Working with Knife
Knife is a command line utility that comes with chef and is used to interact with the chef server which is used to manage chef. Management in chef includes many tasks.
Along with the aforementioned tasks, chef can be used to perform many other tasks which we discuss in the upcoming sections of this chapter.
Working with Knife
Knife executes its functions from a workstation and is used to interact with the chef server and also with your infrastructure (see Figure 6-1). The interaction with the workstation and the chef server is done using the REST API (application programming interface) that is used by a chef client. The workstation configuration includes knife configuration, but if we want to change or modify anything, we can directly do it in the knife configuration file.
Figure 6-1. List of options available with knife
There are many subcommands available with knife that are used to manage chef (Figures 6-2 and 6-3). We discuss some of them in the following sections. Knife –help can be used to see options common to all subcommands.
Figure 6-2. List of commands available with knife (1)
Figure 6-3. List of commands available with knife (2)
You can use the knife subcommand –help to see the options available to that subcommand.
All the commands in knife are structured in a similar way. They have the form NOUN verb NOUN (options). Chef server uses RESTful API. The chef server API is RESTful. The options available for the verb part are
knife sub-command [argument] [options]
Some of the knife commands require the environment variable EDITOR to edit or create some objects, so it’s recommended to have it before using knife.
export EDITOR=vi
Bootstrap
A bootstrap is a process by which we install chef client on a target node. This command takes the IP (Internet provider) or the FQDN (fully qualified domain name) of the node as an input and installs the chef client package on it.
The syntax for this command is as follows:
knife bootstrap FQDN_or_IP_ADDRESS (options)
We will discuss some of the important options available in the bootstrap command.
--bootstrap-proxy PROXY_URL
This command requires Internet connectivity to be present on the node system. If the node is using proxy to connect to the Internet, then we need to specify this option.
--bootstrap-version VERSION
We use this option if we want to install a specific version of chef. By default, it installs the latest version.
-G GATEWAY, --ssh-gateway GATEWAY
The bootstrap command uses SSH to install chef. We use this option if our network has SSH, an SSH gateway configured, and direct SSH to our target node is blocked or not allowed.
-i IDENTITY_FILE, --identity-file IDENTITY_FILE
We adopt this option if we are using key-based authentication for SSH rather than a username and password.
-j JSON_ATTRIBS, --json-attributes JSON_ATTRIBS
We use this option if we want to specify some custom attributes on the first chef run.
-N NAME, --node-name NAME
We use this option to specify the node name by which it would be registered with the chef server. If we don’t specify this option, the FQDN of the node would be used.
--[no-]host-key-verify
We use this option to skip the host key verifications. It is enabled by default.
-p PORT, --ssh-port PORT
We use this option to specify the port to be used for SSH. If we don’t specify anything, Port 22 would be used.
-P PASSWORD, --ssh-password PASSWORD
We use this option to provide the password that would be used to log in to the instance.
-r RUN_LIST, --run-list RUN_LIST
We use this option to specify the list of recipes/roles or both to be applied to the node in a comma-separated format.
--sudo
If you use this option, then the bootstrap operation will be executed using sudo.
-x USERNAME, --ssh-user USERNAME
We use this option to specify the username that would be used by knife to log in to the instance.
Figure 6-4 shows the list of options available with the bootstrap subcommand.
Figure 6-4. List of options available with knife bootstrap subcommand
Client
We use the client subcommand to manage the clients that are registered with the chef server. Many options are available, which we discuss here one by one.
The syntax for this command is as follows:
knife client (options)
Figure 6-5 shows the options available in knife client subcommand.
Figure 6-5. List of options available with knife client subcommand
Bulk Delete
We use this option to delete any client registered with the chef server that matches a regular expression. Figure 6-6 shows an example.
Figure 6-6. Deleting multiple clients
Create
We use the create option to create a new client. Whenever we run this command, it generates a new RSA key pair for the client. The server will store the public key and the private would be displayed as an output. Figure 6-7 shows an example.
Figure 6-7. Creating an API client
The following details are required in order to create an API client:
Name – The name with which the client would be registered.
Public-key – A RSA key pair that would be auto-generated.
Validator – Whether the client would be a validator or not. A validator is a special type of client which is used to register new clients to the chef server.
Admin – Whether the client would have administration privileges or not. It can either be true or false.
Delete
This argument is passed if we want to delete only a single registered API client. We need to provide the name with which the client is registered. Figure 6-8 shows an example.
Figure 6-8. Deleting a client
The syntax for this command is as follows:
knife client delete client_name
Edit
We use this option if we want to edit the details of an already registered API client. We need to set the environment editor variable before using this option. Knife will use that editor to open the node object and we can edit the detail we want to. Knife then directly uploads the changes to the server. Figure 6-9 shows an example.
Figure 6-9. Editing a client
The syntax for this command is as follows:
knife client edit client_name
List
We use this option to view the list of clients registered with the chef server. Using his option will return a list of registered clients. Figure 6-10 shows an example.
Figure 6-10. List of registered clients
The syntax for this command is as follows:
knife client list
Reregister
We normally use this option when we delete the client key from the client and we want a new key to be generated. It will regenerate the RSA key pair for the client. Figure 6-11 shows an example.
Figure 6-11. Reregistering a client
The syntax for this command is as follows:
knife client reregister client_name
Show
This option will display the information available about a client. Figure 6-12 shows what this information will look like.
Figure 6-12. Viewing a client
The syntax for this command is as follows:
knife client show client_name
Configure
We can use the configure command to configure a workstation and client. We have already covered these things in previous chapters. We can create the knife configuration file (Knife.rb) and client configuration file (Client.rb) using this command. Figures 6-13 and 6-14 show how to use the command and the options available with the command.
Figure 6-13. Configuring a client
Figure 6-14. Listing of options available with knife configure
The syntax for this command is as follows:
knife configure (options)
The following options are available in this command.
--client DIRECTORY
We use this option to specify the client directory where the client configuration file would be placed. It reads from the knife configuration file and writes relevant information to the client configuration file.
-i, --initial
We use this option to create an API client that would be used by knife for authorization.
-r REPO, --repository REPO
We use this option to provide the path of the local chef repository.
Cookbook
We use the cookbook subcommand to interact with cookbooks that are located on the chef server or on the local chef repository (see Figure 6-15).
Figure 6-15. Listing of options available with the knife cookbook subcommand
The syntax for this command is as follows:
knife cookbook [Argument] (options)
We discuss the arguments available in this subcommand one by one in the following sections.
We use this argument if we want to delete cookbooks that match certain patterns. The Regex should be written within quotes.
The syntax for this argument is as follows:
knife cookbook bulk delete "REGEX"
We use this argument to create a cookbook in the local repository (see Figure 6-16). It will create a list of directories and files necessary for a cookbook. We can then upload the cookbook to the chef server.
Figure 6-16. Creating a cookbook
The syntax for this command is as follows:
knife cookbook create COOKBOOK_NAME (options)
We use this subcommand if we want to delete a cookbook or any version of a cookbook from the chef server (see Figure 6-17).
Figure 6-17. Deleting a cookbook
The syntax for this command is as follows:
knife cookbook delete cookbook_name
We use this subcommand to download a cookbook from the chef server (see Figure 6-18).
Figure 6-18. Downloading a cookbook
The syntax for this command is as follows:
knife cookbook download COOKBOOK_NAME [COOKBOOK_VERSION] (options)
List
We use this argument to list the cookbooks that are present on the chef server. It will list the latest versions of the cookbooks that are available (see Figure 6-19).
Figure 6-19. Listing cookbooks
knife cookbook list
Show
We used this argument to view the information about a cookbook or any file associated with the cookbook present on the chef server (see Figure 6-20).
Figure 6-20. Viewing a version
The syntax for this argument is as follows:
knife cookbook show COOKBOOK_NAME [COOKBOOK_VERSION] [PART...] [FILE_NAME] (options)
We use this argument if we want to check a cookbook for syntax errors. This argument verifies every file present in the cookbook directory ending with a .rb or a .erb extension.
Figure 6-21 shows the syntax for this argument.
Figure 6-21. Testing a cookbook
We require the upload argument if we want to upload any cookbook or associated files from the local repository to the chef server (see Figure 6-22).
Figure 6-22. Uploading a cookbook
The syntax for the upload argument is as follows:
knife cookbook upload [COOKBOOK_NAME...] (options)
Cookbook Site
We use this subcommand if we want to directly use the cookbooks that Opscode provides.
The syntax for this command is as follows:
knife cookbook site [argument] (options)
The following arguments are available in this subcommand:
We use this argument if we want to download any cookbook available on the chef server.
This argument has the following syntax:
knife cookbook site download COOKBOOK_NAME [COOKBOOK_VERSION] (options)
It will download the cookbook in the directory we are working as a tar file. Extract the file and upload it to the chef server for further use.
We use this argument if we want to install any cookbook to a local git repository.
Using this argument does the following:
This process allows the upstream cookbook in the master branch to be modified while letting git maintain changes as a separate patch. When an updated upstream version becomes available, those changes can be merged while maintaining any local modifications.
This argument has the following syntax:
knife cookbook site install COOKBOOK_NAME [COOKBOOK_VERSION] (options)
It is used to view the list of cookbooks that are available in the community.
This argument has the following syntax:
knife cookbook site list
This is used in case we want to search any cookbook available. It will return a list of cookbooks that match the search criteria.
The syntax for this argument is as follows:
knife cookbook site search SEARCH_QUERY (options)
It can be used to view any information about any cookbook that Opscode provides.
The syntax for this argument is as follows:
knife cookbook site show COOKBOOK_NAME [COOKBOOK_VERSION]
Data Bag
Data bags are objects that are stored as a global variable and can be accessed from the chef server. This subcommand allows us to create or edit a data bag or any data bag item (see Figure 6-23).
Figure 6-23. List of options available with knife data bag subcommand
The syntax for this command is as follows:
knife data bag [Argument] (options)
Delete
This command is used in case we want to delete any object from the chef server. It can be any node, any cookbook, or anything else (see Figure 6-24).
Figure 6-24. List of options available with knife delete subcommand
The syntax for this command is as follows:
knife delete [pattern...] (options)
This subcommand has the following options:
Download
The download subcommand can be used to download any data that exists on the chef server (see Figure 6-25). This data can include cookbooks, nodes, roles, and environments.
Figure 6-25. List of options available with the knife download subcommand
The syntax for this command is as follows:
knife download [PATTERN...] (options)
Environment
Environments in chef are a way to group nodes in chef. We can have environment-specific attributes. The environment subcommand can be used to manage the environments that already exist on the chef server or can be used to create new servers also (see Figure 6-26).
Figure 6-26. List of options available with knife environment subcommands
The syntax for this command is as follows:
knife environment [Argument] (options)
Node
Any server registered with the chef server can be referred to as a node. The node subcommand of knife can be used to manage the nodes that are registered with the chef server (see Figure 6-27). It can also be used to create a new node.
Figure 6-27. List of options available with knife node subcommand
The syntax for this command is as follows:
knife node [argument] (options)
Recipe List
This subcommand is used to view the recipes that are present on the chef server (see Figure 6-28). By default, it will return all the recipes present and we can reduce the count by providing a Regex in the search query.
Figure 6-28. List of options available with knife recipe subcommands
The syntax for this command is as follows:
knife recipe list REGEX
Role
Roles are a way to define certain process or patterns. A role is a collection of run list and some attributes. For example, a MySQL server role can consist of a MySQL server recipe and any custom attributes.
We use the knife subcommand to manage the roles that exist on the chef server (see Figure 6-29).
Figure 6-29. List of options available with the knife role subcommand
Usage is as follows:
The syntax for this command is as follows:
Knife role [Argument] (options)
Search
We use the search command to search the information that is indexed on the chef server (see Figure 6-30). Searches can be employed using the management console.
Figure 6-30. List of options available with knife search subcommand
Show
We use the show command if we want to view anything that is stored on the chef server (see Figure 6-31).
Figure 6-31. List of options available with knife show subcommand
The syntax for this command is as follows:
knife show [PATTERN...] (options)
e.g. – knife show roles,
Knife show cookbooks
SSH
We use this command if we want to invoke parallel SSH commands on a number of nodes, based upon a search query (see Figure 6-32).
Figure 6-32. List of options available with the knife SSH subcommand
The syntax for this command is as follows:
knife ssh Search_Query SSH_Command (options)
Following are the options available with the subcommand:
-a SSH_ATTR, --attribute SSH_ATTR
We us this option to specify the attributes that would be used for opening SSH connections.
-C NUM, --concurrency NUM
This option is used to specify the maximum number of concurrent connections.
-G GATEWAY, --ssh-gateway GATEWAY
We use this option if our network has an SSH gateway configured.
-i IDENTITY_FILE, --identity-file IDENTIFY_FILE
We use this option if we are using key-based authentication.
-p PORT, --ssh-port PORT
We use this option to specify the port that would be used for SSH. By default, a 22 port is used.
-P PASSWORD, --ssh-password PASSWORD
We use this option to pass the password that would be used for SSH into the node.
-x USER_NAME, --ssh-user USER_NAME
We use this option to pass the username that would be used for SSH.
Tag
We use this subcommand if we want to add a custom description to our nodes on the chef server, to group them based on the custom description (see Figure 6-33).
Figure 6-33. List of options available with knife tag subcommands
The syntax for this command is as follows:
knife tag [arguments]
Upload
This subcommand is used to upload anything from the local chef repository to the chef server (see Figure 6-34).
Figure 6-34. List of options available with knife upload subcommands
The syntax for this command is as follows:
knife upload [Pattern..] (options)