Skip to end of metadata
Go to start of metadata


Overview

Knife is a command-line tool that comes with Chef.

It is used by administrators to interact with the Chef Server API, the local Chef repository and and can be used to manage the arbitrary stores of globally available JSON data known as Data Bags.

Knife's data bag sub-command provides this capability.

  • For more information about Knife, refer to the Knife documentation.
  • See Data Bags for more information on Data Bags, and Encrypted Data Bags if the data stored in the data bags is sensitive and shouldn't be stored in plain text or viewable when checked into version control systems.

Managing Data Bags with Knife

Data bags can be managed with the knife command line client. Make sure you have correctly configured knife before trying the examples here.

Creating Data Bags and Items

To create a data bag with knife, use

For example, to create a data bag to store data about admins, run this command:

Now that the data bag is created, you can put data items in it with knife data bag create BAG[ITEM]. This command will create a skeleton of the JSON for the data bag and drop you into your $EDITOR to edit it.

To add an administrator to our admins data bag, we'd do the following:

Now, in your editor, you'll see this:

To follow along with the example, edit the data bag item as follows:

When you exit your editor, knife will save this data to the server.

Showing Data Bags and Items

To list all of the data bags on the server, use knife data bag list. If you created the admins data bag above, running the command will produce the following result:

To view the contents of a data bag, use knife data bag show BAG, for example:

To view the contents of a data bag item, use knife data bag show BAG ITEM:

Create or Update Data Bag Items from JSON

To create or update a data bag item using a JSON file, use

If file is a relative or absolute path to the file, that file will be used. Otherwise, the file parameter is treated as the base name of a data bag file in a Chef repository, and knife will search for the file in ./data_bags/bag_name/file. For example knife data bag from file users dan.json would attempt to load the file ./data_bags/users/dan.json. The JSON file in question should be a Hash that contains at least an "id" key. The "id" key will be the item name.

Other keys can be added to this file just as they can when using knife data bag BAG_NAME ITEM_NAME create.

Editing Data Bag Items

Data bags are edited via knife with knife data bag edit BAG ITEM. This works similarly to creating data bag items, loading your $EDITOR with the data from the server, and saving it back to the server when you exit the editor.

Deleting Data Bags and Items

To delete a data bag with knife, use knife data bag delete BAG. Individual data bag items are deleted with knife data bag delete BAG ITEM.

Deleting a Data Bag Item
Deleting a Data Bag

Encrypted data bags and knife

The encrypted data bag features of the knife data bag * subcommands are activated by specifying either a --secret or --secret-file option.

  • --secret SECRET is used to specify the key used for encryption and decryption on the command line.
  • --secret-file FILE is used to specify the path to a file that contains the encryption/decryption key.

Create a new encrypted data bag item

Verify that the data bag has been created and encrypted

Decrypt an encrypted data bag item

Other knife encrypted data bag commands

When given a --secret or --secret-file option,

  • knife data bag from file will encrypt the data bag item contained in the specified JSON file;
  • knife data bag edit will decrypt an existing data bag item, allow you to edit it, and then encrypt it before saving it to Chef


Managing Cookbooks With Knife


Managing Environments With Knife



Labels:
None
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.