Introduction
Hello Ninjas! Have you heard about the chef?
It is an open-source systems management and cloud infrastructure automation platform. Interesting right!!
And when we talk about a knife, it is a command line. In this article, we will look into the basic concept of a knife. Staring with a knife and its application.
Knife
The knife is a command-line utility that acts as a bridge between a local chef repository and the Chef Infra Server.
Knife helps in searching for indexed data on the Chef Infra Server, Resources within various cloud environments, Roles, Environments, Data Bags, etc.
It also helps in processing of installing the Chef Infra Client on nodes, various cloud environments' resources, nodes, recipes, and cookbooks.
Knife Common Options
Knife common options are a part of the basic concepts of Knife. Below are some options to run sub-commands:
- -c CONFIG_FILE, --config CONFIG_FILE
It refers to the configuration file. This option enables the knife to use the same credentials that the Chef Infra Client uses to connect to the Chef Infra Server. For example, a knife is run from a node configured and managed by the Chef Infra Server.
- -h, --help
This option shows the help for commands.
- -k KEY, --key KEY
It refers to the USER.pem file, which the knife uses to sign requests sent to the Chef Infrastructure Server made by the API client.
- --chef-zero-host HOST
Chef Infra Zero will be started by this host option. Chef Infra Zero refers to an in-memory Chef Infra Server.
- --chef-zero-port PORT
It refers to the port (or set of ports) that will start chef-zero. Port ranges of 1000, 1010, or 8889–9999 will test each port until one is working.
- -d, --disable-editing
This option prevents the opening of the $EDITOR and accepts the data as is.
- --defaults
This option uses the default value rather than requesting value from the user.
- -e EDITOR, --editor EDITOR
It refers to the $EDITOR, which is used for all interactive commands.
- -E ENVIRONMENT, --environment ENVIRONMENT
It refers to the name of the environment. A command will only execute against the named environment if this option is added. When using the knife search subcommand, this option is not considered during searching.
- -F FORMAT, --format FORMAT
The output formats are text, JSON, YAML, pp, and summary (the default).
- --[no-]color
Helps to view the colored output.
- -V, --verbose
This option sets the outputs to be more detailed. For significantly more verbose results, use -VV. For the most verbosity, use -VVV, which could give more information.
- -y, --yes
This option says "Yes" in response to each confirmation request.
- -z, --local-mode
This option runs the local mode of the Chef Infra Client. All commands can now also work against the local chef-repo, which is also used to work against the Chef Infra Server.
- --[no-]fips
The option enables OpenSSL the use FIPS-validated security during C Infra Client execution.
- --print-after
It refers to displaying the data after a damaging operation.
- -s URL, --server-url URL
It refers to the Chef Infra Server's URL.
- -u USER, --user USER
It refers to the username used by the knife to sign requests sent to the Chef Infra Server by the API client. Authentication is unsuccessful if the user name and the private key do not match.
- -v, --version
It refers to the version of Chef Infra Client.
Config.rb in Knife
Config.rb file replaces the deprecated knife.rb file. The knife.rb file's settings and functionality are also present in the config.rb file. First, Chef Infra Client checks to see if the config.rb file is there; if it is not, it then looks for the knife.rb file. The configuration information for the knife is specified in the config.rb file.
-
Every time the knife program has started a config.rb file is loaded; it is not created by default.
-
The default location of a config.rb file is either c:\Users\username\.chef\config.rb (for Windows platform) or ~/.chef/config.rb (for Mac and Linux platforms). If you want to modify this location, use the --config option in the command line.
- When a config.rb file is present in the default directory or the path provided by the --config option; it will override the default configuration.
Settings
- bootstrap_template
It refers to the location of the template file that will be used during bootstrap.
- chef_server_url
It refers to the Chef Infra Server's URL.
For example: chef_server_url 'https://localhost/organizations/ORGANIZATION_NAME'.
- chef_zero.enabled
It enables chef-zero. To enable this setting, local_mode must be set to true. False by default.
For example: chef_zero.enabled true.
- chef_zero[:port]
It refers to the port that chef-zero is supposed to listen on. The default value is 8889.
For example- chef_zero[:port] 8889.
- client_d_dir
It refers to the extra configuration scripts to load for the Chef Infra Client in this directory.
- client_key
It refers to the location of the file containing the client key. Default value: /etc/chef/client.pem.
For example - client_key '/etc/chef/client.pem'.
- cookbook_copyright
It refers to the name of the holder of the copyright. This option adds a copyright notice with the copyright holder's name to each pre-created file. A copyright name(which can be later changed) of "ORGANIZATION_NAME" is used instead if this option is not specified.
- cookbook_email
It refers to the email address of someone who maintains the cookbook. This option places an email address in all of the pre-created files.
- cookbook_license
It refers to the kind of license which is used to distribute a cookbook: apachev2, mit, gplv2, gplv3, or none (default).
- cookbook_path
It refers to the Chef Infra Client sub-directory for storing cookbooks.
- data_bag_encrypt_version
It refers to the least required version of the data bag encryption.
- fips
During a Chef Infra Client run, it enables OpenSSL to enforce FIPS-validated security. To allow FIPS-validated security, set the value to true.
There is support for the following operating systems:
Oracle Enterprise Linux
Red Hat Enterprise Linux
Ubuntu (with Ubuntu Advantage subscription)
CentOS
Windows
- local_mode
This setting runs the local mode of the Chef Infra Client.
- node_name
It refers to the node's name. This can be either the name of the machine where the knife is run or a username with authorization to log in to the Chef Infra Server.
For example: node_name 'the_user_name' or node_name 'the_machine_name'.
- no_proxy
It refers to a list of URLs without a proxy, separated by commas. Default value: Nil.
For example: no_proxy 'localhost, 10.0.0.1, *.demo.com, *.dev.demo.com'.
- ssh_timeout
This setting specifies the number of seconds that must pass before an SSH connection times out.
- ssl_verify_mode
It sets the HTTPS request's verify mode.
- tmux_split
To split the Tmux window. The default value is false.
- validation_client_name
This setting refers to the name of the chef-validator key used by the Chef Infra Client to access the Chef Infra Server during the initial Chef Infra Client run.
- validation_key
It refers to the location of the file containing the key used when a Chef Infra Client is registered with a Chef Infra Server. The validation_client_name is used for authentication when signing a validation key. The default value is: /etc/chef/validation.pem
For example: validation_key '/etc/chef/validation.pem'.
- verify_api_cert
It verifies the SSL certificate on the Chef Infra Server.
- versioned_cookbooks
This setting refers to adding cookbook versions to cookbooks. Cookbook versions can be hidden by setting cookbooks/apache to false.
Set the setting to true to show cookbook versions: cookbooks/apache-1.0.0 and/or cookbooks/apache-1.0.1.
- config_log_level
It sets the default value of log_level in the client.rb file of the node which is being bootstrapped. :debug, :error, :info, :warn, and :fatal are all possible values.
For example: config_log_level :info.
- config_log_location
It sets the default value of log_location in the client.rb file of the node which is being bootstrapped. Examples of possible values include /path/to/log_location, , STDERR, STDOUT, :win_evt, and :syslog.
For example: config_log_location "/path/to/the_log_location" # Path should exist.Proxy Settings
The proxy that the Chef Infra Server uses requests authentication. For this reason, add the following three parameters to the configuration file. Depending on the protocol(HTTP or HTTPS) to access the Chef Infra Server, specific settings need to be added.
Add the following parameters if the Chef Infra Server is configured to use HTTP:
- http_proxy
This proxy setting refers to the proxy server for HTTPS connections. Nil is the default value.
For example: http_proxy 'http://theproxy.ex.com:8888'.
- http_proxy_user
This is the user name used when the proxy server uses an HTTPS. Nil is the default value.
- http_proxy_pass
This is the password for the proxy server when the proxy server uses an HTTPS connection. Default value: nil.
HTTPS Proxy Settings
- https_proxy
This proxy setting refers to the proxy server for HTTPS connections. Nil is the default value.
Note- The hosted Chef Infra Server uses an HTTPS connection.
- http_proxy_user
This is the user name used when the proxy server uses an HTTPS. Nil is the default value.
- http_proxy_pass
This is the password for the proxy server when the proxy server uses an HTTPS connection. Default value: nil.
Settings for No-proxy URLs
- no_proxy
It refers to a list of URLs without a proxy, separated by commas. Nil is the default value.
.d Directories
The Chef Infra Client supports reading multiple configuration files by placing them into a .d configuration directory. One example is:/etc/chef/client.d. The .d directory loads only file with the .rb extension, while all other files are ignored.
Any location where the client.rb, config.rb, or solo.rb files are present and may also contain.d directories, for example:
/etc/chef/client.d
/etc/chef/config.d
~/chef/solo.d
For example, the following configuration files would be loaded while using knife:
~/.chef/config.rb
~/.chef/config.d/company_settings.rb
~/.chef/config.d/old_settings.rb.bak
~/.chef/config.d/ec2_configuration.rbFrequently Used Optional Settings
Some optional config.rb settings are frequently used, like the template file used during a bootstrap operation. Even though the following settings are commonly added to config.rb file, they might not be the best settings to include for every organization because the frequency of use of each option differs from one organization to organization:
- knife[:bootstrap_proxy]
The proxy server for the node is the target of the bootstrap operation.
- knife[:bootstrap_template]
It refers to the location of the template file that will be used during the bootstrap operation.
- knife[:bootstrap_version]
It refers to the Chef Infra Client version to install.
- knife[:editor]
It refers to the $EDITOR, which is used for all interactive commands.
- knife[:ssh_gateway]
It describes the SSH gateway or tunnel that will start a bootstrap action on a machine that is inaccessible from the workstation. Adding this setting can be helpful when a user cannot connect directly via SSH to a host.
- knife[:ssh_port]
It refers to the SSH port.
Additional SSH Settings
The additional SSH-related parameters listed below can sometimes be useful when added to the config.rb file:
- knife[:forward_agent]
It helps to enable SSH agent forwarding.
- knife[:ssh_attribute]
This is the attribute used to open an SSH connection.
- knife[:ssh_password]
It refers to the SSH password and can be used directly to pass the password on the command line. If the password is needed and this option is not selected, a knife will ask the user for it.
- knife[:ssh_user]
It refers to the SSH user name.
Data Bag Settings
Instead of having a different secret and secret file for each data bag, some organizations use the same secret and secret file for all data bags. Add the following to config.rb to use the same secret and secret file for all data bags:
- knife[:secret]
It refers to the encryption key used for the values in a data bag item.
- knife[:secret_file]
It refers to the file's location where the encryption key is located.
We hope you have learned everything about the basic concepts of Knife.
34+ registered 
