• Managing environments
• Managing cloud resources which include provisioning on AWS (Amazon Web Services), Azure, or any other cloud provider
• Bootstrapping chef on nodes

Along with the aforementioned tasks, chef can be used to perform many other tasks which we discuss in the upcoming sections of this chapter.

Working with Knife

Knife executes its functions from a workstation and is used to interact with the chef server and also with your infrastructure (see Figure 6-1). The interaction with the workstation and the chef server is done using the REST API (application programming interface) that is used by a chef client. The workstation configuration includes knife configuration, but if we want to change or modify anything, we can directly do it in the knife configuration file.

There are many subcommands available with knife that are used to manage chef (Figures 6-2 and 6-3). We discuss some of them in the following sections. Knife –help can be used to see options common to all subcommands.

You can use the knife subcommand –help to see the options available to that subcommand.

All the commands in knife are structured in a similar way. They have the form NOUN verb NOUN (options). Chef server uses RESTful API. The chef server API is RESTful. The options available for the verb part are

• Create (create)
• List and show (read)
• Edit (update)
• Delete (destroy)

knife sub-command [argument] [options]

Some of the knife commands require the environment variable EDITOR to edit or create some objects, so it’s recommended to have it before using knife.

export EDITOR=vi

Bootstrap

A bootstrap is a process by which we install chef client on a target node. This command takes the IP (Internet provider) or the FQDN (fully qualified domain name) of the node as an input and installs the chef client package on it.

The syntax for this command is as follows:

knife bootstrap FQDN_or_IP_ADDRESS (options)

We will discuss some of the important options available in the bootstrap command.

--bootstrap-proxy PROXY_URL

This command requires Internet connectivity to be present on the node system. If the node is using proxy to connect to the Internet, then we need to specify this option.

--bootstrap-version VERSION

We use this option if we want to install a specific version of chef. By default, it installs the latest version.

-G GATEWAY, --ssh-gateway GATEWAY

The bootstrap command uses SSH to install chef. We use this option if our network has SSH, an SSH gateway configured, and direct SSH to our target node is blocked or not allowed.

-i IDENTITY_FILE, --identity-file IDENTITY_FILE

We adopt this option if we are using key-based authentication for SSH rather than a username and password.

-j JSON_ATTRIBS, --json-attributes JSON_ATTRIBS

We use this option if we want to specify some custom attributes on the first chef run.

-N NAME, --node-name NAME

We use this option to specify the node name by which it would be registered with the chef server. If we don’t specify this option, the FQDN of the node would be used.

--[no-]host-key-verify

We use this option to skip the host key verifications. It is enabled by default.

-p PORT, --ssh-port PORT

We use this option to specify the port to be used for SSH. If we don’t specify anything, Port 22 would be used.

-P PASSWORD, --ssh-password PASSWORD

We use this option to provide the password that would be used to log in to the instance.

-r RUN_LIST, --run-list RUN_LIST

We use this option to specify the list of recipes/roles or both to be applied to the node in a comma-separated format.

--sudo

If you use this option, then the bootstrap operation will be executed using sudo.

-x USERNAME, --ssh-user USERNAME

We use this option to specify the username that would be used by knife to log in to the instance.

Figure 6-4 shows the list of options available with the bootstrap subcommand.

Client

We use the client subcommand to manage the clients that are registered with the chef server. Many options are available, which we discuss here one by one.

The syntax for this command is as follows:

knife client (options)

Figure 6-5 shows the options available in knife client subcommand.

Bulk Delete

We use this option to delete any client registered with the chef server that matches a regular expression. Figure 6-6 shows an example.

Create

We use the create option to create a new client. Whenever we run this command, it generates a new RSA key pair for the client. The server will store the public key and the private would be displayed as an output. Figure 6-7 shows an example.

The following details are required in order to create an API client:

Name – The name with which the client would be registered.

Public-key – A RSA key pair that would be auto-generated.

Validator – Whether the client would be a validator or not. A validator is a special type of client which is used to register new clients to the chef server.

Admin – Whether the client would have administration privileges or not. It can either be true or false.

Delete

This argument is passed if we want to delete only a single registered API client. We need to provide the name with which the client is registered. Figure 6-8 shows an example.

The syntax for this command is as follows:

knife client delete client_name

Edit

We use this option if we want to edit the details of an already registered API client. We need to set the environment editor variable before using this option. Knife will use that editor to open the node object and we can edit the detail we want to. Knife then directly uploads the changes to the server. Figure 6-9 shows an example.

The syntax for this command is as follows:

knife client edit client_name

List

We use this option to view the list of clients registered with the chef server. Using his option will return a list of registered clients. Figure 6-10 shows an example.

The syntax for this command is as follows:

knife client list

Reregister

We normally use this option when we delete the client key from the client and we want a new key to be generated. It will regenerate the RSA key pair for the client. Figure 6-11 shows an example.

The syntax for this command is as follows:

knife client reregister client_name

Show

This option will display the information available about a client. Figure 6-12 shows what this information will look like.

The syntax for this command is as follows:

knife client show client_name

Configure

We can use the configure command to configure a workstation and client. We have already covered these things in previous chapters. We can create the knife configuration file (Knife.rb) and client configuration file (Client.rb) using this command. Figures 6-13 and 6-14 show how to use the command and the options available with the command.

The syntax for this command is as follows:

knife configure (options)

The following options are available in this command.

--client DIRECTORY

We use this option to specify the client directory where the client configuration file would be placed. It reads from the knife configuration file and writes relevant information to the client configuration file.

-i, --initial

We use this option to create an API client that would be used by knife for authorization.

-r REPO, --repository REPO

We use this option to provide the path of the local chef repository.

Cookbook

We use the cookbook subcommand to interact with cookbooks that are located on the chef server or on the local chef repository (see Figure 6-15).

The syntax for this command is as follows:

knife cookbook [Argument] (options)

We discuss the arguments available in this subcommand one by one in the following sections.

Bulk Delete

We use this argument if we want to delete cookbooks that match certain patterns. The Regex should be written within quotes.

The syntax for this argument is as follows:

knife cookbook bulk delete "REGEX"

Create

We use this argument to create a cookbook in the local repository (see Figure 6-16). It will create a list of directories and files necessary for a cookbook. We can then upload the cookbook to the chef server.

The syntax for this command is as follows:

knife cookbook create COOKBOOK_NAME (options)

Delete

We use this subcommand if we want to delete a cookbook or any version of a cookbook from the chef server (see Figure 6-17).

The syntax for this command is as follows:

knife cookbook delete cookbook_name

Download

We use this subcommand to download a cookbook from the chef server (see Figure 6-18).

The syntax for this command is as follows:

knife cookbook download COOKBOOK_NAME [COOKBOOK_VERSION] (options)

List

We use this argument to list the cookbooks that are present on the chef server. It will list the latest versions of the cookbooks that are available (see Figure 6-19).

The syntax is as follows:

knife cookbook list

Show

We used this argument to view the information about a cookbook or any file associated with the cookbook present on the chef server (see Figure 6-20).

The syntax for this argument is as follows:

knife cookbook show COOKBOOK_NAME [COOKBOOK_VERSION] [PART...] [FILE_NAME] (options)

Test

We use this argument if we want to check a cookbook for syntax errors. This argument verifies every file present in the cookbook directory ending with a .rb or a .erb extension.

Figure 6-21 shows the syntax for this argument.

Upload

We require the upload argument if we want to upload any cookbook or associated files from the local repository to the chef server (see Figure 6-22).

The syntax for the upload argument is as follows:

knife cookbook upload [COOKBOOK_NAME...] (options)

Cookbook Site

We use this subcommand if we want to directly use the cookbooks that Opscode provides.

The syntax for this command is as follows:

knife cookbook site [argument] (options)

The following arguments are available in this subcommand:

• Download
• Install
• List
• Search
• Share
• Show
• UnShare

Download

We use this argument if we want to download any cookbook available on the chef server.

This argument has the following syntax:

knife cookbook site download COOKBOOK_NAME [COOKBOOK_VERSION] (options)

It will download the cookbook in the directory we are working as a tar file. Extract the file and upload it to the chef server for further use.

Install

We use this argument if we want to install any cookbook to a local git repository.

Using this argument does the following:

• Creates a new branch for tracking the upstream.
• Removes all the previous versions of cookbook from the branch (if any).
• Downloads the cookbook from https://cookbooks.opscode.com in the tar.gz format.
• Untars the downloaded cookbook and commits its contents to git and creates a tag.
• Merges the newly created branch into the master branch.

This process allows the upstream cookbook in the master branch to be modified while letting git maintain changes as a separate patch. When an updated upstream version becomes available, those changes can be merged while maintaining any local modifications.

This argument has the following syntax:

knife cookbook site install COOKBOOK_NAME [COOKBOOK_VERSION] (options)

List

It is used to view the list of cookbooks that are available in the community.

This argument has the following syntax:

knife cookbook site list

Search

This is used in case we want to search any cookbook available. It will return a list of cookbooks that match the search criteria.

The syntax for this argument is as follows:

knife cookbook site search SEARCH_QUERY (options)

Show

It can be used to view any information about any cookbook that Opscode provides.

The syntax for this argument is as follows:

knife cookbook site show COOKBOOK_NAME [COOKBOOK_VERSION]

Data Bag

Data bags are objects that are stored as a global variable and can be accessed from the chef server. This subcommand allows us to create or edit a data bag or any data bag item (see Figure 6-23).

The syntax for this command is as follows:

knife data bag [Argument] (options)

Delete

This command is used in case we want to delete any object from the chef server. It can be any node, any cookbook, or anything else (see Figure 6-24).

The syntax for this command is as follows:

knife delete [pattern...] (options)

This subcommand has the following options:

Download

The download subcommand can be used to download any data that exists on the chef server (see Figure 6-25). This data can include cookbooks, nodes, roles, and environments.

The syntax for this command is as follows:

knife download [PATTERN...] (options)

Environment

Environments in chef are a way to group nodes in chef. We can have environment-specific attributes. The environment subcommand can be used to manage the environments that already exist on the chef server or can be used to create new servers also (see Figure 6-26).

The syntax for this command is as follows:

knife environment [Argument] (options)

Node

Any server registered with the chef server can be referred to as a node. The node subcommand of knife can be used to manage the nodes that are registered with the chef server (see Figure 6-27). It can also be used to create a new node.

The syntax for this command is as follows:

knife node [argument] (options)

Recipe List

This subcommand is used to view the recipes that are present on the chef server (see Figure 6-28). By default, it will return all the recipes present and we can reduce the count by providing a Regex in the search query.

The syntax for this command is as follows:

knife recipe list REGEX

Role

Roles are a way to define certain process or patterns. A role is a collection of run list and some attributes. For example, a MySQL server role can consist of a MySQL server recipe and any custom attributes.

We use the knife subcommand to manage the roles that exist on the chef server (see Figure 6-29).

Usage is as follows:

The syntax for this command is as follows:

Knife role [Argument] (options)

Search

We use the search command to search the information that is indexed on the chef server (see Figure 6-30). Searches can be employed using the management console.

Show

We use the show command if we want to view anything that is stored on the chef server (see Figure 6-31).

The syntax for this command is as follows:

knife show [PATTERN...] (options)
e.g. – knife show roles,
Knife show cookbooks

SSH

We use this command if we want to invoke parallel SSH commands on a number of nodes, based upon a search query (see Figure 6-32).

The syntax for this command is as follows:

knife ssh Search_Query SSH_Command (options)

Following are the options available with the subcommand:

-a SSH_ATTR, --attribute SSH_ATTR

We us this option to specify the attributes that would be used for opening SSH connections.

-C NUM, --concurrency NUM

This option is used to specify the maximum number of concurrent connections.

-G GATEWAY, --ssh-gateway GATEWAY

We use this option if our network has an SSH gateway configured.

-i IDENTITY_FILE, --identity-file IDENTIFY_FILE

We use this option if we are using key-based authentication.

-p PORT, --ssh-port PORT

We use this option to specify the port that would be used for SSH. By default, a 22 port is used.

-P PASSWORD, --ssh-password PASSWORD

We use this option to pass the password that would be used for SSH into the node.

-x USER_NAME, --ssh-user USER_NAME

We use this option to pass the username that would be used for SSH.

Tag

We use this subcommand if we want to add a custom description to our nodes on the chef server, to group them based on the custom description (see Figure 6-33).

The syntax for this command is as follows:

knife tag [arguments]

• create—knife tag create NODE_NAME
• delete—knife tag delete NODE_NAME
• list—knife tag list NODE_NAME

Upload

This subcommand is used to upload anything from the local chef repository to the chef server (see Figure 6-34).

The syntax for this command is as follows:

knife upload [Pattern..] (options)