Set up Knife
knife is a command-line tool that provides an interface between a local chef-repo and Chef Infra Server. The knife command line tool must be configured to communicate with Chef Infra Server as well as any other infrastructure within your organization.
To configure knife to communicate with Chef Infra Server for the first time run knife configure to create a Chef Infra credentials file at ~/.chef/credentials.
config.rb
Previous Chef Infra setups recommended setting up knife with a config.rb file. Configuring knife with config.rb is still valid, but only for working with a single Chef Infra Server with a single Chef Infra Server organization.
mkdir ~/.chef
touch ~/.chef/config.rb
New-Item -Path "c:\" -Name ".chef" -ItemType "directory"
New-Item -ItemType "file" -Path "c:\.chef\config.rb"
The config.rb configuration can include arbitrary Ruby code to extend
configuration beyond static values. This can be used to load
environmental variables from the workstation. This makes it possible to
write a single config.rb file that can be used by all users within your
organization. This single file can also be checked into your chef-repo,
allowing users to load different config.rb files based on which
chef-repo they execute the commands from. This can be especially useful
when each chef-repo points to a different Chef Infra Server or organization.
Example config.rb:
current_dir = File.dirname(__FILE__)
user = ENV['CHEF_USER'] || ENV['USER']
node_name user
client_key "#{ENV['HOME']}/chef-repo/.chef/#{user}.pem"
chef_server_url "https://api.opscode.com/organizations/#{ENV['ORGNAME']}"
syntax_check_cache_path "#{ENV['HOME']}/chef-repo/.chef/syntax_check_cache"
cookbook_path ["#{current_dir}/../cookbooks"]
cookbook_copyright "Your Company, Inc."
cookbook_license "Apache-2.0"
cookbook_email "cookbooks@yourcompany.com"
# Amazon AWS
knife[:aws_access_key_id] = ENV['AWS_ACCESS_KEY_ID']
knife[:aws_secret_access_key] = ENV['AWS_SECRET_ACCESS_KEY']
Knife profiles
Knife profiles make switching knife between Chef Infra Servers or between organizations on the same Chef Infra Server easier. Knife profiles are an alternative to config.rb–you can’t use both.
Set up knife profiles by adding them to the .chef/credentials file in your home directory on your workstation. The credentials file is TOML formatted. Each profile is listed as a separate ’table’ name of your choice, and is followed by key = value pairs. The keys correspond to any setting permitted in the config.rb file.
File paths, such as client_key or validator_key, are relative to ~/.chef unless you provide absolute path. Identify clients with client_name (preferred) or node_name.
Store credentials for use with target mode (chef-client --target switch.example.org) as a separate profile in the credentials file. Use the DNS name of the target as the profile name and surrounded by single
quotes when the name contains a period. For example:
['switch.example.org']. Keys that are valid configuration options get passed to train, such as port.
# Example .chef/credentials file
[default]
client_name = "barney"
client_key = "barney_rubble.pem"
chef_server_url = "https://api.chef.io/organizations/bedrock"
# a 'config context' such as knife can be is configured as a separate table
[default.knife]
ssh_user = 'ubuntu' # this would have been knife[:ssh_user] in your config.rb
aws_profile = 'engineering'
use_sudo = true
# a client_key may also be specified inline as in this example
[dev]
client_name = "admin"
client_key = """
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCqGKukO1De7zhZj6EXAMPLEKEY
...ABC123=
-----END RSA PRIVATE KEY-----
"""
validator_key = "test-validator.pem"
chef_server_url = "https://api.chef-server.dev/organizations/test"
['web.preprod']
client_name = "brubble"
client_key = "preprod-brubble.pem"
chef_server_url = "https://preprod.chef-server.dev/organizations/preprod"
['switch.example.org']
user = "cisco"
password = "cisco"
enable_password = "cisco"
There are four ways to select which profile to use and are listed in priority order:
- Pass the
--profileoption to knife, e.g.knife node list --profile dev. - Set the profile name in the
CHEF_PROFILEenvironment variable. - Write the profile name to the
~/.chef/contextfile. - Otherwise, knife uses the ‘default’ profile.
Knife config
Use the knife config command to manage your knife profiles.
List your profiles with the knife config list-profiles command.
For example:
knife config list-profiles
Returns something like:
## Profile Client Key Server
default barney ~/.chef/barney_rubble.pem https://api.chef.io/organizations/bedrock
dev admin ~/.chef/admin.pem https://api.chef-server.dev/organizations/test
web.preprod brubble ~/.chef/preprod-brubble.pem https://preprod.chef-server.dev/organizations/preprod
switch.example.org btm ~/.chef/btm.pem https://localhost:443
The line that begins with the asterisk is the currently selected profile. To change the current profile, run the knife config use-profile NAME command, which will write the profile name to the ~/.chef/context file.
Running knife config get-profile prints out the name of the currently selected profile.
If you need to troubleshoot any settings, you can verify the value that knife is using with the knife config get KEY command, for example:
knife config get chef_server_url
Loading from credentials file /home/barney/.chef/credentials
chef_server_url: https://api.chef-server.dev/organizations/test
config.rb configuration file
The config.rb file contains settings for the knife command-line tool and any
installed knife plugins.
See the config.rb documentation for a complete list of configuration options.
Load path priority
The config.rb file loads every time the knife command is invoked using the following load order:
- From a specified location given the
--configflag - From a specified location given the
$KNIFE_HOMEenvironment variable, if set - From a
config.rbfile within the current working directory, for example,./config.rb - From a
config.rbfile within a.chefdirectory in the current working directory, for example,./.chef/config.rb - From a
config.rbfile within a.chefdirectory located one directory above the current working directory, for example,../.chef/config.rb - From
~/.chef/config.rb(macOS and Linux platforms) orc:\Users\<username>\.chef(Windows platform)
Note
config.rb file is located at: %HOMEDRIVE%:%HOMEPATH%\.chef (e.g. c:\Users\<username>\.chef).
In a script for Windows, use: %USERPROFILE%\chef-repo\.chef.config.rb configuration within a Chef repository
Use knife configure command to generate your initial config.rb file in your home directory.
See knife configure for details.
Set a text editor
Some knife commands (such as knife data bag edit) open information as JSON data in a text editor for editing. Configure the editor using either the EDITOR environment variable or an entry in your config.rb file. For example, to use vim:
knife[:editor] = "/usr/bin/vim"
Windows paths
Because config.rb is a Ruby file, Windows file paths inside double-quoted strings require special handling:
- Backslashes must be escaped: the backslash (
\) is both the Windows path separator and the Ruby escape character, so each backslash must be doubled (\\). - Spaces must use 8.3 short names: replace spaces in directory names with the 8.3 short name equivalent (for example,
Program FilesbecomesProgra~1) so that no path segment exceeds 8 characters.
For example, if EditPad Pro is installed at:
C:\Program Files (x86)\EditPad Pro\EditPad.exe
The config.rb entry would be:
knife[:editor] = "C:\\Progra~1\\EditPa~1\\EditPad.exe"
To avoid escaping backslashes, wrap the double-quoted Windows path in single quotes:
Notepad++:
knife[:editor] = '"C:\Program Files (x86)\Notepad++\notepad++.exe" -nosession -multiInst'
Sublime Text:
knife[:editor] = '"C:\Program Files\Sublime Text 2\sublime_text.exe" --wait'
TextPad:
knife[:editor] = '"C:\Program Files (x86)\TextPad 7\TextPad.exe"'
vim:
knife[:editor] = '"C:\Program Files (x86)\vim\vim74\gvim.exe"'
Note
" ") or single quotes (' ') consistently, as shown in the examples above.