1. Carta.tech
2. Packages
3. chef

• 29

  Section 1: Executable programs or shell commands

  chef-shell.1

  The man page for the chef-shell command line tool. chef-shell is a recipe debugging tool that allows the use of breakpoints within recipes. chef-shell runs as an interactive ruby (irb) session. chef-shell supports both recipe and attribute file syntax, as well as interactive debugging features. chef-shell is the new name for shef as of chef 11.x. chef-shell is backwards compatible and aside from the name change, has the same set of functionality as with previous releases. the chef-shell executable can be run as a command-line tool.

  knife.1

  The man page for the knife command line tool. knife is a command-line tool that provides an interface between a local chef-repo and the server. knife helps users to manage: nodes cookbooks and recipes roles stores of json data (data bags), including encrypted data environments cloud resources, including provisioning the installation of the chef-client on management workstations searching of indexed data on the server knife subcommands: knife bootstrap knife client knife configure knife cookbook knife cookbook site knife data bag knife delete knife deps knife diff knife download knife edit knife environment knife exec knife list knife node knife raw knife recipe list knife role knife search knife show knife ssh knife status knife tag knife upload knife user knife xargs

  knife-bootstrap.1

  The man page for the knife bootstrap subcommand. a bootstrap is a process that installs the chef-client on a target system so that it can run as a chef-client and communicate with a server. the knife bootstrap subcommand is used run a bootstrap operation that installs the chef-client on the target system. the bootstrap operation must specify the ip address or fqdn of the target system. syntax this argument has the following syntax:

  knife-client.1

  The man page for the knife client subcommand. when a node runs the chef-client for the first time, it generally does not yet have an api client identity, and so it cannot make authenticated requests to the server. this is where the validation client---known as the chef-validator---comes in. when the chef-client runs, it checks if it has a client key. if the client key does not exist, it then attempts to borrow the identity of the chef-validator to register itself with the server. in order to register with the server, the private key for the chef-validator needs to be copied to the host and placed in /etc/chef/validation.pem. once the chef-client has registered itself with the server, it no longer uses the validation client for anything. it is recommended that you delete the private key for the chef-validator from the host after the host has registered or use the delete_validation recipe that can be found in the chef-client cookbook (https://github.com/opscode-cookbooks/chef-client). the knife client subcommand is used to manage an api client list and their associated rsa public key-pairs. this allows authentication requests to be made to the server by any entity that uses the chef server api, such as the chef-client and knife.

  knife-configure.1

  The man page for the knife configure subcommand. the knife configure subcommand is used to create the knife.rb and client.rb files so that they can be distributed to workstations and nodes. syntax this argument has the following syntax when creating a knife.rb file:

  knife-cookbook.1

  The man page for the knife cookbook subcommand. a cookbook is the fundamental unit of configuration and policy distribution. each cookbook defines a scenario, such as everything needed to install and configure mysql, and then it contains all of the components that are required to support that scenario, including: attribute values that are set on nodes definitions that allow the creation of reusable collections of resources file distributions libraries that extend the chef-client and/or provide helpers to ruby code recipes that specify which resources to manage and the order in which those resources will be applied custom resources and providers templates versions metadata about recipes (including dependencies), version constraints, supported platforms, and so on the knife cookbook subcommand is used to interact with cookbooks that are located on the server or the local chef-repo.

  knife-cookbook-site.1

  The man page for the knife cookbook site subcommand. the cookbooks site api is used to provide access to the cookbooks community hosted at https://cookbooks.opscode.com. all of the cookbooks in the community are accessible through a rest api located at https://cookbooks.opscode.com/api/v1/ by using any of the supported endpoints. in most cases, using knife and the knife cookbook site sub-command (and any of its arguments) is the recommended method of interacting with these cookbooks, but in some cases, using the rest api directly may make sense. the knife cookbook site subcommand is used to interact with cookbooks that are located at https://cookbooks.opscode.com. a user account is required for any community actions that write data to this site. the following arguments do not require a user account: download, search, install, and list.

  knife-data-bag.1

  The man page for the knife data bag subcommand. a data bag is a global variable that is stored as json data and is accessible from a server. a data bag is indexed for searching and can be loaded by a recipe or accessed during a search. the contents of a data bag can vary, but they often include sensitive information (such as database passwords). a data bag item may be encrypted using shared secret encryption. this allows each data bag item to store confidential information (such as a database password) or to be managed in a source control system (without plain-text data appearing in revision history). each data bag item may be encrypted individually; if a data bag contains multiple encrypted data bag items, these data bag items are not required to share the same encryption keys. the knife data bag subcommand is used to manage arbitrary stores of globally available json data.

  knife-delete.1

  The man page for the knife delete subcommand. the knife delete subcommand is used to delete an object from a server. this subcommand works similar to knife cookbook delete, knife data bag delete, knife environment delete, knife node delete, and knife role delete, but with a single verb (and a single action). syntax this argument has the following syntax:

  knife-deps.1

  The man page for the knife deps subcommand. the knife deps subcommand is used to identify dependencies for a node, role, or cookbook. syntax this argument has the following syntax:

  knife-diff.1

  The man page for the knife diff subcommand. the knife diff subcommand is used to compare the differences between files and directories on the server and in the chef-repo. for example, to compare files on the server prior to an uploading or downloading files using the knife download and knife upload subcommands, or to ensure that certain files in multiple production environments are the same. this subcommand is similar to the git diff command that can be used to diff what is in the chef-repo with what is synced to a git repository. syntax this argument has the following syntax:

  knife-download.1

  The man page for the knife download subcommand. the knife download subcommand is used to download roles, cookbooks, environments, nodes, and data bags from the server to the current working directory. it can be used to back up data on the server, inspect the state of one or more files, or to extract out-of-process changes users may have made to files on the server, such as if a user made a change that bypassed version source control. this subcommand is often used in conjunction with knife diff, which can be used to see exactly what changes will be downloaded, and then knife upload, which does the opposite of knife download. syntax this argument has the following syntax:

  knife-edit.1

  The man page for the knife edit subcommand. the knife edit subcommand is used to edit objects on the server. this subcommand works similar to knife cookbook edit, knife data bag edit, knife environment edit, knife node edit, and knife role edit, but with a single verb (and a single action). syntax this argument has the following syntax:

  knife-environment.1

  The man page for the knife environment subcommand. an environment is a way to map an organizations real-life workflow to what can be configured and managed when using server. every organization begins with a single environment called the _default environment, which cannot be modified (or deleted). additional environments can be created to reflect each organizations patterns and workflow. for example, creating production, staging, testing, and development environments. generally, an environment is also associated with one (or more) cookbook versions. the knife environment subcommand is used to manage environments within a single organization on the server.

  knife-exec.1

  The man page for the knife exec subcommand. the knife exec subcommand uses the knife configuration file to execute ruby scripts in the context of a fully configured chef-client. this subcommand is most often used to run scripts that will only access server one time (or otherwise very infrequently). use this subcommand any time that an operation does not warrant full usage of the knife subcommand library. authenticated api requests the knife exec subcommand can be used to make authenticated api requests to the server using the following methods:

  knife-index-rebuild.1

  The man page for the knife index rebuild subcommand. the knife index rebuild subcommand is used to rebuild the search indexes for the open source server. this operation is destructive and may take some time. this subcommand only works when run against the open source server version 10.x. this subcommand will not run against open source server 11, enterprise chef (including hosted enterprise chef), or private chef. syntax this argument has the following syntax:

  knife-list.1

  The man page for the knife list subcommand. the knife list subcommand is used to view a list of objects on the server. this subcommand works similar to knife cookbook list, knife data bag list, knife environment list, knife node list, and knife role list, but with a single verb (and a single action). syntax this argument has the following syntax:

  knife-node.1

  The man page for the knife node subcommand. a node is any physical, virtual, or cloud machine that is configured to be maintained by a chef-client. the knife node subcommand is used to manage the nodes that exist on a server.

  knife-raw.1

  The man page for the knife raw subcommand. the knife raw subcommand is used to send a rest request to a specified path using the chef server api. syntax this argument has the following syntax:

  knife-recipe-list.1

  The man page for the knife recipe list subcommand. the knife recipe list subcommand is used to view all of the recipes that are on a server. a regular expression can be used to limit the results to recipes that match a specific pattern. the regular expression must be within quotes and not be surrounded by forward slashes (/). syntax this argument has the following syntax:

  knife-role.1

  The man page for the knife role subcommand. a role is a way to define certain patterns and processes that exist across nodes in an organization as belonging to a single job function. each role consists of zero (or more) attributes and a run list. each node can have zero (or more) roles assigned to it. when a role is run against a node, the configuration details of that node are compared against the attributes of the role, and then the contents of that roles run list are applied to the nodes configuration details. when a chef-client runs, it merges its own attributes and run lists with those contained within each assigned role. the knife role subcommand is used to manage the roles that are associated with one or more nodes on a server.

  knife-search.1

  The man page for the knife search subcommand. search indexes allow queries to be made for any type of data that is indexed by the server, including data bags (and data bag items), environments, nodes, and roles. a defined query syntax is used to support search patterns like exact, wildcard, range, and fuzzy. a search is a full-text query that can be done from several locations, including from within a recipe, by using the search subcommand in knife, by using the search functionality in the chef manage, or by using the /search or /search/index endpoints in the chef server api. the search engine is based on apache solr and is run from the server. the knife search subcommand is used run a search query for information that is indexed on a server. syntax this argument has the following syntax:

  knife-show.1

  The man page for the knife show subcommand. the knife show subcommand is used to view the details of one (or more) objects on the server. this subcommand works similar to knife cookbook show, knife data bag show, knife environment show, knife node show, and knife role show, but with a single verb (and a single action). syntax this argument has the following syntax:

  knife-ssh.1

  The man page for the knife ssh subcommand. the knife ssh subcommand is used to invoke ssh commands (in parallel) on a subset of nodes within an organization, based on the results of a search query. syntax this argument has the following syntax:

  knife-status.1

  The man page for the knife status subcommand. the knife status subcommand is used to display a brief summary of the nodes on a server, including the time of the most recent successful chef-client run. syntax this argument has the following syntax:

  knife-tag.1

  The man page for the knife tag subcommand. a tag is a custom description that is applied to a node. a tag, once applied, can be helpful when managing nodes using knife or when building recipes by providing alternate methods of grouping similar types of information. the knife tag subcommand is used to apply tags to nodes on a server.

  knife-upload.1

  The man page for the knife upload subcommand. the knife upload subcommand is used to upload roles, cookbooks, environments, and data bags to the server from the current working directory in the chef-repo. this subcommand is often used in conjunction with knife diff, which can be used to see exactly what changes will be uploaded, and then knife download, which does the opposite of knife upload. syntax this argument has the following syntax:

  knife-user.1

  The man page for the knife user subcommand. the knife user subcommand is used to manage the list of users and their associated rsa public key-pairs. this subcommand only works when run against the open source server version 10.x. this subcommand will not run against open source server 11, enterprise chef (including hosted enterprise chef), or private chef.

  knife-xargs.1

  The man page for the knife xargs subcommand. the knife xargs subcommand is used to build and execute command lines against objects on a server using standard input. syntax this argument has the following syntax:

• 2

  Section 8: System administration commands

  chef-client.8

  The man page for the chef-client command line tool. a chef-client is an agent that runs locally on every node that is registered with the server. when a chef-client is run, it will perform all of the steps that are required to bring the node into the expected state, including: registering and authenticating the node with the server building the node object synchronizing cookbooks compiling the resource collection by loading each of the required cookbooks, including recipes, attributes, and all other dependencies taking the appropriate and required actions to configure the node looking for exceptions and notifications, handling each as required the chef-client executable can be run as a command-line tool. a client.rb file is used to specify the configuration details for the chef-client. this file is the default configuration file and is loaded every time the chef-client executable is run. the chef-client executable can be run as a daemon. on unix- and linux-based machines, the configuration file is located at: /etc/chef/client.rb. on microsoft windows machines, the configuration file is located at c:chefclient.rb.

  chef-solo.8

  The man page for the chef-solo command line tool. chef-solo is an open source version of the chef-client that allows using cookbooks with nodes without requiring access to a server. chef-solo runs locally and requires that a cookbook (and any of its dependencies) be on the same physical disk as the node. chef-solo is a limited-functionality version of the chef-client and does not support the following: node data storage search indexes centralized distribution of cookbooks a centralized api that interacts with and integrates infrastructure components authentication or authorization persistent attributes the chef-solo executable can be run as a command-line tool.