Do you think IIT Guwahati certified course can help you in your career?
Introduction
In this article, we are going to discuss the knife Bootstrap command. We will discuss the overview of knife bootstrap, its syntax, different options in knife bootstrap, etc. Are you ready?
So let us learn the overview of Knife Bootstrap.
Overview of Knife Bootstrap
A node is any virtual, physical, or cloud device that is maintained and configured by the instance of Chef Infra Client. Bootstrapping can install the Chef Infra Client on the target system so that it can be run as a client and set up the node to communicate with the Chef Infra Server.
There are two methods by which we can make this happen:
The first method is you need to run the knife bootstrap command from the workstation.
The second way is to perform the unattended install to bootstrap from a node without using WinRM or SSH connectivity.
You can use the “knife bootstrap” command to run a bootstrap operation that will install the Chef Infra Client on the targeted system. This bootstrap operation needs to specify the FQDN or IP address of the targeted system.
Considerations:
A knife can copy the contents of the ~/.chef/client.d directory on the local workstation to the client.d directory on your device being bootstrapped with the help of the knife bootstrap command. client_d_dir option can be set in the config.rb file to point to other directories instead of ~/.chef/client.d, and the contents of that directory can be copied to the particular device being bootstrapped. All the config files inside the client.d directory can get copied into the /etc/chef/client.d directory on the system is bootstrapped.
SSL certificate from the on-premises Chef Infra Server will be copied to the /trusted_certs_dir directory on the local workstation by running knife ssl fetch. These certificates can be used during knife operations so that they can communicate with the Chef Infra Server.
Knife bootstrap will try to use ssh to connect to the targeted node by default. You can use the -o to specify another protocol, such as it can be winrm for windows nodes.
Syntax
This command has the below syntax:
knife bootstrap FQDN_or_IP_ADDRESS (options)
Options in Knife Bootstrap
There are different options available in the Knife Bootstrap. Below you can check out the options:
General Connection Options
-U USERNAME, --connection-user USERNAME
You can authenticate to the targeted host with the help of this user account.
-P PASSWORD, --connection-password PASSWORD
You can authenticate to the targeted host with the help of this password.
-p PORT, --connection-port PORT
This is the port on the targeted node to connect.
-o PROTOCOL, --connection-protocol PROTOCOL
This is the protocol that is used to connect to the targeted node. Options are winrm or ssh. ssh is the default.
-W SECONDS, --max-wait SECONDS
This is the maximum time to wait for the first connection to establish.
--session-timeout SECONDS
The number of seconds to wait for each connection operation to be acknowledged while running bootstrap.
WinRM Connection Options
--winrm-ssl-peer-fingerprint FINGERPRINT
SSL certificate fingerprint that is expected from the target.
-f CA_TRUST_PATH, --ca-trust-file CA_TRUST_PATH
This is the Certificate Authority trust file that can be used for SSL transport.
--winrm-no-verify-cert
Do not verify the SSL certificate of the target node for WinRM.
--winrm-ssl
Use SSL in a WinRM connection.
-w AUTH-METHOD, --winrm-auth-method AUTH-METHOD
The WinRM authentication method is to be used.
--winrm-basic-auth-only
When using the ‘ssl’ auth method, this is for WinRM basic authentication.
The SSH identity file is used for authentication. Key-based authentication is always recommended.
ssh_verify_host_key, --ssh-verify-host-key VALUE
It verifies the host key. The default is ‘always’.
Chef Installation Options
--bootstrap-version VERSION
This provides the version of Chef Infra Client that is to be installed.
--bootstrap-install-command COMMAND
It executes a custom installation command sequence for the Chef Infra Client. This option can not be used in the same command with --bootstrap-wget-options or --bootstrap-curl-options.
--bootstrap-curl-options OPTIONS
When using cURL, arbitrary options are to be added to the bootstrap command. This option can not be used in the same command with the --bootstrap-install-command.
--bootstrap-wget-options OPTIONS
When using GNU Wget, arbitrary options are to be added to the bootstrap command. This option can not be used in the same command with the --bootstrap-install-command.
--bootstrap-preinstall-command COMMANDS
Custom commands that are to be run before installation of the Chef Infra Client
--bootstrap-url URL
This is the URL to a custom installation script.
-m URL, --msi-url URL
It is the location of the Chef Infra Client MSI. The default template will prefer to get downloaded from this location. The MSI can be downloaded from the chef.io if it is not provided.
--sudo
It executes a bootstrap operation with the sudo.
--sudo-preserve-home
It is used to preserve the non-root user’s HOME environment.
--use-sudo-password
It performs a bootstrap operation with the sudo and it specifies the password with the -P or the --ssh-password option.
Proxy Options
--bootstrap-no-proxy NO_PROXY_URL_or_IP
An IP address or a URL that specifies the location that should not be proxied during the bootstrap.
--bootstrap-proxy PROXY_URL
A proxy server for the node that is the target of the bootstrap operation.
--bootstrap-proxy-pass PROXY_PASS
A proxy authentication password for the node that is going to be bootstrapped.
--bootstrap-proxy-user PROXY_USER
A proxy authentication username for the node that is going to be bootstrapped.
Node Options
-N NAME, --node-name NAME
This is the unique identifier of a node.
-E ENVIRONMENT, --environment ENVIRONMENT
This is the name of the environment that is going to be applied.
-r RUN_LIST, --run-list RUN_LIST
A list that is comma-separated for the recipes or roles to be applied.
--secret SECRET
An encryption key is used for values contained by a data bag item.
--secret-file FILE
A path to the file that includes the encryption key.
chef-vault Options
--bootstrap-vault-file VAULT_FILE
A path to the JSON file that contains a list of the items and vaults to be updated.
--bootstrap-vault-item VAULT_ITEM
A single item and vault to update as vault:item.
--bootstrap-vault-json VAULT_JSON
A JSON string that includes a list of items and vaults to be updated.
Key Verification Options
--[no-]host-key-verify
You can use --no-host-key-verify to disable the verification of the host key. The default setting is --host-key-verify.
--[no-]node-verify-api-cert
It verifies the SSL certificate on the Chef Infra Server.
--node-ssl-verify-mode MODE
It sets the verification mode for HTTPS requests. The Options are peer or none.
You can use none to perform no validation of SSL certificates.
Debug Options
-V -V
It runs the first Chef-Infra Client run at the debug log level.
-V -V -V
It runs the first Chef-Infra Client run at the trace log level.
FIPS Mode
FIPS(Federal Information Processing Standards) is a computer security standard by the United States government that specifies security requirements for cryptography.
FIPS 140-2 is the currently available version of the standard. Chef Infra Client is configured to allow OpenSSL to force FIPS validated security during the Chef Infra Client run. This can disable the cryptography that is disallowed in the FIPS validated software, including certain hashing and cipher algorithms. Any kind of attempt to use any disallowed cryptography can cause the Chef Infra Client to throw an exception during the Chef Infra Client run.
A knife is a command-line tool that interfaces between a chef Infra Server and local chef-repo.
What is knife bootstrap?
The knife bootstrap is a subcommand that is used to run a bootstrap operation that will install a chef-client on the targeted system.
What is bootstrapping a node?
A bootstrapping node which is also known as the rendezvous host is a type of node in an overlay network that provides the initial configurational information to the newly joining nodes so that they can successfully join the overlay network.
What is a chef workstation?
Chef Workstation is a modern developer tool kit by Chef that includes InSpec, Chef Infra, and a Habitat plus a host of resources, testing tools, and helpers that make an automated infrastructure, security testing, and application easy.
What is Chef infra server?
Chef Infra Server is a hub for configuration data; storing cookbooks, node policies, and metadata of managed nodes.
In this article, we discussed the overview of Knife Bootstrap. We started by introducing knife Bootstrap and discussed different concepts such syntax of knife Bootstrap, different options in knife Bootstrap, etc. To learn more about Knife, check out our articles on
34+ registered 
