knife-ssl-fetch(1) - The man page for the knife ssl fetch subcommand.



  • KNIFE-SSL-FETCH(1)		knife ssl fetch 	    KNIFE-SSL-FETCH(1)
    
    
    
    NAME
           knife-ssl-fetch - The man page for the knife ssl fetch subcommand.
    
           The knife ssl fetch subcommand is used to copy SSL certificates from an
           HTTPS server to the trusted_certs_dir directory that is used  by  knife
           and  the chef-client to store trusted SSL certificates. When these cer‐
           tificates match the hostname of the remote server,  running  knife  ssl
           fetch  is  the  only  step  required  to verify a remote server that is
           accessed by either knife or the chef-client.
    
           WARNING:
    	  It is the user's responsibility to verify the authenticity of  every
    	  SSL  certificate  before  downloading  it  to  the trusted_certs_dir
    	  directory. knife will use any certificate in that directory as if it
    	  is  a  100% trusted and authentic SSL certificate. knife will not be
    	  able to determine if any certificate in this directory has been tam‐
    	  pered with, is forged, malicious, or otherwise harmful. Therefore it
    	  is essential that users take the  proper  steps  before  downloading
    	  certificates into this directory.
    
           Syntax
    
           This subcommand has the following syntax:
    
    	  $ knife ssl fetch URI_FOR_HTTPS_SERVER
    
           Options
    
           This subcommand has the following options:
    
           -a SSH_ATTR, --attribute SSH_ATTR
    	      The  attribute that is used when opening the SSH connection. The
    	      default attribute is the FQDN of the host. Other possible values
    	      include  a  public  IP address, a private IP address, or a host‐
    	      name.
    
           -A, --forward-agent
    	      Use to enable SSH agent forwarding.
    
           -c CONFIG_FILE, --config CONFIG_FILE
    	      The configuration file to use.
    
           -C NUM, --concurrency NUM
    	      The number of allowed concurrent connections.
    
           --chef-zero-port PORT
    	      The port on which chef-zero will listen.
    
           --[no-]color
    	      Use to view colored output.
    
           -d, --disable-editing
    	      Use to prevent the $EDITOR from being opened and to accept  data
    	      as-is.
    
           --defaults
    	      Use to have knife use the default value instead of asking a user
    	      to provide one.
    
           -e EDITOR, --editor EDITOR
    	      The $EDITOR that is used for all interactive commands.
    
           -E ENVIRONMENT, --environment ENVIRONMENT
    	      The name of the environment. When this option is added to a com‐
    	      mand, the command will run only against the named environment.
    
           -F FORMAT, --format FORMAT
    	      The output format: summary (default), text, json, yaml, and pp.
    
           -G GATEWAY, --ssh-gateway GATEWAY
    	      The SSH tunnel or gateway that is used to run a bootstrap action
    	      on a machine that is not accessible from the workstation.
    
           -h, --help
    	      Shows help for the command.
    
           -i IDENTITY_FILE, --identity-file IDENTIFY_FILE
    	      The SSH identity file used for authentication. Key-based authen‐
    	      tication is recommended.
    
           -k KEY, --key KEY
    	      The private key that knife will use to sign requests made by the
    	      API client to the Chef server.
    
           -m, --manual-list
    	      Use to define a  search  query  as  a  space-separated  list  of
    	      servers.	If there is more than one item in the list, put quotes
    	      around the entire list.  For  example:  --manual-list  "server01
    	      server 02 server 03"
    
           --[no-]host-key-verify
    	      Use  --no-host-key-verify  to  disable  host  key  verification.
    	      Default setting: --host-key-verify.
    
           OTHER  The shell type. Possible values: interactive, screen, tmux, mac‐
    	      term, or cssh. (csshx is deprecated in favor of cssh.)
    
           -p PORT, --ssh-port PORT
    	      The SSH port.
    
           -P PASSWORD, --ssh-password PASSWORD
    	      The SSH password. This can be used to pass the password directly
    	      on the command line. If this option  is  not  specified  (and  a
    	      password is required) knife will prompt for the password.
    
           --print-after
    	      Use to show data after a destructive operation.
    
           -s URL, --server-url URL
    	      The URL for the Chef server.
    
           SEARCH_QUERY
    	      The search query used to return a list of servers to be accessed
    	      using SSH and the specified SSH_COMMAND. This  option  uses  the
    	      same syntax as the search sub-command.
    
           SSH_COMMAND
    	      The  command  that  will	be run against the results of a search
    	      query.
    
           -u USER, --user USER
    	      The user name used by knife to sign requests  made  by  the  API
    	      client  to the Chef server. Authentication will fail if the user
    	      name does not match the private key.
    
           -v, --version
    	      The version of the chef-client.
    
           -V, --verbose
    	      Set for more verbose outputs. Use -VV for maximum verbosity.
    
           -x USER_NAME, --ssh-user USER_NAME
    	      The SSH user name.
    
           -y, --yes
    	      Use to respond to all confirmation  prompts  with  "Yes".  knife
    	      will not ask for confirmation.
    
           -z, --local-mode
    	      Use  to  run the chef-client in local mode. This allows all com‐
    	      mands that work against the Chef server to also work against the
    	      local chef-repo.
    
           Examples
    
           The following examples show how to use this knife subcommand:
    
           Fetch the SSL certificates used by Knife from the Chef server
    
    	  $ knife ssl fetch
    
           Fetch the SSL certificates used by the chef-client from the Chef server
    
    	  $ knife ssl fetch -c /etc/chef/client.rb
    
           Fetch SSL certificates from a URL or URI
    
    	  $ knife ssl fetch URL_or_URI
    
           for example:
    
    	  $ knife ssl fetch https://www.getchef.com
    
    AUTHOR
           Chef
    
    
    
    				   Chef 12.0		    KNIFE-SSL-FETCH(1)
    

Log in to reply
 

© Lightnetics 2024