1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>knife data bag — chef-client Man Pages</title>
<link rel="stylesheet" href="_static/guide.css" type="text/css" />
<link rel="stylesheet" href="_static/pygments.css" type="text/css" />
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT: './',
VERSION: '',
COLLAPSE_INDEX: false,
FILE_SUFFIX: '.html',
HAS_SOURCE: true
};
</script>
<script type="text/javascript" src="_static/jquery.js"></script>
<script type="text/javascript" src="_static/underscore.js"></script>
<script type="text/javascript" src="_static/doctools.js"></script>
</head>
<body>
<div style="background-color: #212c35; text-align: left; padding: 0px 0px 0px 0px">
<a href="http://docs.getchef.com/"><img src="_static/chef_html_logo.png" border="0" alt="Chef"/></a>
</div>
<div class="document">
<div class="documentwrapper">
<div class="body">
<div class="section" id="knife-data-bag">
<h1>knife data bag<a class="headerlink" href="#knife-data-bag" title="Permalink to this headline">¶</a></h1>
<p>A data bag is a global variable that is stored as JSON data and is accessible from a Chef server. A data bag is indexed for searching and can be loaded by a recipe or accessed during a search.</p>
<p>A data bag item may be encrypted using <a class="reference external" href="https://en.wikipedia.org/wiki/Symmetric-key_algorithm">shared secret encryption</a>. This allows each data bag item to store confidential information (such as a database password) or to be managed in a source control system (without plain-text data appearing in revision history). Each data bag item may be encrypted individually; if a data bag contains multiple encrypted data bag items, these data bag items are not required to share the same encryption keys.</p>
<p>The <strong>knife data bag</strong> subcommand is used to manage arbitrary stores of globally available JSON data.</p>
<div class="admonition note">
<p class="first admonition-title">Note</p>
<p class="last">Review the list of <a class="reference internal" href="knife_common_options.html"><em>common options</em></a> available to this (and all) knife subcommands and plugins.</p>
</div>
<div class="section" id="create">
<h2>create<a class="headerlink" href="#create" title="Permalink to this headline">¶</a></h2>
<p>The <tt class="docutils literal"><span class="pre">create</span></tt> argument is used to add a data bag to the Chef server.</p>
<div class="section" id="syntax">
<h3>Syntax<a class="headerlink" href="#syntax" title="Permalink to this headline">¶</a></h3>
<p>This argument has the following syntax:</p>
<div class="highlight-bash"><div class="highlight"><pre><span class="nv">$ </span>knife data bag create DATA_BAG_NAME <span class="o">[</span>DATA_BAG_ITEM<span class="o">]</span> <span class="o">(</span>options<span class="o">)</span>
</pre></div>
</div>
</div>
<div class="section" id="options">
<h3>Options<a class="headerlink" href="#options" title="Permalink to this headline">¶</a></h3>
<p>This argument has the following options:</p>
<dl class="docutils">
<dt><tt class="docutils literal"><span class="pre">DATA_BAG_ITEM</span></tt></dt>
<dd>The name of a specific item within a data bag.</dd>
<dt><tt class="docutils literal"><span class="pre">--secret</span> <span class="pre">SECRET</span></tt></dt>
<dd>The encryption key that is used for values contained within a data bag item. If <tt class="docutils literal"><span class="pre">secret</span></tt> is not specified, the chef-client will look for a secret at the path specified by the <tt class="docutils literal"><span class="pre">encrypted_data_bag_secret</span></tt> setting in the client.rb file.</dd>
<dt><tt class="docutils literal"><span class="pre">--secret-file</span> <span class="pre">FILE</span></tt></dt>
<dd>The path to the file that contains the encryption key.</dd>
</dl>
<div class="admonition note">
<p class="first admonition-title">Note</p>
<p class="last">For encrypted data bag items, use <em>either</em> <tt class="docutils literal"><span class="pre">--secret</span></tt> or <tt class="docutils literal"><span class="pre">--secret-file</span></tt>, not both.</p>
</div>
</div>
<div class="section" id="examples">
<h3>Examples<a class="headerlink" href="#examples" title="Permalink to this headline">¶</a></h3>
<p>The following examples show how to use this knife subcommand:</p>
<p><strong>Create a data bag</strong></p>
<p>To create a data bag named “admins”, enter:</p>
<div class="highlight-bash"><div class="highlight"><pre><span class="nv">$ </span>knife data bag create admins
</pre></div>
</div>
<p>to return:</p>
<div class="highlight-bash"><div class="highlight"><pre>Created data_bag<span class="o">[</span>admins<span class="o">]</span>
</pre></div>
</div>
</div>
</div>
<div class="section" id="delete">
<h2>delete<a class="headerlink" href="#delete" title="Permalink to this headline">¶</a></h2>
<p>The <tt class="docutils literal"><span class="pre">delete</span></tt> argument is used to delete a data bag or a data bag item from a Chef server.</p>
<div class="section" id="id1">
<h3>Syntax<a class="headerlink" href="#id1" title="Permalink to this headline">¶</a></h3>
<p>This argument has the following syntax:</p>
<div class="highlight-bash"><div class="highlight"><pre><span class="nv">$ </span>knife data bag delete DATA_BAG_NAME <span class="o">[</span>DATA_BAG_ITEM<span class="o">]</span> <span class="o">(</span>options<span class="o">)</span>
</pre></div>
</div>
</div>
<div class="section" id="id2">
<h3>Options<a class="headerlink" href="#id2" title="Permalink to this headline">¶</a></h3>
<p>This argument has the following options:</p>
<dl class="docutils">
<dt><tt class="docutils literal"><span class="pre">DATA_BAG_ITEM</span></tt></dt>
<dd>The name of a specific item within a data bag.</dd>
</dl>
</div>
<div class="section" id="id3">
<h3>Examples<a class="headerlink" href="#id3" title="Permalink to this headline">¶</a></h3>
<p>The following examples show how to use this knife subcommand:</p>
<p><strong>Delete a data bag</strong></p>
<div class="highlight-bash"><div class="highlight"><pre><span class="nv">$ </span>knife data bag delete data_bag_name
</pre></div>
</div>
<p><strong>Delete a data bag item</strong></p>
<p>To delete an item named “charlie”, enter:</p>
<div class="highlight-bash"><div class="highlight"><pre><span class="nv">$ </span>knife data bag delete admins charlie
</pre></div>
</div>
<p>Type <tt class="docutils literal"><span class="pre">Y</span></tt> to confirm a deletion.</p>
</div>
</div>
<div class="section" id="edit">
<h2>edit<a class="headerlink" href="#edit" title="Permalink to this headline">¶</a></h2>
<p>The <tt class="docutils literal"><span class="pre">edit</span></tt> argument is used to edit the data contained in a data bag. If encryption is being used, the data bag will be decrypted, the data will be made available in the $EDITOR, and then encrypted again before saving it to the Chef server.</p>
<div class="section" id="id4">
<h3>Syntax<a class="headerlink" href="#id4" title="Permalink to this headline">¶</a></h3>
<p>This argument has the following syntax:</p>
<div class="highlight-bash"><div class="highlight"><pre><span class="nv">$ </span>knife data bag edit DATA_BAG_NAME <span class="o">[</span>DATA_BAG_ITEM<span class="o">]</span> <span class="o">(</span>options<span class="o">)</span>
</pre></div>
</div>
</div>
<div class="section" id="id5">
<h3>Options<a class="headerlink" href="#id5" title="Permalink to this headline">¶</a></h3>
<p>This argument has the following options:</p>
<dl class="docutils">
<dt><tt class="docutils literal"><span class="pre">DATA_BAG_ITEM</span></tt></dt>
<dd>The name of a specific item within a data bag.</dd>
<dt><tt class="docutils literal"><span class="pre">--secret</span> <span class="pre">SECRET</span></tt></dt>
<dd>The encryption key that is used for values contained within a data bag item. If <tt class="docutils literal"><span class="pre">secret</span></tt> is not specified, the chef-client will look for a secret at the path specified by the <tt class="docutils literal"><span class="pre">encrypted_data_bag_secret</span></tt> setting in the client.rb file.</dd>
<dt><tt class="docutils literal"><span class="pre">--secret-file</span> <span class="pre">FILE</span></tt></dt>
<dd>The path to the file that contains the encryption key.</dd>
</dl>
<div class="admonition note">
<p class="first admonition-title">Note</p>
<p class="last">For encrypted data bag items, use <em>either</em> <tt class="docutils literal"><span class="pre">--secret</span></tt> or <tt class="docutils literal"><span class="pre">--secret-file</span></tt>, not both.</p>
</div>
</div>
<div class="section" id="id6">
<h3>Examples<a class="headerlink" href="#id6" title="Permalink to this headline">¶</a></h3>
<p>The following examples show how to use this knife subcommand:</p>
<p><strong>Edit a data bag</strong></p>
<p>To edit the contents of a data bag, enter:</p>
<div class="highlight-bash"><div class="highlight"><pre><span class="nv">$ </span>knife data bag edit dogs tibetanspaniel
</pre></div>
</div>
<p>where <tt class="docutils literal"><span class="pre">dogs</span></tt> is the name of the data bag and <tt class="docutils literal"><span class="pre">tibetanspaniel</span></tt> is the name of the data bag item. This will return something similar to the following in the knife editor:</p>
<div class="highlight-javascript"><div class="highlight"><pre><span class="p">{</span>
<span class="s2">"name"</span><span class="o">:</span><span class="s2">"data_bag_item_dogs_tibetanspaniel"</span><span class="p">,</span>
<span class="s2">"json_class"</span><span class="o">:</span><span class="s2">"Chef::DataBagItem"</span><span class="p">,</span>
<span class="s2">"chef_type"</span><span class="o">:</span><span class="s2">"data_bag_item"</span><span class="p">,</span>
<span class="s2">"data_bag"</span><span class="o">:</span><span class="s2">"dogs"</span><span class="p">,</span>
<span class="s2">"raw_data"</span><span class="o">:</span>
<span class="p">{</span>
<span class="s2">"description"</span><span class="o">:</span><span class="s2">"small dog that likes to sit in windows"</span><span class="p">,</span>
<span class="s2">"id"</span><span class="o">:</span><span class="s2">"tibetanspaniel"</span>
<span class="p">}</span>
<span class="p">}</span>
</pre></div>
</div>
<p>Make the necessary changes to the key-value pairs under <tt class="docutils literal"><span class="pre">raw_data</span></tt> and save them.</p>
<p><strong>Edit a data bag item</strong></p>
<p>To edit an item named “charlie” that is contained in a data bag named “admins”, enter:</p>
<div class="highlight-bash"><div class="highlight"><pre><span class="nv">$ </span>knife data bag edit admins charlie
</pre></div>
</div>
<p>to open the $EDITOR. Once opened, you can update the data before saving it to the Chef server. For example, by changing:</p>
<div class="highlight-bash"><div class="highlight"><pre><span class="o">{</span>
<span class="s2">"id"</span>: <span class="s2">"charlie"</span>
<span class="o">}</span>
</pre></div>
</div>
<p>to:</p>
<div class="highlight-javascript"><div class="highlight"><pre><span class="p">{</span>
<span class="s2">"id"</span><span class="o">:</span> <span class="s2">"charlie"</span><span class="p">,</span>
<span class="s2">"uid"</span><span class="o">:</span> <span class="mi">1005</span><span class="p">,</span>
<span class="s2">"gid"</span><span class="o">:</span> <span class="s2">"ops"</span><span class="p">,</span>
<span class="s2">"shell"</span><span class="o">:</span> <span class="s2">"/bin/zsh"</span><span class="p">,</span>
<span class="s2">"comment"</span><span class="o">:</span> <span class="s2">"Crazy Charlie"</span>
<span class="p">}</span>
</pre></div>
</div>
</div>
</div>
<div class="section" id="from-file">
<h2>from file<a class="headerlink" href="#from-file" title="Permalink to this headline">¶</a></h2>
<p>The <tt class="docutils literal"><span class="pre">from</span> <span class="pre">file</span></tt> argument is used to:</p>
<ul class="simple">
<li>Add a data bag item to a data bag</li>
<li>Update the contents of an existing data bag item</li>
</ul>
<p>The data bag itself must already exist on the Chef server and must be specified as part of the command. The contents of the data bag item are specified using a JSON file. This JSON file may be located at a relative or absolute path; its location must be specified as part of the command. The JSON file that defines the contents of the data bag item must at least contain the name of the data bag item—<tt class="docutils literal"><span class="pre">"id":</span> <span class="pre">"name"</span></tt>.</p>
<div class="admonition warning">
<p class="first admonition-title">Warning</p>
<p class="last">A chef-client must be version 11.6 (or higher) when using the <tt class="docutils literal"><span class="pre">knife</span> <span class="pre">data</span> <span class="pre">bag</span> <span class="pre">from</span> <span class="pre">file</span></tt> argument with the Enterprise Chef or Open Source Chef version 11 servers.</p>
</div>
<div class="section" id="id7">
<h3>Syntax<a class="headerlink" href="#id7" title="Permalink to this headline">¶</a></h3>
<p>This argument has the following syntax:</p>
<div class="highlight-bash"><div class="highlight"><pre><span class="nv">$ </span>knife data bag from file DATA_BAG_NAME_or_PATH
</pre></div>
</div>
</div>
<div class="section" id="id8">
<h3>Options<a class="headerlink" href="#id8" title="Permalink to this headline">¶</a></h3>
<p>This argument has the following options:</p>
<dl class="docutils">
<dt><tt class="docutils literal"><span class="pre">-a</span></tt>, <tt class="docutils literal"><span class="pre">--all</span></tt></dt>
<dd>Use to upload all data bags found at the specified path.</dd>
<dt><tt class="docutils literal"><span class="pre">--secret</span> <span class="pre">SECRET</span></tt></dt>
<dd>The encryption key that is used for values contained within a data bag item. If <tt class="docutils literal"><span class="pre">secret</span></tt> is not specified, the chef-client will look for a secret at the path specified by the <tt class="docutils literal"><span class="pre">encrypted_data_bag_secret</span></tt> setting in the client.rb file.</dd>
<dt><tt class="docutils literal"><span class="pre">--secret-file</span> <span class="pre">FILE</span></tt></dt>
<dd>The path to the file that contains the encryption key.</dd>
</dl>
<div class="admonition note">
<p class="first admonition-title">Note</p>
<p class="last">For encrypted data bag items, use <em>either</em> <tt class="docutils literal"><span class="pre">--secret</span></tt> or <tt class="docutils literal"><span class="pre">--secret-file</span></tt>, not both.</p>
</div>
</div>
<div class="section" id="id9">
<h3>Examples<a class="headerlink" href="#id9" title="Permalink to this headline">¶</a></h3>
<p>The following examples show how to use this knife subcommand:</p>
<p><strong>Create a data bag from a file</strong></p>
<p>To create a data bag on the Chef server from a file:</p>
<div class="highlight-bash"><div class="highlight"><pre><span class="nv">$ </span>knife data bag from file <span class="s2">"path to JSON file"</span>
</pre></div>
</div>
<p><strong>Create an encrypted data bag from a file</strong></p>
<p>To create a data bag named “devops_data” that contains encrypted data, enter:</p>
<div class="highlight-bash"><div class="highlight"><pre><span class="nv">$ </span>knife data bag from file devops_data --secret-file <span class="s2">"path to decryption file"</span>
</pre></div>
</div>
</div>
</div>
<div class="section" id="list">
<h2>list<a class="headerlink" href="#list" title="Permalink to this headline">¶</a></h2>
<p>The <tt class="docutils literal"><span class="pre">list</span></tt> argument is used to view a list of data bags that are currently available on the Chef server.</p>
<div class="section" id="id10">
<h3>Syntax<a class="headerlink" href="#id10" title="Permalink to this headline">¶</a></h3>
<p>This argument has the following syntax:</p>
<div class="highlight-bash"><div class="highlight"><pre><span class="nv">$ </span>knife data bag list
</pre></div>
</div>
</div>
<div class="section" id="id11">
<h3>Options<a class="headerlink" href="#id11" title="Permalink to this headline">¶</a></h3>
<p>This argument has the following options:</p>
<dl class="docutils">
<dt><tt class="docutils literal"><span class="pre">-w</span></tt>, <tt class="docutils literal"><span class="pre">--with-uri</span></tt></dt>
<dd>Use to show the corresponding URIs.</dd>
</dl>
</div>
<div class="section" id="id12">
<h3>Examples<a class="headerlink" href="#id12" title="Permalink to this headline">¶</a></h3>
<p>The following examples show how to use this knife subcommand:</p>
<p><strong>View a list of data bags</strong></p>
<div class="highlight-bash"><div class="highlight"><pre><span class="nv">$ </span>knife data bag list
</pre></div>
</div>
</div>
</div>
<div class="section" id="show">
<h2>show<a class="headerlink" href="#show" title="Permalink to this headline">¶</a></h2>
<p>The <tt class="docutils literal"><span class="pre">show</span></tt> argument is used to view the contents of a data bag.</p>
<div class="section" id="id13">
<h3>Syntax<a class="headerlink" href="#id13" title="Permalink to this headline">¶</a></h3>
<p>This argument has the following syntax:</p>
<div class="highlight-bash"><div class="highlight"><pre><span class="nv">$ </span>knife data bag show DATA_BAG_NAME <span class="o">(</span>options<span class="o">)</span>
</pre></div>
</div>
</div>
<div class="section" id="id14">
<h3>Options<a class="headerlink" href="#id14" title="Permalink to this headline">¶</a></h3>
<p>This argument has the following options:</p>
<dl class="docutils">
<dt><tt class="docutils literal"><span class="pre">DATA_BAG_ITEM</span></tt></dt>
<dd>The name of a specific item within a data bag.</dd>
<dt><tt class="docutils literal"><span class="pre">--secret</span> <span class="pre">SECRET</span></tt></dt>
<dd>The encryption key that is used for values contained within a data bag item. If <tt class="docutils literal"><span class="pre">secret</span></tt> is not specified, the chef-client will look for a secret at the path specified by the <tt class="docutils literal"><span class="pre">encrypted_data_bag_secret</span></tt> setting in the client.rb file.</dd>
<dt><tt class="docutils literal"><span class="pre">--secret-file</span> <span class="pre">FILE</span></tt></dt>
<dd>The path to the file that contains the encryption key.</dd>
</dl>
<div class="admonition note">
<p class="first admonition-title">Note</p>
<p class="last">For encrypted data bag items, use <em>either</em> <tt class="docutils literal"><span class="pre">--secret</span></tt> or <tt class="docutils literal"><span class="pre">--secret-file</span></tt>, not both.</p>
</div>
</div>
<div class="section" id="id15">
<h3>Examples<a class="headerlink" href="#id15" title="Permalink to this headline">¶</a></h3>
<p>The following examples show how to use this knife subcommand:</p>
<p><strong>Show a data bag</strong></p>
<div class="highlight-bash"><div class="highlight"><pre><span class="nv">$ </span>knife data bag show admins
</pre></div>
</div>
<p>to return something like:</p>
<div class="highlight-bash"><div class="highlight"><pre>charlie
</pre></div>
</div>
<p><strong>Show a data bag item</strong></p>
<p>To show the contents of a specific item within data bag, enter:</p>
<div class="highlight-bash"><div class="highlight"><pre><span class="nv">$ </span>knife data bag show admins charlie
</pre></div>
</div>
<p>to return:</p>
<div class="highlight-bash"><div class="highlight"><pre>comment: Crazy Charlie
gid: ops
id: charlie
shell: /bin/zsh
uid: 1005
</pre></div>
</div>
<p><strong>Show a data bag, encrypted</strong></p>
<p>To show the contents of a data bag named <tt class="docutils literal"><span class="pre">passwords</span></tt> with an item that contains encrypted data named <tt class="docutils literal"><span class="pre">mysql</span></tt>, enter:</p>
<div class="highlight-bash"><div class="highlight"><pre><span class="nv">$ </span>knife data bag show passwords mysql
</pre></div>
</div>
<p>to return:</p>
<div class="highlight-javascript"><div class="highlight"><pre>## sample:
{
"id": "mysql",
"pass": "trywgFA6R70NO28PNhMpGhEvKBZuxouemnbnAUQsUyo=\n",
"user": "e/p+8WJYVHY9fHcEgAAReg==\n"
}
</pre></div>
</div>
<p><strong>Show a data bag, decrypted</strong></p>
<p>To show the decrypted contents of the same data bag, enter:</p>
<div class="highlight-bash"><div class="highlight"><pre><span class="nv">$ </span>knife data bag show --secret-file /path/to/decryption/file passwords mysql
</pre></div>
</div>
<p>to return:</p>
<div class="highlight-javascript"><div class="highlight"><pre>## sample:
{
"id": "mysql",
"pass": "thesecret123",
"user": "fred"
}
</pre></div>
</div>
<p><strong>Show a data bag as JSON</strong></p>
<p>To view information in JSON format, use the <tt class="docutils literal"><span class="pre">-F</span></tt> common option as part of the command like this:</p>
<div class="highlight-bash"><div class="highlight"><pre><span class="nv">$ </span>knife data bag show admins -F json
</pre></div>
</div>
<p>Other formats available include <tt class="docutils literal"><span class="pre">text</span></tt>, <tt class="docutils literal"><span class="pre">yaml</span></tt>, and <tt class="docutils literal"><span class="pre">pp</span></tt>.</p>
</div>
</div>
</div>
</div>
</div>
<div class="clearer"></div>
</div>
</body>
</html>
|
