Local Knife Configuration

Configuring the Knife command to work with CAM.

After the Content Runtime is deployed, a Chef Server is available with an initial set of Chef Recipes and Roles deployed. To manage Chef Content, install the Chef DK on a local Workstation. The Chef DK installs the Knife tool which is the primary tool for managing the installed Chef Server.

Before you begin

Prior to beginning, identify the following information from the Content Runtime deployment.

Parameter Description
User User to connect to the Chef Server
Password Password to connect to the Chef Server
Chef Hostname Full Host name of the Chef Server, property=chef_fqdn
Chef Org Default Chef Organization, property=chef_org
Chef Admin Name Chef administration user, property=chef_admin

Ensure the fully qualified Chef Server is resolvable from the local workstation.

Installing the Chef DK

The Knife Command is packaged with the Chef Development Kit (Chef DK) which must first be installed on a local workstation. The Chef DK package will make the knife command available.

To begin, follow the instructions published by opscode on this topic here -> Install the Chef DK.

Configuring Knife

Understanding Knife configuration

Review the following documentation on the Chef DK and knife command:

Creating the chef-admin.pem file

Knife requires authentication for the Chef Admin user to properly manage the Chef Server. Knife authenticates with a .pem file which must be copied from the chef server.

  1. From the Chef Server, locate the /etc/opscode/{Chef Admin}.pem file.
  2. Copy to your local workstation.

Minimal knife.rb

  1. Create a directory to hold the knife configuration, you may need one per Content Runtime.
  2. Copy the {Chef Admin}.pem file to this directory (such as chef-admin.pem).
  3. Create a file called knife.rb with the following minimal values.
current_dir = File.dirname(__FILE__)
log_level                :info
log_location             STDOUT
node_name                '{Chef Admin}'
client_key               "{Knife Dir}/{Chef Admin}.pem"
chef_server_url          "https://{Chef Hostname}/organizations/{Chef Orgname}"

Testing Knife

Knife commands will by default require the certificate of the server present in the trusted_cert directory. In order to force this, run the following command.

knife ssl fetch

You can now test simple knife functions.

  • Listing cookbooks:

    knife cookbook list

    Output:

    db2               1.0.4
httpd             1.4.0
ibm_cloud_utils   1.0.4
ihs               1.0.5
im                1.0.3
linux             1.0.4
oracle_mysql      1.0.4
oracledb          1.0.4
tomcat            1.0.3
was               1.0.6
wasliberty        1.0.5
wmq               1.0.4

  • Listing Chef Roles:

    knife role list

    Output:

    db2_create_db
db2_v105_install
db2_v111_install
httpd24-base-install
httpd24-ssl-vhosts
ihs-liberty-admin
ihs-liberty-nonadmin
ihs-wasmode-admin
ihs-wasmode-nonadmin
liberty_core_install

  • Viewing deployed nodes:

    knife node list

    Output:

    nschambu-mq-01
nschambu-mq-02
nschambu-was-01
nschambu-was-02

For more knife commands refer to the Knife Documentation External link icon

The Pattern Manager has exposed an API to automate the management of Chef Cookbooks. For more information, see Pattern Manager API.