Configure Knife on Linux

From Bonus Bits
Jump to: navigation, search

Purpose

This article gives the steps to configure Knife on Linux system with Chef Client installed.


Prerequisites


Create User Chef Client Config Folder

mkdir ~/.chef


Create Knife Configuration File

Option 1 (Use Configuration Wizard)

Copy Validator Key from Chef Server to User Folder
scp root@chef-server:/etc/chef-server/chef-validator.pem ~/.chef
mv ~/.chef/chef-validator.pem ~/.chef/validation.pem
knife configure initial

Example

knife configure initial
WARNING: No knife configuration file found
Where should I put the config file? [/home/username/.chef/knife.rb] <enter> 
Please enter the chef server URL: [http://localhostname:4000] https://chefserver.domain.com
Please enter a name for the new user: [username] <enter>
Please enter the existing admin name: [admin] <enter>
Please enter the location of the existing admin's private key: [/etc/chef/admin.pem] ~/.chef/admin.pem
Please enter the validation clientname: [chef-validator] <enter>
Please enter the location of the validation key: [/etc/chef/validation.pem] ~/.chef/chef-validator.pem
Please enter the path to a chef repository (or leave blank): <enter>
Creating initial API user...
Please enter a password for the new user: ********
Created user[username]
Configuration file written to /home/username/.chef/knife.rb


Option 2 (Manual - Chef Web Console)

  1. Logon to Chef Web Console
    1. https://chefserver.domain.com
  2. Create user
  3. Set as admin
  4. Copy Private key that is generated
    1. Beware it will only show you the key once.
  5. Create a file to store the key in such as /home/username/.chef/username.pem
  6. Create a knife.rb file /home/username/.chef/knife.rb
  7. Add the following
log_level :info
log_location STDOUT
ssl_verify_mode :verify_none
node_name 'username'
chef_server_url 'http://chefserver.domain.com'
client_key '/home/username/.chef/username.pem'


Bootstrap Option

To be able to send bootstrap (deploy) client command the chef-validator pem must be local and set in the knife.rb.

scp root@chef-server:/etc/chef-server/chef-validator.pem ~/.chef
mv ~/.chef/chef-validator.pem ~/.chef/validation.pem
log_level :info
log_location STDOUT
ssl_verify_mode :verify_none
node_name 'username'
chef_server_url 'http://chefserver.domain.com'
client_key '/home/username/.chef/username.pem'
validation_client_name "chef-validator"
validation_key '/home/username/.chef/validation.pem'


Optional Config Additions

Set Knife Editor

Environment Variable

export EDITOR=/usr/bin/vim

Cookbook Path

knife.rb

cookbook_path [ "~/path/to/cookbooks" ]

Secret Path

knife.rb

encrypted_data_bag_secret "~/.chef/bootstrap/encrypted_data_bag_secret"


Sources

http://docs.opscode.com/config_rb_knife.html