Setting custom chef_client config during kitchen runs


#1

I’m trying to disable SSL verification during kitchen runs, by setting attributes as defined in the kitchen.yml doc.

suites:
  - name: default
    ...
    attributes:
      chef_client:
        config:
          ssl_verify_mode: ":verify_peer"

This does not seem to produce any effect, as my http_request resources still fail with “SSL_connect returned=1 errno=0 state=error: certificate verify failed”.
If I look at /tmp/kitchen/client.rb, I can see that my settings are not present.
If I use the recipe chef_client::config, a file /etc/chef/client.rb is created with my settings, but obviously the requests still fail.

Is there really a way to customize the client.rb used on kitchen runs?

BTW, my real need is to disable SSL verification on http_request only, but it does not seem to be possible.


#2

There is a key that you can set under the Provisioner settings called client_rb or solo_rb (1) where you can set any arbitrary client/solo.rb setting. Setting this in attributes will still require chef-client to start and apply it during a run as opposed to setting it prior to the run.


#3

If you’re trying to disable SSL verification, you’re going to want to set the value to :verify_none instead of :verify_peer.