+91 700 483 5930   +91 810 584 3520    info@scmgalaxy.com
Sign In or Register
Not Registered Yet?

Join Now! It's FREE. Get full access and benefit from this site

Reset My password - Remind Me My username

Remember me
scmGalaxy logo

We now have to configure the knife command. This command is the central way of communicating with our server and the nodes that we will be configuring. We need to tell it how to authenticate and then generate a user to access the Chef server.

Luckily, we've been laying the groundwork for this step by acquiring the appropriate credential files. We can start the configuration by typing:

knife configure --initial

This will ask you a series of questions. We will go through them one by one:

WARNING: No knife configuration file found
Where should I put the config file? [/home/your_user/.chef/knife.rb]

The values in the brackets ([]) are the default values that knife will use if we do not select a value.

We want to place our knife configuration file in the hidden directory we have been using:


In the next question, type in the domain name or IP address you use to access the Chef server. This should begin with https:// and end with :443:


You will be asked for a name for the new user you will be creating. Choose something descriptive:

Please enter a name for the new user: [root] station1

It will then ask you for the admin name. This you can just press enter on to accept the default value (we didn't change the admin name).

It will then ask you for the location of the existing administrators key. This should be:


It will ask a similar set of questions about the validator. We haven't changed the validator's name either, so we can keep that as chef-validator. Press enter to accept this value.

It will then ask you for the location of the validation key. It should be something like this:


Next, it will ask for the path to the repository. This is the chef-repo folder we have been operating in:


Finally, it will ask you to select a password for your new user. Select anything you would like.

This should complete our knife configuration. If we look in our chef-repo/.chef directory, we should see a knife configuration file and the credentials of our new user:

ls ~/chef-repo/.chef
admin.pem  chef-validator.pem  knife.rb  station1.pem

What is Role?

A role is a way to define certain patterns and processes that exist across nodes in an organization as belonging to a single job function. Each role consists of zero (or more) attributes and a run-list. Each node can have zero (or more) roles assigned to it. When a role is run against a node, the configuration details of that node are compared against the attributes of the role, and then the contents of that role’s run-list are applied to the node’s configuration details. When a chef-client runs, it merges its own attributes and run-lists with those contained within each assigned role.

How to use Roles in Chef?

  1. Create a Role and add the cookbooks into it.
  2. Assign the role into each node or bootstrap new nodes using roles
  3. The the run list 

How to create Role?

Method 1: In Chef Server directly

> knife role create client1

Add the run list e.g. "recipe[nginx]" under "run_list"

Save & exit

The role will be created in Chef Server.


"name": "client1",
"description": "",
"json_class": "Chef::Role",
"default_attributes": {
"override_attributes": {
"chef_type": "role",
"run_list": [
"recipe[nginx]", "recipe[phpapp::web]"
"env_run_lists": {

Let's download the role from the Chef server so we have it locally in a Chef repository.

> knife role show client1 -d -Fjson > roles/client1.json 

Now, Lets bootstrap the node using knife with roles

> knife bootstrap --run-list "role[client1]" --sudo hostname 

How to edit the roles in chef Server?

> knife role edit client1

Method 2: In local repo under chef-repo folder

> vi webserver.rb

example - 

name "web_server"
description "Role for web servers"

& Then upload to chef server using following commands.

> knife role from file path/to/role/file 

How Assigning Roles to Nodes?

> knife node list
> knife node edit node_name

This will bring up the node's definition file, which will allow us to add a role to its run_list:

"name": "client1",
"chef_environment": "_default",
"normal": {
"tags": [

"run_list": [

For instance, we can replace our recipe with our role in this file:

"name": "client1",
"chef_environment": "_default",
"normal": {
"tags": [
"run_list": [

How to bootstrap node using role?

> knife bootstrap {{address}} --ssh-user {{user}} --ssh-password '{{password}}' --sudo --use-sudo-password --node-name node1 --run-list 'role[production]'
> knife bootstrap --run-list "role[phpapp-web]" --sudo hostname

How to run roles against nodes?

You can run chef-client on multiple nodes via knife ssh command like, To query for all nodes that have the webserver role and then use SSH to run the command sudo chef-client, enter: 

> knife ssh "role:webserver" "sudo chef-client"

To find the uptime of all of web servers running Ubuntu on the Amazon EC2 platform, enter:

> knife ssh "role:web" "uptime" -x ubuntu -a ec2.public_hostname





To run single recipe using chef-solo

> chef-solo -c /opt/chef/repo/config/solo.rb -o my_cookbook::recipe

To run the single reciepe in same machine

> chef-apply hello.rb

To generate the cookbook standard structure


> chef generate cookbook learn_chef_httpd
> knife cookbook create smartmontools -r md


To generate the template file in cookbook

> chef generate template learn_chef_httpd index.html


To run the cookbook in local mode

> sudo chef-client --local-mode --runlist ‘recipe[learn_chef_httpd]’

To download the cookbooks from market place

> knife cookbook site download learn_chef_httpd
> knife cookbook site install learn_chef_httpd

To Upload the cookbooks to chef server

> knife cookbook upload learn_chef_httpd
> knife cookbook upload -a


To bootstrap a nodes

> knife bootstrap {{address}} --ssh-user {{user}} --ssh-password '{{password}}' --sudo --use-sudo-password --node-name node1 --run-list 'recipe[learn_chef_apache2]'
> knife bootstrap uvo1t75faaktzc532w6.vm.cld.sr -x root -P Br356YS0iy –sudo –node-name firefox
> knife bootstrap -x username -P password –sudo

To see the list of nodes

>knife node list


To edit the node run list

> knife node edit name_of_node


To see the info about each nodes

> knife node show node1


Run the cooksbooks on nodes

> knife ssh {{address}} 'sudo chef-client' --manual-list --ssh-user {{user}} --ssh-password '{{password}}'
> ssh username@ipadddress -i mycredentials.pem sudo chef-client


To add the run list to the nodes.

knife node run_list add C2445575914.domain 'recipe[hptrain]'
knife node run_list set test-node '''recipe[iptables]''' [Windows - Powershell]
knife node run_list set test-node 'recipe[iptables]' [Windows - Command]