<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>knife ssh — chef-client Man Pages</title> <link rel="stylesheet" href="_static/guide.css" type="text/css" /> <link rel="stylesheet" href="_static/pygments.css" type="text/css" /> <script type="text/javascript"> var DOCUMENTATION_OPTIONS = { URL_ROOT: './', VERSION: '', COLLAPSE_INDEX: false, FILE_SUFFIX: '.html', HAS_SOURCE: true }; </script> <script type="text/javascript" src="_static/jquery.js"></script> <script type="text/javascript" src="_static/underscore.js"></script> <script type="text/javascript" src="_static/doctools.js"></script> <link rel="shortcut icon" href="_static/chef.ico"/> </head> <body> <div style="background-color: #212c35; text-align: left; padding: 0px 0px 0px 0px"> <a href="http://docs.opscode.com/"><img src="_static/chef_html_logo.png" border="0" alt="Chef"/></a> </div> <div class="document"> <div class="documentwrapper"> <div class="body"> <div class="section" id="knife-ssh"> <h1>knife ssh<a class="headerlink" href="#knife-ssh" title="Permalink to this headline">¶</a></h1> <p>The <strong>knife ssh</strong> subcommand is used to invoke SSH commands (in parallel) on a subset of nodes within an organization, based on the results of a search query.</p> <div class="section" id="syntax"> <h2>Syntax<a class="headerlink" href="#syntax" title="Permalink to this headline">¶</a></h2> <p>This subcommand has the following syntax:</p> <div class="highlight-bash"><div class="highlight"><pre><span class="nv">$ </span>knife ssh SEARCH_QUERY SSH_COMMAND <span class="o">(</span>options<span class="o">)</span> </pre></div> </div> </div> <div class="section" id="options"> <h2>Options<a class="headerlink" href="#options" title="Permalink to this headline">¶</a></h2> <div class="admonition note"> <p class="first admonition-title">Note</p> <p class="last">Review the list of <a class="reference internal" href="knife_common_options.html"><em>common options</em></a> available to this (and all) Knife subcommands and plugins.</p> </div> <p>This subcommand has the following options:</p> <dl class="docutils"> <dt><tt class="docutils literal"><span class="pre">-a</span> <span class="pre">SSH_ATTR</span></tt>, <tt class="docutils literal"><span class="pre">--attribute</span> <span class="pre">SSH_ATTR</span></tt></dt> <dd>The attribute that is used when opening the SSH connection. The default attribute is the FQDN of the host. Other possible values include a public IP address, a private IP address, or a hostname.</dd> <dt><tt class="docutils literal"><span class="pre">-A</span></tt>, <tt class="docutils literal"><span class="pre">--forward-agent</span></tt></dt> <dd>Indicates that SSH agent forwarding is enabled.</dd> <dt><tt class="docutils literal"><span class="pre">-C</span> <span class="pre">NUM</span></tt>, <tt class="docutils literal"><span class="pre">--concurrency</span> <span class="pre">NUM</span></tt></dt> <dd>The number of allowed concurrent connections.</dd> <dt><tt class="docutils literal"><span class="pre">-G</span> <span class="pre">GATEWAY</span></tt>, <tt class="docutils literal"><span class="pre">--ssh-gateway</span> <span class="pre">GATEWAY</span></tt></dt> <dd>The SSH tunnel or gateway that is used to run a bootstrap action on a machine that is not accessible from the workstation.</dd> <dt><tt class="docutils literal"><span class="pre">-i</span> <span class="pre">IDENTITY_FILE</span></tt>, <tt class="docutils literal"><span class="pre">--identity-file</span> <span class="pre">IDENTIFY_FILE</span></tt></dt> <dd>The SSH identity file used for authentication. Key-based authentication is recommended.</dd> <dt><tt class="docutils literal"><span class="pre">-m</span></tt>, <tt class="docutils literal"><span class="pre">--manual-list</span></tt></dt> <dd>Indicates that a search query is a space-separated list of servers. If there is more than one item in the list, put quotes around the entire list. For example: <tt class="docutils literal"><span class="pre">--manual-list</span> <span class="pre">"server01</span> <span class="pre">server</span> <span class="pre">02</span> <span class="pre">server</span> <span class="pre">03"</span></tt></dd> <dt><tt class="docutils literal"><span class="pre">--[no-]host-key-verify</span></tt></dt> <dd>Use <tt class="docutils literal"><span class="pre">--no-host-key-verify</span></tt> to disable host key verification. Default setting: <tt class="docutils literal"><span class="pre">--host-key-verify</span></tt>.</dd> <dt><tt class="docutils literal"><span class="pre">OTHER</span></tt></dt> <dd>The shell type. Possible values: <tt class="docutils literal"><span class="pre">interactive</span></tt>, <tt class="docutils literal"><span class="pre">screen</span></tt>, <tt class="docutils literal"><span class="pre">tmux</span></tt>, <tt class="docutils literal"><span class="pre">macterm</span></tt>, or <tt class="docutils literal"><span class="pre">cssh</span></tt>. (<tt class="docutils literal"><span class="pre">csshx</span></tt> is deprecated in favor of <tt class="docutils literal"><span class="pre">cssh</span></tt>.)</dd> <dt><tt class="docutils literal"><span class="pre">-p</span> <span class="pre">PORT</span></tt>, <tt class="docutils literal"><span class="pre">--ssh-port</span> <span class="pre">PORT</span></tt></dt> <dd>The SSH port.</dd> <dt><tt class="docutils literal"><span class="pre">-P</span> <span class="pre">PASSWORD</span></tt>, <tt class="docutils literal"><span class="pre">--ssh-password</span> <span class="pre">PASSWORD</span></tt></dt> <dd>The SSH password. This can be used to pass the password directly on the command line. If this option is not specified (and a password is required) Knife will prompt for the password.</dd> <dt><tt class="docutils literal"><span class="pre">SEARCH_QUERY</span></tt></dt> <dd>The search query used to return a list of servers to be accessed using SSH and the specified <tt class="docutils literal"><span class="pre">SSH_COMMAND</span></tt>. This option uses the same syntax as the search sub-command.</dd> <dt><tt class="docutils literal"><span class="pre">SSH_COMMAND</span></tt></dt> <dd>The command that will be run against the results of a search query.</dd> <dt><tt class="docutils literal"><span class="pre">-x</span> <span class="pre">USER_NAME</span></tt>, <tt class="docutils literal"><span class="pre">--ssh-user</span> <span class="pre">USER_NAME</span></tt></dt> <dd>The SSH user name.</dd> </dl> </div> <div class="section" id="examples"> <h2>Examples<a class="headerlink" href="#examples" title="Permalink to this headline">¶</a></h2> <p>The following examples show how to use this Knife subcommand:</p> <p><strong>Find server uptime</strong></p> <p>To find the uptime of all of web servers running Ubuntu on the Amazon EC2 platform, enter:</p> <div class="highlight-bash"><div class="highlight"><pre><span class="nv">$ </span>knife ssh <span class="s2">"role:web"</span> <span class="s2">"uptime"</span> -x ubuntu -a ec2.public_hostname </pre></div> </div> <p>to return something like:</p> <div class="highlight-bash"><div class="highlight"><pre>ec2-174-129-127-206.compute-1.amazonaws.com 13:50:47 up 1 day, 23:26, 1 user, load average: 0.25, 0.18, 0.11 ec2-67-202-63-102.compute-1.amazonaws.com 13:50:47 up 1 day, 23:33, 1 user, load average: 0.12, 0.13, 0.10 ec2-184-73-9-250.compute-1.amazonaws.com 13:50:48 up 16:45, 1 user, load average: 0.30, 0.22, 0.13 ec2-75-101-240-230.compute-1.amazonaws.com 13:50:48 up 1 day, 22:59, 1 user, load average: 0.24, 0.17, 0.11 ec2-184-73-60-141.compute-1.amazonaws.com 13:50:48 up 1 day, 23:30, 1 user, load average: 0.32, 0.17, 0.15 </pre></div> </div> <p><strong>Run the chef-client on all nodes</strong></p> <div class="highlight-bash"><div class="highlight"><pre><span class="nv">$ </span>knife ssh <span class="s1">'name:*'</span> <span class="s1">'sudo chef-client'</span> </pre></div> </div> <p><strong>Force a chef-client run</strong></p> <p>To force a chef-client run on all of the web servers running Ubuntu on the Amazon EC2 platform, enter:</p> <div class="highlight-bash"><div class="highlight"><pre><span class="nv">$ </span>knife ssh <span class="s2">"role:web"</span> <span class="s2">"sudo chef-client"</span> -x ubuntu -a ec2.public_hostname </pre></div> </div> <p>to return something like:</p> <div class="highlight-bash"><div class="highlight"><pre>ec2-67-202-63-102.compute-1.amazonaws.com <span class="o">[</span>Fri, 22 Oct 2010 14:18:37 +0000<span class="o">]</span> INFO: Starting Chef Run <span class="o">(</span>Version 0.9.10<span class="o">)</span> ec2-174-129-127-206.compute-1.amazonaws.com <span class="o">[</span>Fri, 22 Oct 2010 14:18:37 +0000<span class="o">]</span> INFO: Starting Chef Run <span class="o">(</span>Version 0.9.10<span class="o">)</span> ec2-184-73-9-250.compute-1.amazonaws.com <span class="o">[</span>Fri, 22 Oct 2010 14:18:38 +0000<span class="o">]</span> INFO: Starting Chef Run <span class="o">(</span>Version 0.9.10<span class="o">)</span> ec2-75-101-240-230.compute-1.amazonaws.com <span class="o">[</span>Fri, 22 Oct 2010 14:18:38 +0000<span class="o">]</span> INFO: Starting Chef Run <span class="o">(</span>Version 0.9.10<span class="o">)</span> ec2-184-73-60-141.compute-1.amazonaws.com <span class="o">[</span>Fri, 22 Oct 2010 14:18:38 +0000<span class="o">]</span> INFO: Starting Chef Run <span class="o">(</span>Version 0.9.10<span class="o">)</span> ec2-174-129-127-206.compute-1.amazonaws.com <span class="o">[</span>Fri, 22 Oct 2010 14:18:39 +0000<span class="o">]</span> INFO: Chef Run <span class="nb">complete </span>in 1.419243 seconds ec2-174-129-127-206.compute-1.amazonaws.com <span class="o">[</span>Fri, 22 Oct 2010 14:18:39 +0000<span class="o">]</span> INFO: cleaning the checksum cache ec2-174-129-127-206.compute-1.amazonaws.com <span class="o">[</span>Fri, 22 Oct 2010 14:18:39 +0000<span class="o">]</span> INFO: Running report handlers ec2-174-129-127-206.compute-1.amazonaws.com <span class="o">[</span>Fri, 22 Oct 2010 14:18:39 +0000<span class="o">]</span> INFO: Report handlers <span class="nb">complete</span> ec2-67-202-63-102.compute-1.amazonaws.com <span class="o">[</span>Fri, 22 Oct 2010 14:18:39 +0000<span class="o">]</span> INFO: Chef Run <span class="nb">complete </span>in 1.578265 seconds ec2-67-202-63-102.compute-1.amazonaws.com <span class="o">[</span>Fri, 22 Oct 2010 14:18:39 +0000<span class="o">]</span> INFO: cleaning the checksum cache ec2-67-202-63-102.compute-1.amazonaws.com <span class="o">[</span>Fri, 22 Oct 2010 14:18:39 +0000<span class="o">]</span> INFO: Running report handlers ec2-67-202-63-102.compute-1.amazonaws.com <span class="o">[</span>Fri, 22 Oct 2010 14:18:39 +0000<span class="o">]</span> INFO: Report handlers <span class="nb">complete</span> ec2-184-73-9-250.compute-1.amazonaws.com <span class="o">[</span>Fri, 22 Oct 2010 14:18:40 +0000<span class="o">]</span> INFO: Chef Run <span class="nb">complete </span>in 1.638884 seconds ec2-184-73-9-250.compute-1.amazonaws.com <span class="o">[</span>Fri, 22 Oct 2010 14:18:40 +0000<span class="o">]</span> INFO: cleaning the checksum cache ec2-184-73-9-250.compute-1.amazonaws.com <span class="o">[</span>Fri, 22 Oct 2010 14:18:40 +0000<span class="o">]</span> INFO: Running report handlers ec2-184-73-9-250.compute-1.amazonaws.com <span class="o">[</span>Fri, 22 Oct 2010 14:18:40 +0000<span class="o">]</span> INFO: Report handlers <span class="nb">complete</span> ec2-75-101-240-230.compute-1.amazonaws.com <span class="o">[</span>Fri, 22 Oct 2010 14:18:40 +0000<span class="o">]</span> INFO: Chef Run <span class="nb">complete </span>in 1.540257 seconds ec2-75-101-240-230.compute-1.amazonaws.com <span class="o">[</span>Fri, 22 Oct 2010 14:18:40 +0000<span class="o">]</span> INFO: cleaning the checksum cache ec2-75-101-240-230.compute-1.amazonaws.com <span class="o">[</span>Fri, 22 Oct 2010 14:18:40 +0000<span class="o">]</span> INFO: Running report handlers ec2-75-101-240-230.compute-1.amazonaws.com <span class="o">[</span>Fri, 22 Oct 2010 14:18:40 +0000<span class="o">]</span> INFO: Report handlers <span class="nb">complete</span> ec2-184-73-60-141.compute-1.amazonaws.com <span class="o">[</span>Fri, 22 Oct 2010 14:18:40 +0000<span class="o">]</span> INFO: Chef Run <span class="nb">complete </span>in 1.502489 seconds ec2-184-73-60-141.compute-1.amazonaws.com <span class="o">[</span>Fri, 22 Oct 2010 14:18:40 +0000<span class="o">]</span> INFO: cleaning the checksum cache ec2-184-73-60-141.compute-1.amazonaws.com <span class="o">[</span>Fri, 22 Oct 2010 14:18:40 +0000<span class="o">]</span> INFO: Running report handlers ec2-184-73-60-141.compute-1.amazonaws.com <span class="o">[</span>Fri, 22 Oct 2010 14:18:40 +0000<span class="o">]</span> INFO: Report handlers <span class="nb">complete</span> </pre></div> </div> <p><strong>Run a command based on search query</strong></p> <p>To query for all nodes that have the “webserver” role and then use SSH to run the command “sudo chef-client”, enter:</p> <div class="highlight-bash"><div class="highlight"><pre><span class="nv">$ </span>knife ssh <span class="s2">"role:webserver"</span> <span class="s2">"sudo chef-client"</span> </pre></div> </div> <p><strong>Upgrade all nodes</strong></p> <div class="highlight-bash"><div class="highlight"><pre><span class="nv">$ </span>knife ssh name:* <span class="s2">"sudo aptitude upgrade -y"</span> </pre></div> </div> <p><strong>Specify the shell type</strong></p> <p>To specify the shell type used on the nodes returned by a search query:</p> <div class="highlight-bash"><div class="highlight"><pre><span class="nv">$ </span>knife ssh roles:opscode-omnitruck macterm </pre></div> </div> <p>where <tt class="docutils literal"><span class="pre">screen</span></tt> is one of the following values: <tt class="docutils literal"><span class="pre">cssh</span></tt>, <tt class="docutils literal"><span class="pre">interactive</span></tt>, <tt class="docutils literal"><span class="pre">macterm</span></tt>, <tt class="docutils literal"><span class="pre">screen</span></tt>, or <tt class="docutils literal"><span class="pre">tmux</span></tt>. If the node does not have the shell type installed, Knife will return an error similar to the following:</p> <div class="highlight-bash"><div class="highlight"><pre>you need the rb-appscript gem to use knife ssh macterm. <span class="sb">`</span><span class="o">(</span>sudo<span class="o">)</span> gem install rb-appscript<span class="sb">`</span> to install ERROR: LoadError: cannot load such file -- appscript </pre></div> </div> </div> </div> </div> </div> <div class="clearer"></div> </div> </body> </html>