Setting custom chef_client config during kitchen runs

gdurand · October 3, 2017, 3:42pm

I’m trying to disable SSL verification during kitchen runs, by setting attributes as defined in the kitchen.yml doc.

suites:
  - name: default
    ...
    attributes:
      chef_client:
        config:
          ssl_verify_mode: ":verify_peer"

This does not seem to produce any effect, as my http_request resources still fail with “SSL_connect returned=1 errno=0 state=error: certificate verify failed”.
If I look at /tmp/kitchen/client.rb, I can see that my settings are not present.
If I use the recipe chef_client::config, a file /etc/chef/client.rb is created with my settings, but obviously the requests still fail.

Is there really a way to customize the client.rb used on kitchen runs?

BTW, my real need is to disable SSL verification on http_request only, but it does not seem to be possible.

cheeseplus · October 3, 2017, 11:54pm

There is a key that you can set under the Provisioner settings called client_rb or solo_rb (1) where you can set any arbitrary client/solo.rb setting. Setting this in attributes will still require chef-client to start and apply it during a run as opposed to setting it prior to the run.

gravesb · October 4, 2017, 7:11pm

If you’re trying to disable SSL verification, you’re going to want to set the value to :verify_none instead of :verify_peer.

Topic		Replies	Views
If I've installed Chef as a gem where do I apply the :ssl_verify_mode config setting Chef Infra (archive)	2	326	May 7, 2014
Ssl on chef server Chef Infra (archive)	0	480	December 18, 2017
Kitchen converge returns OpenSSL::SSL::SSLError: SSL_connect Chef Infra (archive)	5	3656	May 25, 2016
Test Kitchen SSL error during Chef Client install Chef Infra (archive)	4	2225	November 24, 2017
SSL error running workstation/client commands to hosted server Chef Infra (archive)	3	1164	August 9, 2013

Setting custom chef_client config during kitchen runs

Related topics