search

chef / cheffish

Resources and tools for testing and interacting with Chef and Chef Server.
Apache License 2.0
38 stars 28 forks source link

Chef::Config.ssl_verify_mode :verify_none doesn't get passed on the Cheffish::ServerApi #105

Open aespinosa opened 8 years ago

aespinosa commented 8 years ago

The documented workaround in #37 doesn't seem to get passed through the HTTP client.

I posted a wrapper cookbook against the chef-server cookbook to bootstrap users (and organizations eventually) in https://gist.github.com/aespinosa/62bf4801ac570ab76f47a644b793b194

I have done various ways of adding ssl_verify_mode and none seem to work. So far I have tried the following

  1. put Chef::Config.ssl_verify_mode inside a ruby_block
  2. put the whole chef_server parameter inside a lazy { Chef::Config.ssl_verify_mode ... } block
lamont-granquist commented 7 years ago

So we need to rip Cheffish::ServerApi out and come up with a better solution to properly injecting config into Chef::ServerApi and Chef::HTTP and friends

aespinosa commented 6 years ago

This workaround seems to satisfy my needs. I basically added the freshly configured chef-server's certificate to the chef-client trusted certificate store.

execute 'download chefserver certs' do
  command "knife ssl fetch -c #{Chef::Config.config_file} https://#{node['fqdn']}"
  creates "#{Chef::Config.config_dir}/trusted_certs"
end

chef_user 'foo' do
  chef_server "https://#{node['fqdn']}"
   # ...
end