This plugin has been tested with Chef 12.x and uses the Google API Ruby Client.
Install the gem
Install the gem with:
gem install knife-google
Or, even better, if you're using the ChefDK:
chef gem install knife-google
If you're using Bundler, simply add it to your Gemfile:
gem "knife-google", "~> 2.0"
... and then run
Create a Google Cloud Platform project
Before getting started with this plugin, you must first create a Google Cloud Platform (GCP) "project" and add the Google Compute Engine service to your project. While GCP has many other services, such as App Engine and Cloud Storage, this plugin only provides an integration with Google Compute Engine (GCE).
Authentication and Authorization
The easiest way to create this is to download and install the Google Cloud SDK and run the
gcloud auth login command which will create the credentials file for you.
gcloud auth login no longer writes application default credentials. Please run
gcloud auth application-default login for appropriate application credentials file.
If you already have a file you'd like to use that is in a different location, set the
GOOGLE_APPLICATION_CREDENTIALS environment variable with the full path to that file.
All knife-google commands require a project name, and most commands require zone name to be supplied. You can supply these on the command line:
knife google server list --gce-project my-test-project --gce-zone us-east1-b
... or you can set them in your
knife[:gce_project] = 'my-test-project' knife[:gce_zone] = 'us-east1-b'
In order to Linux bootstrap nodes, you will first need to ensure your SSH
keys are set up correctly. Ensure your SSH public key is properly entered
into your project's Metadata tab in the GCP Console. GCE will add your key
to the appropriate user's
~/.ssh/authorized_keys file when Chef first
connects to perform the bootstrap process.
- If you don't have one, create a key using
- Log in to the GCP console, select your project, go to Compute Engine, and go to the Metadata tab.
- Select the "SSH Keys" tab.
- Add a new item, and paste in your public key.
- Note: to change the username automatically detected for the key, prefix your key with the username
you plan to use as the
--ssh-userwhen creating a server. For example, if you plan to connect as "chefuser", your key should look like:
- Note: to change the username automatically detected for the key, prefix your key with the username you plan to use as the
- Click "Save".
You can find more information on configuring SSH keys in the Google Compute Engine documentation.
To see all knife-google commands, run:
All commands have additional help output. Simply append
--help to any command.
For example, to see additional help and flags available for the
knife google disk create command,
knife google disk create --help
knife google disk create DISKNAME
Create a disk in GCE.
- DISKNAME: required. The name of the disk to create.
- gce-disk-size: optional. The size of the disk, in GB, to create. Valid options are between 10 and 10,000. The default is 10.
- gce-disk-type: optional. The type of GCE disk to create, such as
pd-ssd. Default is
- gce-disk-source: optional. Image to use when creating a disk. By default, the disk will be created blank.
knife google disk create my-test-disk --gce-disk-type pd-ssd --gce-disk-size 50
knife google disk delete DISKNAME [DISKNAME]
Deletes one or more disks from GCE.
- DISKNAME: required. The name of the disk to delete. You can specify more than one disk to delete at a time.
knife google disk delete my-test-disk1 my-test-disk2
knife google disk list
List all disks in the currently-configured GCE project and zone.
knife google project quotas
Display all project resources and quotas for the currently-configured project, such as the number of snapshots allowed and currently consumed.
knife google region list
Display all regions available to the currently-configured project, what each region's status is, and what zones exist in each region.
Regions are collections of zones. For additional information on regions, please refer to the GCE documentation.
knife google region quotas
Display all resources and quotas for all regions in the currently-configured project, such as how many instances are allowed and currently configured in a given region.
knife google server create INSTANCE_NAME
Create a GCE server instance and bootstrap it with Chef. You must supply an instance name, a machine type, and an image to use.
For a Linux instance, Chef will connect to the instance over SSH based on the
parameter. This user must have SSH keys configured properly in the project's metadata.
See the SSH Keys section for more information.
- INSTANCE_NAME: required. The name to use when creating the instance.
- --gce-machine-type: required. The machine type to use when creating the server, such as
- --gce-network: The name of the network to which your instance will be attached. Defaults to "default".
- --gce-subnet: The name of the subnet to which your instance will be attached. Only applies to custom networks.
- --gce-image: required. The name of the disk image to use when creating the server. knife-google will search your current project for this disk image. If the image cannot be found but looks like a common public image, the public image project will be searched as well. Additionally, this parameter supports the same image aliases that
gcloud compute instances createsupports. See the output of
gcloud compute instances create --helpfor a full list of aliases.
- Example: if you supply a gce-image of
centos-7-v20160219, knife-google will first look for an image with that name in your currently-configured project. If it cannot be found, it will look in the
- This behavior can be overridden with the
- Example: if you supply a gce-image of
- --gce-image-project: optional. The name of the GCP project that contains the image specified with the
--gce-imageflag. If this is specified, knife-google will not search any known public projects for your image.
- --gce-boot-disk-name: The name to use when creating the instance's boot disk. Defaults to the instance name.
- --gce-boot-disk-size: The size of the boot disk to create, in GB. Defaults to 10.
- --[no-]gce-boot-disk-ssd: If true, the boot disk will be created as a
pd-ssddisk type. By default, this is false, and the boot disk will be created as a
- --[no-]gce-boot-disk-autodelete: If true, the boot disk will be automatically deleted whenever the instance is deleted. Defaults to true.
- --additional_disks: A comma-separated list of disk names to attach to the instance when creating it. The disks must already exist.
- --[no-]gce-auto-server-restart: If true, the instance will be automatically restarted if it was terminated for non-user-initiated actions, such as host maintenance. Defaults to true.
- --[no-]gce-auto-server-migrate: If true, the instance will be automatically migrated to another host if maintenance would require the instance to be terminated. Defaulst to true.
- --[no-]gce-can-ip-forward: If true, the instance will be allowed to perform network forwarding. Defaults to false.
- --gce-tags: A comma-separated list of tag values to add to the instance.
- --gce-metadata: A comma-separated list of key=value pairs to be added to the instance metadata. Example:
- --gce-service-account-scopes: A comma-separated list of account scopes for this instance. View a list of scoped by running
gcloud compute instances create --helpand searching for the documentation for the
--scopesparameter. You must supply the full URI (i.e. "https://www.googleapis.com/auth/devstorage.full_control"), the final part of the URI (i.e. "devstorage.full_control"), or the gcloud alias name (i.e. "storage-rw"). See the output of
gcloud compute instances create --helpfor a full list of scopes.
- --gce-service-account-name: the service account name to use when adding service account scopes. This usually looks like an email address and can be created in the Permissions tab of the Google Cloud Console. Defaults to "default"
- --gce-use-private-ip: If true, Chef will attempt to bootstrap the device using the private IP rather than the public IP. Defaulst to false.
- --gce-public-ip: The type of public IP to associate with this instance. If "ephemeral", an ephemeral IP will be assigned. If "none", no public IP will be assigned. If a specific IP address is provided, knife-google will attempt to attach that specific IP address to the instance. Default is "ephemeral".
- --gce-email: required when creating and bootstrapping Microsoft Windows instances. The email address of the currently-logged-in Google Cloud user. This is required when resetting the Windows instance's password.
Additionally, all the normal
knife bootstrap flags are supported. See the output of
knife bootstrap --help and
knife google server create --help for additional information.
knife google server create test-instance-1 --gce-image centos-7-v20160219 --gce-machine-type n1-standard-2 --gce-public-ip ephemeral --ssh-user myuser --identity-file /Users/myuser/.ssh/google_compute_engine
knife google server delete INSTANCE_NAME [INSTANCE_NAME]
Deletes one or more GCE server instance. Additionally, if requested, the client and node object for the given instance will be deleted off of the Chef Server as well.
The boot disk will be deleted as well unless
--no-gce-boot-disk-autodelete was specified during
the server creation.
- INSTANCE_NAME: required. The name of the GCE instance to delete. You may provide more than one instance to delete.
- --purge: optional. If provided, the instances' client and node objects will be deleted off the Chef Server. Default is NOT to delete the objects.
knife google server delete my-instance-1 my-instance-2 --purge
knife google server list
Display the instances in the currently-configured project and zone, their statuses, machine types, IP addresses, and network.
This command will display all instances in the project/zone, even if they weren't created with knife-google.
knife google server show INSTANCE_NAME
Display information about a single GCE instance, including its status, machine type, IP addresses, and network. Only one server may be displayed at a time.
- INSTANCE_NAME: required. The name of the instance to show.
knife google zone list
List all available zones in the currently-configured project and what each zone's status is. A zone is an isolated location within a region that is independent of other zones in the same region. For additional information on zones, please refer to the GCE documentation.
Bootstrapping Windows Nodes
WinRM is used by Chef to bootstrap Windows nodes. The default settings of the GCE Windows images and GCP projects are not conducive to successful bootstrapping. Therefore, you will likely need to make some changes to your project settings and create your own image based on your company's policies. Some settings you will likely have to change include:
- inbound firewall rule in the GCP console to allow inbound WinRM (such as port 5985/tcp)
- inbound firewall rule in Windows Firewall to allow the inbound WinRM connections
- enable the appropriate WinRM transports
License and Authors
Version 3.0.0 of knife-google was rewritten by Chef Partner Engineering but is largely inspired by initial versions of knife-google, thanks to the work of the great folks at Google.
Author:: Chef Partner Engineering (firstname.lastname@example.org)
Copyright:: Copyright (c) 2016 Chef Software, Inc.
License:: Apache License, Version 2.0
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
We'd love to hear from you if you find this isn't working for you. Please submit a GitHub issue with any problems you encounter.
Additionally, contributions are welcome! If you'd like to send up any fixes or changes:
- Fork it ( https://github.com/chef/knife-google/fork )
- Create your feature branch (
git checkout -b my-new-feature)
- Commit your changes (
git commit -am 'Add some feature')
- Push to the branch (
git push origin my-new-feature)
- Create a new Pull Request