KNIFE-SSL-FETCH(1) knife ssl fetch KNIFE-SSL-FETCH(1)NAMEknife-ssl-fetch - The man page for the knife ssl fetch subcommand.
The knife ssl fetch subcommand is used to copy SSL certificates from an
HTTPS server to the trusted_certs_dir directory that is used by Knife
and the chef-client to store trusted SSL certificates. When these cer‐
tificates match the hostname of the remote server, running knife ssl
fetch is the only step required to verify a remote server that is
accessed by either Knife or the chef-client.
WARNING:
It is the user's responsibility to verify the authenticity of every
SSL certificate before downloading it to the trusted_certs_dir
directory. Knife will use any certificate in that directory as if it
is a 100% trusted and authentic SSL certificate. Knife will not be
able to determine if any certificate in this directory has been tam‐
pered with, is forged, malicious, or otherwise harmful. Therefore it
is essential that users take the proper steps before downloading
certificates into this directory.
Syntax
This subcommand has the following syntax:
$ knife ssl fetch URI_FOR_HTTPS_SERVER
Options
This subcommand has the following options:
-a SSH_ATTR, --attribute SSH_ATTR
The attribute that is used when opening the SSH connection. The
default attribute is the FQDN of the host. Other possible values
include a public IP address, a private IP address, or a host‐
name.
-A, --forward-agent
Use to enable SSH agent forwarding.
-c CONFIG_FILE, --config CONFIG_FILE
The configuration file to use.
-C NUM, --concurrency NUM
The number of allowed concurrent connections.
--chef-zero-port PORT
The port on which chef-zero will listen.
--[no-]color
Use to view colored output.
-d, --disable-editing
Use to prevent the $EDITOR from being opened and to accept data
as-is.
--defaults
Use to have Knife use the default value instead of asking a user
to provide one.
-e EDITOR, --editor EDITOR
The $EDITOR that is used for all interactive commands.
-E ENVIRONMENT, --environment ENVIRONMENT
The name of the environment. When this option is added to a com‐
mand, the command will run only against the named environment.
-F FORMAT, --format FORMAT
The output format: summary (default), text, json, yaml, and pp.
-G GATEWAY, --ssh-gateway GATEWAY
The SSH tunnel or gateway that is used to run a bootstrap action
on a machine that is not accessible from the workstation.
-h, --help
Shows help for the command.
-i IDENTITY_FILE, --identity-file IDENTIFY_FILE
The SSH identity file used for authentication. Key-based authen‐
tication is recommended.
-k KEY, --key KEY
The private key that Knife will use to sign requests made by the
API client to the Chef server.
-m, --manual-list
Use to define a search query as a space-separated list of
servers. If there is more than one item in the list, put quotes
around the entire list. For example: --manual-list "server01
server 02 server 03"
--[no-]host-key-verify
Use --no-host-key-verify to disable host key verification.
Default setting: --host-key-verify.
OTHER The shell type. Possible values: interactive, screen, tmux, mac‐
term, or cssh. (csshx is deprecated in favor of cssh.)
-p PORT, --ssh-port PORT
The SSH port.
-P PASSWORD, --ssh-password PASSWORD
The SSH password. This can be used to pass the password directly
on the command line. If this option is not specified (and a
password is required) Knife will prompt for the password.
--print-after
Use to show data after a destructive operation.
-s URL, --server-url URL
The URL for the Chef server.
SEARCH_QUERY
The search query used to return a list of servers to be accessed
using SSH and the specified SSH_COMMAND. This option uses the
same syntax as the search sub-command.
SSH_COMMAND
The command that will be run against the results of a search
query.
-u USER, --user USER
The user name used by Knife to sign requests made by the API
client to the Chef server. Authentication will fail if the user
name does not match the private key.
-v, --version
The version of the chef-client.
-V, --verbose
Set for more verbose outputs. Use -VV for maximum verbosity.
-x USER_NAME, --ssh-user USER_NAME
The SSH user name.
-y, --yes
Use to respond to all confirmation prompts with "Yes". Knife
will not ask for confirmation.
-z, --local-mode
Use to run the chef-client in local mode. This allows all com‐
mands that work against the Chef server to also work against the
local chef-repo.
Examples
The following examples show how to use this Knife subcommand:
Fetch the SSL certificates used by Knife from the Chef server
$ knife ssl fetch
Fetch the SSL certificates used by the chef-client from the Chef server
$ knife ssl fetch -c /etc/chef/client.rb
Fetch SSL certificates from a URL or URI
$ knife ssl fetch URL_or_URI
for example:
$ knife ssl fetch https://www.getchef.com
AUTHOR
Chef
Chef 11.14 KNIFE-SSL-FETCH(1)
