Setting custom chef_client config during kitchen runs

gdurand · October 3, 2017, 3:42pm

I’m trying to disable SSL verification during kitchen runs, by setting attributes as defined in the kitchen.yml doc.

suites:
  - name: default
    ...
    attributes:
      chef_client:
        config:
          ssl_verify_mode: ":verify_peer"

This does not seem to produce any effect, as my http_request resources still fail with “SSL_connect returned=1 errno=0 state=error: certificate verify failed”.
If I look at /tmp/kitchen/client.rb, I can see that my settings are not present.
If I use the recipe chef_client::config, a file /etc/chef/client.rb is created with my settings, but obviously the requests still fail.

Is there really a way to customize the client.rb used on kitchen runs?

BTW, my real need is to disable SSL verification on http_request only, but it does not seem to be possible.

cheeseplus · October 3, 2017, 11:54pm

There is a key that you can set under the Provisioner settings called client_rb or solo_rb (1) where you can set any arbitrary client/solo.rb setting. Setting this in attributes will still require chef-client to start and apply it during a run as opposed to setting it prior to the run.

gravesb · October 4, 2017, 7:11pm

If you’re trying to disable SSL verification, you’re going to want to set the value to :verify_none instead of :verify_peer.

Topic		Replies	Views
If I've installed Chef as a gem where do I apply the :ssl_verify_mode config setting Chef Infra (archive)	2	298	May 7, 2014
Ssl on chef server Chef Infra (archive)	0	442	December 18, 2017
SSL error running workstation/client commands to hosted server Chef Infra (archive)	3	1111	August 9, 2013
Unknown proxy scheme `https' Chef Infra (archive)	1	2459	March 19, 2017
Registering chef client manually to chef server getting SSL error Chef Infra (archive)	1	625	October 3, 2017

Setting custom chef_client config during kitchen runs

Related Topics