The knife user
subcommand is used to manage the list of users and their associated RSA public key-pairs.
Warning
In versions of the chef-client prior to version 12.0, this subcommand ONLY works when run against the open source Chef server; it does not run against Enterprise Chef (including hosted Enterprise Chef), or Private Chef.
Starting with Chef server 12.0, this functionality is built into the chef-server-ctl command-line tool as part of the following arguments:
Starting with chef-client version 12.4.1, the knife user
functionality is restored for the following arguments: user-edit
, user-list
, and user-show
for Chef server version 12.0 (and higher).
Starting with Chef server 12.4.1, users who are members of the server-admins group may use the user-create
, user-delete
, user-edit
, user-list
, and user-show
arguements to manage user accounts on the Chef server via the knife user
subcommand.
Note
Review the list of common options available to this (and all) knife subcommands and plugins.
Use the create
argument to create a user. This process will generate an RSA key pair for the named user. The public key will be stored on the Chef server and the private key will be displayed on STDOUT
or written to a named file.
/etc/chef/client.pem
.~/.chef/client_name.pem
and referenced in the knife.rb configuration file.This argument has the following syntax:
$ knife user create USER_NAME (options)
This argument has the following options:
-a
, --admin
-f FILE_NAME
, --file FILE_NAME
-p PASSWORD
, --password PASSWORD
--user-key FILE_NAME
Note
See knife.rb for more information about how to add certain knife options as settings in the knife.rb file.
The following examples show how to use this knife subcommand:
Create a user
$ knife user create "Radio Birdman" -f /keys/user_name
Use the delete
argument to delete a registered user.
This argument has the following syntax:
$ knife user delete USER_NAME
This command does not have any specific options.
The following examples show how to use this knife subcommand:
Delete a user
$ knife user delete "Steve Danno"
Use the edit
argument to edit the details of a user. When this argument is run, knife will open $EDITOR. When finished, knife will update the Chef server with those changes.
This argument has the following syntax:
$ knife user edit USER_NAME
This command does not have any specific options.
None.
Use the key create
argument to create a public key.
This argument has the following syntax:
$ knife user key create USER_NAME (options)
This argument has the following options:
-e DATE
, --expiration-date DATE
YYYY-MM-DDTHH:MM:SSZ
. If this option is not specified, the public key will not have an expiration date. For example: 2013-12-24T21:00:00Z
.-f FILE
, --file FILE
-k NAME
, --key-name NAME
-p FILE_NAME
, --public-key FILE_NAME
--key-name
is specified, the Chef server will generate a public/private key pair.None.
Use the key delete
argument to delete a public key.
This argument has the following syntax:
$ knife user key delete USER_NAME KEY_NAME
None.
Use the key edit
argument to modify or rename a public key.
This argument has the following syntax:
$ knife user key edit USER_NAME KEY_NAME (options)
This argument has the following options:
-c
, --create-key
--public-key
instead.-e DATE
, --expiration-date DATE
YYYY-MM-DDTHH:MM:SSZ
. If this option is not specified, the public key will not have an expiration date. For example: 2013-12-24T21:00:00Z
.-f FILE
, --file FILE
--public-key
option is not specified the Chef server will generate a private key.-k NAME
, --key-name NAME
-p FILE_NAME
, --public-key FILE_NAME
--key-name
is specified, the Chef server will generate a public/private key pair.None.
Use the key list
argument to view a list of public keys for the named user.
This argument has the following syntax:
$ knife user key list USER_NAME (options)
This argument has the following options:
-e
, --only-expired
-n
, --only-non-expired
-w
, --with-details
None.
Use the key show
argument to view details for a specific public key.
This argument has the following syntax:
$ knife user key show USER_NAME KEY_NAME
None.
Use the list
argument to view a list of registered users.
This argument has the following syntax:
$ knife user list (options)
This argument has the following options:
-w
, --with-uri
None.
Use the reregister
argument to regenerate an RSA key pair for a user. The public key will be stored on the Chef server and the private key will be displayed on STDOUT
or written to a named file.
Note
Running this argument will invalidate the previous RSA key pair, making it unusable during authentication to the Chef server.
This argument has the following syntax:
$ knife user reregister USER_NAME (options)
This argument has the following options:
-f FILE_NAME
, --file FILE_NAME
Note
See knife.rb for more information about how to add certain knife options as settings in the knife.rb file.
The following examples show how to use this knife subcommand:
Regenerate the RSA key-pair
$ knife user reregister "Robert Younger"
Use the show
argument to show the details of a user.
This argument has the following syntax:
$ knife user show USER_NAME (options)
This argument has the following options:
-a ATTR
, --attribute ATTR
The following examples show how to use this knife subcommand:
Show user data
To view a user named Dennis Teck
, enter:
$ knife user show "Dennis Teck"
to return something like:
chef_type: user json_class: Chef::User name: Dennis Teck public_key:
Show user data as JSON
To view information in JSON format, use the -F
common option as part of the command like this:
$ knife user show "Dennis Teck" -F json
(Other formats available include text
, yaml
, and pp
, e.g. -F yaml
for YAML.)
© Chef Software, Inc.
Licensed under the Creative Commons Attribution 3.0 Unported License.
The Chef™ Mark and Chef Logo are either registered trademarks/service marks or trademarks/servicemarks of Chef, in the United States and other countries and are used with Chef Inc's permission.
We are not affiliated with, endorsed or sponsored by Chef Inc.
https://docs-archive.chef.io/release/12-13/knife_user.html