cheffish icon indicating copy to clipboard operation
cheffish copied to clipboard

Published 20 hours ago verified publisher icon chef

Chef::Config.ssl_verify_mode :verify_none doesn't get passed on the Cheffish::ServerApi

Open aespinosa opened this issue 8 years ago • 2 comments

The documented workaround in #37 doesn't seem to get passed through the HTTP client.

I posted a wrapper cookbook against the chef-server cookbook to bootstrap users (and organizations eventually) in https://gist.github.com/aespinosa/62bf4801ac570ab76f47a644b793b194

I have done various ways of adding ssl_verify_mode and none seem to work. So far I have tried the following

  1. put Chef::Config.ssl_verify_mode inside a ruby_block
  2. put the whole chef_server parameter inside a lazy { Chef::Config.ssl_verify_mode ... } block

aespinosa avatar Apr 21 '16 00:04 aespinosa

So we need to rip Cheffish::ServerApi out and come up with a better solution to properly injecting config into Chef::ServerApi and Chef::HTTP and friends

lamont-granquist avatar Dec 07 '16 18:12 lamont-granquist

This workaround seems to satisfy my needs. I basically added the freshly configured chef-server's certificate to the chef-client trusted certificate store.

execute 'download chefserver certs' do
  command "knife ssl fetch -c #{Chef::Config.config_file} https://#{node['fqdn']}"
  creates "#{Chef::Config.config_dir}/trusted_certs"
end


chef_user 'foo' do
  chef_server "https://#{node['fqdn']}"
   # ...
end

aespinosa avatar Aug 11 '18 19:08 aespinosa