knife-ssl-check(1) - The man page for the knife ssl check subcommand.



  • KNIFE-SSL-CHECK(1)		knife ssl check 	    KNIFE-SSL-CHECK(1)
    
    
    
    NAME
           knife-ssl-check - The man page for the knife ssl check subcommand.
    
           The  knife ssl check subcommand is used to verify the SSL configuration
           for the Enterprise Chef and/or Open Source Chef servers, or at  another
           location specified by a URL or URI.
    
           WARNING:
    	  When	verification of a remote server's SSL certificate is disabled,
    	  the chef-client will issue a warning similar to "SSL	validation  of
    	  HTTPS  requests  is disabled. HTTPS connections are still encrypted,
    	  but the  chef-client	is  not  able  to  detect  forged  replies  or
    	  man-in-the-middle  attacks."	To  configure SSL for the chef-client,
    	  set ssl_verify_mode to :verify_peer (recommended) or verify_api_cert
    	  to true in the client.rb file.
    
           Syntax
    
           This subcommand has the following syntax:
    
    	  $ knife ssl check URI
    
           Options
    
           This subcommand has the following options:
    
           -a SSH_ATTR, --attribute SSH_ATTR
    	      The  attribute that is used when opening the SSH connection. The
    	      default attribute is the FQDN of the host. Other possible values
    	      include  a  public  IP address, a private IP address, or a host‐
    	      name.
    
           -A, --forward-agent
    	      Use to enable SSH agent forwarding.
    
           -c CONFIG_FILE, --config CONFIG_FILE
    	      The configuration file to use.
    
           -C NUM, --concurrency NUM
    	      The number of allowed concurrent connections.
    
           --chef-zero-port PORT
    	      The port on which chef-zero will listen.
    
           --[no-]color
    	      Use to view colored output.
    
           -d, --disable-editing
    	      Use to prevent the $EDITOR from being opened and to accept  data
    	      as-is.
    
           --defaults
    	      Use to have knife use the default value instead of asking a user
    	      to provide one.
    
           -e EDITOR, --editor EDITOR
    	      The $EDITOR that is used for all interactive commands.
    
           -E ENVIRONMENT, --environment ENVIRONMENT
    	      The name of the environment. When this option is added to a com‐
    	      mand, the command will run only against the named environment.
    
           -F FORMAT, --format FORMAT
    	      The output format: summary (default), text, json, yaml, and pp.
    
           -G GATEWAY, --ssh-gateway GATEWAY
    	      The SSH tunnel or gateway that is used to run a bootstrap action
    	      on a machine that is not accessible from the workstation.
    
           -h, --help
    	      Shows help for the command.
    
           -i IDENTITY_FILE, --identity-file IDENTIFY_FILE
    	      The SSH identity file used for authentication. Key-based authen‐
    	      tication is recommended.
    
           -k KEY, --key KEY
    	      The private key that knife will use to sign requests made by the
    	      API client to the Chef server.
    
           -m, --manual-list
    	      Use to define a  search  query  as  a  space-separated  list  of
    	      servers.	If there is more than one item in the list, put quotes
    	      around the entire list.  For  example:  --manual-list  "server01
    	      server 02 server 03"
    
           --[no-]host-key-verify
    	      Use  --no-host-key-verify  to  disable  host  key  verification.
    	      Default setting: --host-key-verify.
    
           OTHER  The shell type. Possible values: interactive, screen, tmux, mac‐
    	      term, or cssh. (csshx is deprecated in favor of cssh.)
    
           -p PORT, --ssh-port PORT
    	      The SSH port.
    
           -P PASSWORD, --ssh-password PASSWORD
    	      The SSH password. This can be used to pass the password directly
    	      on the command line. If this option  is  not  specified  (and  a
    	      password is required) knife will prompt for the password.
    
           --print-after
    	      Use to show data after a destructive operation.
    
           -s URL, --server-url URL
    	      The URL for the Chef server.
    
           SEARCH_QUERY
    	      The search query used to return a list of servers to be accessed
    	      using SSH and the specified SSH_COMMAND. This  option  uses  the
    	      same syntax as the search sub-command.
    
           SSH_COMMAND
    	      The  command  that  will	be run against the results of a search
    	      query.
    
           -u USER, --user USER
    	      The user name used by knife to sign requests  made  by  the  API
    	      client  to the Chef server. Authentication will fail if the user
    	      name does not match the private key.
    
           -v, --version
    	      The version of the chef-client.
    
           -V, --verbose
    	      Set for more verbose outputs. Use -VV for maximum verbosity.
    
           -x USER_NAME, --ssh-user USER_NAME
    	      The SSH user name.
    
           -y, --yes
    	      Use to respond to all confirmation  prompts  with  "Yes".  knife
    	      will not ask for confirmation.
    
           -z, --local-mode
    	      Use  to  run the chef-client in local mode. This allows all com‐
    	      mands that work against the Chef server to also work against the
    	      local chef-repo.
    
           Examples
    
           The following examples show how to use this knife subcommand:
    
           Verify the SSL configuration for the Chef server
    
    	  $ knife ssl check
    
           Verify the SSL configuration for the chef-client
    
    	  $ knife ssl check -c /etc/chef/client.rb
    
           Verify an external server's SSL certificate
    
    	  $ knife ssl check URL_or_URI
    
           for example:
    
    	  $ knife ssl check https://www.getchef.com
    
    AUTHOR
           Chef
    
    
    
    				   Chef 12.0		    KNIFE-SSL-CHECK(1)
    

Log in to reply
 

© Lightnetics 2024