Do you think IIT Guwahati certified course can help you in your career?
Introduction
One uses the knife windows subcommand when communicating with Windows computers that Chef Infra manages. Nodes are configured via WinRM, which enables native objects like Windows PowerShell scripts, batch scripts, or scripting library variables to be called by other applications. The knife windows subcommand supports the NTLM and Kerberos authentication protocols.
But what is the chef? Let's have a basic overview of the chef.
Chef Overview
Opscode created the open-source technology known as Chef. Adam Jacob is the founder of the Chef. He is also the co-founder of Opscode. This technology creates fundamental building pieces like recipes and cookbooks using Ruby encoding. Chef is used to automating infrastructure management, which helps to cut down on manual labor and repetitive chores.
Chef is a configuration management technology that is used to automate infrastructure provisioning. It was created using the Ruby DSL language as a foundation. Configuring and managing the company's server is simplified with it. It is capable of being merged with any cloud technology.
To install and maintain servers and apps both locally and in the cloud, DevOps uses Chef.
Now we have a basic understanding of Knife windows subcommand and chef. Now let's see the different arguments and requirements of the knife windows subcommand.
Requirements
This subcommand needs WinRM installed and then properly configured, ensuring the appropriate ports are open. Use WinRM's rapid configuration feature to enable external connections and the whole network path from the blade (and the workstation). Execute these commands on the Windows target:
C:\> winrm quickconfig -q
Commands frequently take longer than the MaxTimeoutms WinRM configuration option by default. Boost this number to 1800000 (30 minutes).
Run the below command on the Windows target to update this setting:
C:\> winrm set winrm/config '@{MaxTimeoutms="1800000"}'
Ensure the Windows Firewall settings permit the WinRM connections between Chef Infra Server and the workstation. For instance:
C:\> netsh advfirewall firewall set rule name="Windows Remote Management (HTTP-In)" profile=public protocol=tcp localport=5985 remoteip=localsubnet new remoteip=any
Domain Authentication
The Windows plugin for Knife allows for Windows domain authentication. This calls for
On the target node, an SSL certificate
Viewing the certificate's information and copying its thumbprint hex values are possible.
Run the following command on the Windows target to make the listener over HTTPS:
Where the thumbprint hex value copied from the certificate details is the CertificateThumbprint. When using the knife windows plugin, it might be necessary to remove spaces before sending the hex value to the node. WinRM 2.0, by default, utilizes ports 5985 for HTTP and 5986 for HTTPS transmission.
Let’s see some of the commands for the knife windows subcommand.
Arguments
cert generate
To create certificates for WinRM SSL listeners, use the cert generate option. An associated public key file (in.pem format) is also generated by this option to verify communication between listeners that are set up to use the generated certificate.
Syntax
knife windows cert generate FILE_PATH (options)
Options
-cp PASSWORD, --cert-passphrase PASSWORD
The above password is required for the SSL certificate.
-cv MONTHS, --cert-validity MONTHS
The length of time(in months) that a certificate is valid. The default value is 24.
-h HOSTNAME, --hostname HOSTNAME
We have to provide a hostname for the listener. The default value is “ *. “
-k LENGTH, --key-length LENGTH
The length of the key. The default value is 2048.
-o PATH, --output-file PATH
The location in which the winrmcert.b64, winrmcert.pem, and winrmcert.pfx files are generated. The default location is the “current_directory/winrmcert.”
cert install.
Install a certificate into the Windows certificate store using the cert install argument so that a WinRM listener can use it as the SSL certificate. A certificate can be created using the cert generate argument.
Syntax
knife windows cert install CERT [CERT] (options)
Options
-cp PASSWORD, --cert-passphrase PASSWORD
The SSL certificate's password.
listener create
Create a WinRM listener on the Windows platform using the listener create parameter.
Syntax
knife windows listener create (options)
Options
-c CERT_PATH, --cert-install CERT_PATH
Before creating the listener, add the desired certificate to the store.
-cp PASSWORD, --cert-passphrase PASSWORD
The SSL certificate's password.
-h HOST_NAME, --hostname HOST_NAME
We have to provide a hostname for the listener. The default value is “ *. “
-p PORT, --port PORT
The WinRM port. The default value is 5986.
-t THUMBPRINT, --cert-thumbprint THUMBPRINT
The SSL certificate's fingerprint. When the —cert-install option is not included in a command, it is necessary.
winrm
To connect with one or more remote machines, use the winrm parameter. A password is required to be entered when each connection is created. The syntax for this argument is the same as for the search subcommand.
A destination node must be reachable via the ports that support HTTP or HTTPS for WinRM to function.
Syntax
knife winrm SEARCH_QUERY SSH_COMMAND (options)
Options
-a ATTR, --attribute ATTR
The property that is used to establish a connection. The host's FQDN serves as the default property. An alternative option can be a hostname or a private or public IP address.
-C NUM, --concurrency NUM
Knife-windows 1.9.0 changed this. The number of concurrent connections permitted. The default is set to 1.
-f CA_TRUST_FILE, --ca-trust-file CA_TRUST_FILE
Optional. The certificate authority (CA) used the trust file for SSL transport.
-p PORT, --winrm-port PORT
WinRM's port. The remote system's TCP port is communicated to by the knife windows instructions issued using WinRM. In the absence of an SSL setting for —winrm-transport, the default value is 5985.
Optional. The administrative group, a user, is a part of.
--returns CODES
A set of return codes separated by commas that show whether a remote command was successful or unsuccessful. A set of return codes separated by commas that show whether a remote command was successful or unsuccessful.
Optional. the Kerberos-based authentication service principle.
SEARCH_QUERY
The search query returns a list of servers that may be reached using SSH and the supplied SSH COMMAND. The syntax for this choice is the same as that of the search subcommand.
SSH_COMMAND
The command that will be executed against a search query's results.
--session-timeout MINUTES
The maximum duration of a WinRM session is expressed in minutes.
--ssl-peer-fingerprint FINGERPRINT
Standard cert chain checks can be avoided with SSL Cert Fingerprint.
-t TRANSPORT, --winrm-transport TRANSPORT
The transport type for WinRM. Plaintext or SSL are possible values.
-T, --keytab-file KEYTAB_FILE
The Kerberos-based authentication keytab file holds the encryption key.
--winrm-authentication-protocol PROTOCOL
The authentication protocol is to be applied when communicating with WinRM. Values like basic, kerberos, or negotiate are possible. The Default value is negotiate.
--winrm-codepage Codepage
The WinRM Command Shell's codepage to utilize.
--winrm-shell SHELL
The shell of the WinRM type. Elevated, PowerShell or cmd are all acceptable options. Default setting: cmd. Like the PowerShell option, the high shell executes the PowerShell command from a scheduled task.
--winrm-ssl-verify-mode MODE
During WinRM communication, the peer verification mode is utilized. Verify peer and verify none are both possible values—default value: verify_peer.
The knife windows subcommand sets up and communicates with nodes on Windows-based servers and desktop computers.
What are the Chef's clients and servers?
The hub of the workstation and the nodes is the Chef Server. Here, all of the metadata, cookbooks, and recipes are kept.
What is the Chef automation tool?
A chef is an automation tool. It provides a way to define infrastructure as code. It means managing infrastructure by writing code. It is also called a programmable infrastructure.
What is the difference between a chef and Ansible?
A chef is a for-profit tool, whereas Ansible is an open-source IT automation solution. Ansible is used for application deployment automation, configuration management, and short procedures like updating the RHEL or Linux operating systems.
What is the Knife?
The command-line tool for communicating with the Chef server is called Knife. It is used for managing other Chef features as well as uploading cookbooks. It connects the local machine's chefDK (Repo) and the Chef server.
Conclusion
In this article, we had an overview of the Knife windows subcommand. We have discussed the various subcommands of knife windows.
34+ registered 
