Chef REST API examples for searching and deleting a node

Ignorant person here. A coworker has asked me to provide him with the Chef Server 12.10 REST API calls needed to do both of the following:

• Execute an arbitrary search (like a “knife search” command)
• Deregister a specific node and its associated client, given the node name

I’ve been Googling and reading but can’t figure it out. Does you happen to know where I could find some actual Chef REST API examples for searching, and for deleting a node?

My tiny view of the world guesses the search API call would be a GET call, and the delete API call would be a DELETE call. But what specific endpoints and request-contents do I need to, say:

• Mimic: knife search node 'chef_environment:<env_name>'
• Mimic: knife node delete <node_name> -y && knife client delete <node_name> -y

I’d appreciate any help that would be easy for you to provide

Hey There!

Check out the API documentation on docs.chef.io:
https://docs.chef.io/api_chef_server.html

Specifically, you want the /search endpoint and the /nodes/NAME endpoint.
And because you don’t want a client sticking around after the node is gone,
you should also look at /clients/NAME.

Hope that helps!

Nathan

What language are you writing your script in? There are existing client libraries for most major languages so it would help to know which to use for examples. Roughly speaking:

Ruby: chef-api
Python: PyChef
Java: jclouds-chef
JavaScript: chef-api
C#: dotnet-chef-api

Thanks for the clues, Nathan and Noah!

Nathan: I’m more ignorant than you’d think, so I was actually looking for specific examples. Using the clues you gave me, I think I pieced together the knowledge I need. Below is a summary of what I’m going with. Does it seem sane and reasonable?

Noah: Ditto. I didn’t even know to ask my coworker what his language constraints were. I just knew he had access to “curl.” But I’ll point out to him that what I got to work below using “curl” can probably be done easier using Chef libraries in one of those languages. (This is for use in an AWS Lambda function – I don’t know what language constraints apply there.)

General note: One key for me was the “chef_api_request” sample Bash script on the Chef.io “Authentication, Authorization” doc page (at https://docs.chef.io/auth.html). That helped clarify some of the magic behind the many needed HTTP request headers. Also key was discovering that the search query needs to be in SOLR’s Lucene syntax (https://wiki.apache.org/solr/SolrQuerySyntax).

Search

To search for a node using the Chef Server REST API, it appears to be sufficient to issue a REST call like this:

curl --insecure \ -H X-Ops-Timestamp:2017-01-27T19:54:17Z \ -H X-Ops-Userid:<user> \ -H X-Chef-Version:0.10.4 \ -H Accept:application/json \ -H X-Ops-Content-Hash:2jmj7l5rS...lWAYkK/YBwk= \ -H X-Ops-Sign:version=1.0 \ -H X-Ops-Authorization-1:ZUL3tIcV...dok2JA7g6Q/gvf1TEY5/DGD5tSmmRQx \ -H X-Ops-Authorization-2:4fEJ10aO...qGvmNo6DHCcd9zSAZqIVEdyehyCicQ0 \ -H X-Ops-Authorization-3:UeEbJueK...hPMbOOIKIDa4a9vbSSvaJTAzYCea/by \ -H X-Ops-Authorization-4:i91yOmU8...lEvJ9czPA0uQo0wXU5qyb2qltcMuTBy \ -H X-Ops-Authorization-5:JLHeINhu...ICvFuMLg8g6TD5LrifenLchaAt4n5ZK \ -H X-Ops-Authorization-6:Zzq7hz2T...kFH9q+796Hukg== \ 'https://<chef_server>/organizations/<org_name>/search/node?q=name:"<node_name>"%20AND%20chef_environment:"<env_name>"'

Delete

To delete a node and its associated client using the Chef Server REST API, it appears to be sufficient to issue two REST calls (one to delete the node, one to delete the client) like this:

Delete the node object:

curl --insecure -X DELETE \ -H X-Ops-Timestamp:2017-01-27T20:29:52Z \ -H X-Ops-Userid:<user> \ -H X-Chef-Version:0.10.4 \ -H Accept:application/json \ -H X-Ops-Content-Hash:2jmj...AYkK/YBwk= \ -H X-Ops-Sign:version=1.0 \ -H X-Ops-Authorization-1:6tZb30AI...efeS6fcQhvNX17JIfpRi6iRV+M \ -H X-Ops-Authorization-2:ojcDfw56...x5t++mogOEd/48wskeapKptWSP \ -H X-Ops-Authorization-3:lHbTjIzv...3dI8isSrpzg/3U6eSV49oeS+g7 \ -H X-Ops-Authorization-4:N78LeAEf...GhAt/rFpPw+sZdwflZdfFcWJCM \ -H X-Ops-Authorization-5:sKT7a6pR...DulmpIILpoZ8w6PHOvbyqhld9y \ -H X-Ops-Authorization-6:MuFWM/XO...pX9yxMmw== \ 'https://<chef_server>/organizations/<org_name>/nodes/<node_name>'

Delete the client object:

curl --insecure -X DELETE \ -H X-Ops-Timestamp:2017-01-27T20:29:52Z \ -H X-Ops-Userid:<user> \ -H X-Chef-Version:0.10.4 \ -H Accept:application/json \ -H X-Ops-Content-Hash:2jmj...AYkK/YBwk= \ -H X-Ops-Sign:version=1.0 \ -H X-Ops-Authorization-1:6tZb30AI...efeS6fcQhvNX17JIfpRi6iRV+M \ -H X-Ops-Authorization-2:ojcDfw56...x5t++mogOEd/48wskeapKptWSP \ -H X-Ops-Authorization-3:lHbTjIzv...3dI8isSrpzg/3U6eSV49oeS+g7 \ -H X-Ops-Authorization-4:N78LeAEf...GhAt/rFpPw+sZdwflZdfFcWJCM \ -H X-Ops-Authorization-5:sKT7a6pR...DulmpIILpoZ8w6PHOvbyqhld9y \ -H X-Ops-Authorization-6:MuFWM/XO...pX9yxMmw== \ 'https://<chef_server>/organizations/<org_name>/clients/<node_name>'

Lambda offers Python, JavaScript, Java, and C#, though actually it does not offer bash so curl is not an option there. PyChef does work on Lambda’s Python mode, not sure about the others (though I would have no reason to suspect they wouldn’t work).

There are some examples of doing the signing protocol from shell scripts floating around but really really don’t use that for anything serious. Those examples are just illustrations for clarity.

Here is a script for Lambda a colleague of mine wrote for removing
nodes/clients from a chef-server when the EC2 instance terminated. Maybe
that will serve as a good example?

Thanks very much for sharing that, Nathan! I’ll pass it on to my coworker who has the same use case.