Scroll to navigation

KNIFE-SSH(1) knife ssh KNIFE-SSH(1)

NAME

knife-ssh - The man page for the knife ssh subcommand.

The knife ssh subcommand is used to invoke SSH commands (in parallel) on a subset of nodes within an organization, based on the results of a search query made to the Chef server.

Syntax

This subcommand has the following syntax:

$ knife ssh SEARCH_QUERY SSH_COMMAND (options)


Options

This subcommand has the following options:

The attribute that is used when opening the SSH connection. The default attribute is the FQDN of the host. Other possible values include a public IP address, a private IP address, or a hostname.
Use to enable SSH agent forwarding.
The configuration file to use.
The number of allowed concurrent connections.
The port on which chef-zero will listen.
--[no-]color
Use to view colored output.
Use to prevent the $EDITOR from being opened and to accept data as-is.
Use to have knife use the default value instead of asking a user to provide one.
The $EDITOR that is used for all interactive commands.
The name of the environment. When this option is added to a command, the command will run only against the named environment.
The output format: summary (default), text, json, yaml, and pp.
The SSH tunnel or gateway that is used to run a bootstrap action on a machine that is not accessible from the workstation.
Shows help for the command.
The SSH identity file used for authentication. Key-based authentication is recommended.
The private key that knife will use to sign requests made by the API client to the Chef server.
Use to define a search query as a space-separated list of servers. If there is more than one item in the list, put quotes around the entire list. For example: --manual-list "server01 server 02 server 03"
--[no-]host-key-verify
Use --no-host-key-verify to disable host key verification. Default setting: --host-key-verify.
The shell type. Possible values: interactive, screen, tmux, macterm, or cssh. (csshx is deprecated in favor of cssh.)
The SSH port.
The SSH password. This can be used to pass the password directly on the command line. If this option is not specified (and a password is required) knife will prompt for the password.
Use to show data after a destructive operation.
The URL for the Chef server.
The search query used to return a list of servers to be accessed using SSH and the specified SSH_COMMAND. This option uses the same syntax as the search sub-command.
The command that will be run against the results of a search query.
The user name used by knife to sign requests made by the API client to the Chef server. Authentication will fail if the user name does not match the private key.
The version of the chef-client.
Set for more verbose outputs. Use -VV for maximum verbosity.
The SSH user name.
Use to respond to all confirmation prompts with "Yes". knife will not ask for confirmation.
Use to run the chef-client in local mode. This allows all commands that work against the Chef server to also work against the local chef-repo.

Examples

To find the uptime of all of web servers running Ubuntu on the Amazon EC2 platform, enter:

$ knife ssh "role:web" "uptime" -x ubuntu -a ec2.public_hostname


to return something like:

ec2-174-129-127-206.compute-1.amazonaws.com  13:50:47 up 1 day, 23:26,  1 user,  load average: 0.25, 0.18, 0.11
ec2-67-202-63-102.compute-1.amazonaws.com    13:50:47 up 1 day, 23:33,  1 user,  load average: 0.12, 0.13, 0.10
ec2-184-73-9-250.compute-1.amazonaws.com     13:50:48 up 16:45,  1 user,  load average: 0.30, 0.22, 0.13
ec2-75-101-240-230.compute-1.amazonaws.com   13:50:48 up 1 day, 22:59,  1 user,  load average: 0.24, 0.17, 0.11
ec2-184-73-60-141.compute-1.amazonaws.com    13:50:48 up 1 day, 23:30,  1 user,  load average: 0.32, 0.17, 0.15



$ knife ssh 'name:*' 'sudo chef-client'


To force a chef-client run on all of the web servers running Ubuntu on the Amazon EC2 platform, enter:

$ knife ssh "role:web" "sudo chef-client" -x ubuntu -a ec2.public_hostname


to return something like:

ec2-67-202-63-102.compute-1.amazonaws.com   [Fri, 22 Oct 2010 14:18:37 +0000] INFO: Starting Chef Run (Version 0.9.10)
ec2-174-129-127-206.compute-1.amazonaws.com [Fri, 22 Oct 2010 14:18:37 +0000] INFO: Starting Chef Run (Version 0.9.10)
ec2-184-73-9-250.compute-1.amazonaws.com    [Fri, 22 Oct 2010 14:18:38 +0000] INFO: Starting Chef Run (Version 0.9.10)
ec2-75-101-240-230.compute-1.amazonaws.com  [Fri, 22 Oct 2010 14:18:38 +0000] INFO: Starting Chef Run (Version 0.9.10)
ec2-184-73-60-141.compute-1.amazonaws.com   [Fri, 22 Oct 2010 14:18:38 +0000] INFO: Starting Chef Run (Version 0.9.10)
ec2-174-129-127-206.compute-1.amazonaws.com [Fri, 22 Oct 2010 14:18:39 +0000] INFO: Chef Run complete in 1.419243 seconds
ec2-174-129-127-206.compute-1.amazonaws.com [Fri, 22 Oct 2010 14:18:39 +0000] INFO: cleaning the checksum cache
ec2-174-129-127-206.compute-1.amazonaws.com [Fri, 22 Oct 2010 14:18:39 +0000] INFO: Running report handlers
ec2-174-129-127-206.compute-1.amazonaws.com [Fri, 22 Oct 2010 14:18:39 +0000] INFO: Report handlers complete
ec2-67-202-63-102.compute-1.amazonaws.com   [Fri, 22 Oct 2010 14:18:39 +0000] INFO: Chef Run complete in 1.578265 seconds
ec2-67-202-63-102.compute-1.amazonaws.com   [Fri, 22 Oct 2010 14:18:39 +0000] INFO: cleaning the checksum cache
ec2-67-202-63-102.compute-1.amazonaws.com   [Fri, 22 Oct 2010 14:18:39 +0000] INFO: Running report handlers
ec2-67-202-63-102.compute-1.amazonaws.com   [Fri, 22 Oct 2010 14:18:39 +0000] INFO: Report handlers complete
ec2-184-73-9-250.compute-1.amazonaws.com    [Fri, 22 Oct 2010 14:18:40 +0000] INFO: Chef Run complete in 1.638884 seconds
ec2-184-73-9-250.compute-1.amazonaws.com    [Fri, 22 Oct 2010 14:18:40 +0000] INFO: cleaning the checksum cache
ec2-184-73-9-250.compute-1.amazonaws.com    [Fri, 22 Oct 2010 14:18:40 +0000] INFO: Running report handlers
ec2-184-73-9-250.compute-1.amazonaws.com    [Fri, 22 Oct 2010 14:18:40 +0000] INFO: Report handlers complete
ec2-75-101-240-230.compute-1.amazonaws.com  [Fri, 22 Oct 2010 14:18:40 +0000] INFO: Chef Run complete in 1.540257 seconds
ec2-75-101-240-230.compute-1.amazonaws.com  [Fri, 22 Oct 2010 14:18:40 +0000] INFO: cleaning the checksum cache
ec2-75-101-240-230.compute-1.amazonaws.com  [Fri, 22 Oct 2010 14:18:40 +0000] INFO: Running report handlers
ec2-75-101-240-230.compute-1.amazonaws.com  [Fri, 22 Oct 2010 14:18:40 +0000] INFO: Report handlers complete
ec2-184-73-60-141.compute-1.amazonaws.com   [Fri, 22 Oct 2010 14:18:40 +0000] INFO: Chef Run complete in 1.502489 seconds
ec2-184-73-60-141.compute-1.amazonaws.com   [Fri, 22 Oct 2010 14:18:40 +0000] INFO: cleaning the checksum cache
ec2-184-73-60-141.compute-1.amazonaws.com   [Fri, 22 Oct 2010 14:18:40 +0000] INFO: Running report handlers
ec2-184-73-60-141.compute-1.amazonaws.com   [Fri, 22 Oct 2010 14:18:40 +0000] INFO: Report handlers complete


To query for all nodes that have the webserver role and then use SSH to run the command sudo chef-client, enter:

$ knife ssh "role:webserver" "sudo chef-client"



$ knife ssh name:* "sudo aptitude upgrade -y"


To specify the shell type used on the nodes returned by a search query:

$ knife ssh roles:opscode-omnitruck macterm


where screen is one of the following values: cssh, interactive, macterm, screen, or tmux. If the node does not have the shell type installed, knife will return an error similar to the following:

you need the rb-appscript gem to use knife ssh macterm.
`(sudo) gem    install rb-appscript` to install
ERROR: LoadError: cannot load such file -- appscript


AUTHOR

Chef

Chef 12.0