Change the chef-server certificate to use the bootstrap IP as the CN. This allows us to enable certificate verification in the chef-client.
For existing clusters, the upgrade procedure would be:
Update /etc/chef-server/chef-server.rb
run sudo chef-server-ctl reconfigure
Reference content of /etc/chef-server/chef-server.rb from the PR:
chef_server_webui['enable'] = false
# So that we have a proper CN with the bootstrap IP
# node['ipaddress'] is enough for a physical bootstrap.
# Needed for Vagrant + Virtualbox because the default route is to the NAT
# device.
eth1 = node['network']['interfaces']['eth1']['addresses']
nginx['server_name'] = eth1.detect { |_, v| v['family'] == 'inet' }.first
nginx['enable_non_ssl'] = false
nginx['non_ssl_port'] = 4000
# Configure Solr to index right away when we a new node.
# Reference: https://docs.chef.io/config_rb_server.html#opscode-solr4
# Called opscode_solr4 in chef-server 12+
chef_solr['max_commit_docs'] = 1
# we can take about 45 minutes to Chef the first machine when running on VMs
# so follow tuning from CHEF-4253
erchef['s3_url_ttl'] = 3600
Small cleanup.
Change the chef-server certificate to use the bootstrap IP as the CN. This allows us to enable certificate verification in the chef-client.
For existing clusters, the upgrade procedure would be:
/etc/chef-server/chef-server.rbsudo chef-server-ctl reconfigureReference content of
/etc/chef-server/chef-server.rbfrom the PR: