Test Kitchen SSL error during Chef Client install


#1

Since beginning to work with Chef, I have struggled to get Test Kitchen going on my work laptop due to the various network devices I traverse to get to the Internet.
However I am attempting to revisit it once again and hitting a wall. I am trying to go thru the basics of one of the lesson’s on Chef Rally to just try to get something basic stood up.
I was able to get past any SSL related errors associated to Berkshelf, but when I run a kitchen converge, I am getting an SSL error when trying to download/install the Chef Client inside the Kitchen.
-----> Installing Chef Omnibus (install only if missing)
_ There was an error:_
_ Exception calling “DownloadString” with “1” argument(s): “The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.”_
_ The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel._
_ The remote certificate is invalid according to the validation procedure._

Here is the current .kitchen.yml I am trying:

driver:
name: vagrant
boot_timeout: 1200
gui: false

provisioner:
name: chef_zero

verifier:
name: inspec

transport:
name: winrm
elevated: true
username: Administrator
password: Pass@word1

platforms:

  • name: windows-2012R2
    driver:
    customize:
    memory: 2048

suites:

  • name: default
    run_list:
    • recipe[learn_chef_iis::default]
      verifier:
      inspec_tests:
      • test/smoke/default
        attributes:
        chef_client:
        config:
        ssl_verify_mode: “:verify_none”

What am I missing to get the Chef client install to disable SSL verification when trying to do a Kitchen Converge?

Thanks


#2

I also struggled to get this working using Vagrant/VBox. I ultimately got it working after many struggles, but can’t recall all of the steps I took to finally get it working. Since you seem to be working on the Windows side, I would strongly encourage leveraging Hyper-V along with the test kitchen driver of the same name. I found this to be much easier to work with than using the Vagrant approach.


#3

This issue has to do with an expired cert/deployment problem on our end and not much to do with kitchen or vagrant. This is currently being investigated.


#4

Is this the issue you eluded too Seth?

This appears to now be resolved if so and I am still having an issue, so I am trying to judge if this is still an issue with my configuration or not.
thanks


#5

Yes, that particular issue was a point in time issue - if you need more active assistance I’d suggest joining us in the Community Slack