The man page for the knife user subcommand. the knife user subcommand is used to manage the list of users and their associated rsa public key-pairs. this subcommand only works when run against the open source server version 10.x. this subcommand will not run against open source server 11, enterprise chef (including hosted enterprise chef), or private chef.
The following options may be used with any of the arguments available to the knife user subcommand:
--chef-zero-port PORT
The port on which chef-zero will listen.
-c CONFIG_FILE, --config CONFIG_FILE
The configuration file to use.
-d, --disable-editing
Indicates that $EDITOR will not be opened; data will be accepted as-is.
--defaults
Indicates that Knife will use the default value, instead of asking a user to provide one.
-e EDITOR, --editor EDITOR
The $EDITOR that is used for all interactive commands.
-E ENVIRONMENT, --environment ENVIRONMENT
The name of the environment. When this option is added to a command, the command will run only against the named environment.
-F FORMAT, --format FORMAT
The output format: summary (default), text, json, yaml, and pp.
-h, --help
Shows help for the command.
-k KEY, --key KEY
The private key that Knife will use to sign requests made by the API client to the server.
--[no-]color
Indicates whether colored output will be used.
--print-after
Indicates that data will be shown after a destructive operation.
-s URL, --server-url URL
The URL for the server.
-u USER, --user USER
The user name used by Knife to sign requests made by the API client to the server. Authentication will fail if the user name does not match the private key.
-V, --verbose
Set for more verbose outputs. Use -VV for maximum verbosity.
-v, --version
The version of the chef-client.
-y, --yes
Indicates that the response to all confirmation prompts will be "Yes" (and that Knife will not ask for confirmation).
-z, --local-mode
Indicates that the chef-client will be run in local mode, which allows all commands that work against the server to also work against the local chef-repo.
The create argument is used to create a user. This process will generate an RSA key pair for the named user. The public key will be stored on the server and the private key will be displayed on STDOUT or written to a named file.
For the user, the private key should be copied to the system as /etc/chef/client.pem.
For Knife, the private key is typically copied to ~/.chef/client_name.pem and referenced in the knife.rb configuration file.
Syntax
This argument has the following syntax:
$ knife user create USER_NAME (options)
Options
This argument has the following options:
-a, --admin
Indicates that a client will be created as an admin client. This is required when users of the open source server need to access the Chef Server API as an administrator. This option only works when used with the open source server and will have no effect when used with Enterprise Chef.
-f FILE_NAME, --file FILE_NAME
Indicates that the private key will be saved to a specified file name.
-p PASSWORD, --password PASSWORD
The user password.
--user-key FILE_NAME
All users are assigned a public key. Use to write the public key to a file.
Examples
$ knife user create "Radio Birdman" -f /keys/user_name
The delete argument is used to delete a registered user.
Syntax
This argument has the following syntax:
$ knife user delete USER_NAME
Options
This command does not have any specific options.
Examples
$ knife user delete "Steve Danno"
The edit argument is used to edit the details of a user. When this argument is run, Knife will open $EDITOR. When finished, Knife will update the server with those changes.
Syntax
This argument has the following syntax:
$ knife user edit USER_NAME
Options
This command does not have any specific options.
Examples
None.
The list argument is used to view a list of registered users.
Syntax
This argument has the following syntax:
$ knife user list (options)
Options
This argument has the following options:
-w, --with-uri
Indicates that the corresponding URIs will be shown.
Examples
None.
The reregister argument is used to regenerate an RSA key pair for a user. The public key will be stored on the server and the private key will be displayed on STDOUT or written to a named file.
Running this argument will invalidate the previous RSA key pair, making it unusable during authentication to the server.
Syntax
This argument has the following syntax:
$ knife user reregister USER_NAME (options)
Options
This argument has the following options:
-f FILE_NAME, --file FILE_NAME
Indicates that the private key will be saved to a specified file name.
Examples
$ knife user reregister "Robert Younger"
The show argument is used to show the details of a user.
Syntax
This argument has the following syntax:
$ knife user show USER_NAME (options)
Options
This argument has the following options:
-a ATTR, --attribute ATTR
The attribute (or attributes) to show.
Examples
To view a user named "Dennis Teck", enter:
$ knife user show "Dennis Teck"
to return something like:
chef_type: user json_class: Chef::User name: Dennis Teck public_key:
To view information in JSON format, use the -F common option as part of the command like this:
$ knife user show "Dennis Teck" -F json
(Other formats available include text, yaml, and pp, e.g. -F yaml for YAML.)
Chef