1. knife-client(1)
  2. Chef Manual
  3. knife-client(1)

NAME

knife-client - Manage Chef API Clients

SYNOPSIS

knife client sub-command (options)

SUB-COMMANDS

Client subcommands follow a basic create, read, update, delete (CRUD) pattern. The Following subcommands are available:

BULK DELETE

knife client bulk delete regex (options)

Delete clients where the client name matches the regular expression regex on the Chef Server. The regular expression should be given as a quoted string, and not surrounded by forward slashes.

CREATE

knife client create client name (options)

-a, --admin
Create the client as an admin
-f, --file FILE
Write the key to a file

Create a new client. This generates an RSA keypair. The private key will be displayed on STDOUT or written to the named file. The public half will be stored on the Server. For chef-client systems, the private key should be copied to the system as /etc/chef/client.pem.

Admin clients should be created for users that will use knife to access the API as an administrator. The private key will generally be copied to ~/.chef/client\_name.pem and referenced in the knife.rb configuration file.

DELETE

knife client delete client name (options)

Deletes a registered client.

EDIT

client edit client name (options)

Edit a registered client.

LIST

client list (options)

-w, --with-uri
Show corresponding URIs

List all registered clients.

REREGISTER

client reregister client name (options)

-f, --file FILE
Write the key to a file

Regenerate the RSA keypair for a client. The public half will be stored on the server and the private key displayed on STDOUT or written to the named file. This operation will invalidate the previous keypair used by the client, preventing it from authenticating with the Chef Server. Use care when reregistering the validator client.

SHOW

client show client name (options)

-a, --attribute ATTR
Show only one attribute

Show a client. Output format is determined by the --format option.

DESCRIPTION

Clients are identities used for communication with the Chef Server API, roughly equivalent to user accounts on the Chef Server, except that clients only communicate with the Chef Server API and are authenticated via request signatures.

In the typical case, there will be one client object on the server for each node, and the corresponding client and node will have identical names.

In the Chef authorization model, there is one special client, the "validator", which is authorized to create new non-administrative clients but has minimal privileges otherwise. This identity is used as a sort of "guest account" to create a client identity when initially setting up a host for management with Chef.

SEE ALSO

knife-node(1)

AUTHOR

Chef was written by Adam Jacob adam@opscode.com with many contributions from the community.

DOCUMENTATION

This manual page was written by Joshua Timberman joshua@opscode.com. Permission is granted to copy, distribute and / or modify this document under the terms of the Apache 2.0 License.

CHEF

Knife is distributed with Chef. http://wiki.opscode.com/display/chef/Home

  1. Chef 11.10.0.rc.0
  2. January 2014
  3. knife-client(1)