verify_none is being ignore on an add_machine_options call


#1

The problem I am encountering is the ssl_verify_mode is not being set to verify_none even though that is what is passed to the Machine resource using the add_machine_options function.

The machine resource statement below uses add_machine_options twice to specify the necessary options to provision an AWS image. This code was patterned after some of the sample code in the Chef Delivery tutorial

The first call uses the results of this code segment.

        # Decrypt the SSH private key Chef provisioning uses to connect to the machine and save the key to disk.
     ssh_key = encrypted_data_bag_item_for_environment('provisioning-data', 'ssh_key')
     ssh_private_key_path = File.join(node['delivery']['workspace']['cache'], '.ssh')

The second call used the result of this code segment.

         # Fetch the topology.json from the topology database on the Chef server
      topology = Chef::DataBagItem.load("topologies", topology_name)

        # Extract the machine options for this topology...
      machine_options = topology['provisioning']['aws']['config']['machine_options']

The topologies data bag contains the following JSON:

"provisioning": {
    "aws": {
      "config": {
        "machine_options": {
          "transport_address_location": "public_ip",
          "ssh_username": "ubuntu",
          "image_id": "ami-c94856a8",
          "convergence_options": {
            "ssl_verify_mode": "verify_none"
          },
          "bootstrap_options": {
            "subnet_id": "subnet-bb898bcf",
            "security_group_ids": [
              "sg-ecaf5b89"
            ],
            "instance_type": "t2.micro"
          }
        }
      }
    }
  }

It is the “convergence_options”: {“ssl_verify_mode”: “verify_none” } that is not being processed when the following machine resource statement is being processed.

        # Allocate a machine in AWS for each node in the topology using machine_options 
      topology['nodes'].each do | node_details |    
          # Ensure that the machine exists, is bootstrapped, has the correct run-list, and is ready to run chef-client.
          machine "#{node_details['node_type']}-#{topology_name}" do
            action [:setup]
            chef_environment topology_name
            attributes node_details['normal']
            converge false
            
            run_list node_details['run_list']
            add_machine_options bootstrap_options: {
              key_name: ssh_key['name'],
              key_path: ssh_private_key_path,
            }
            add_machine_options machine_options
          end
      end   

One possible problem is that the merge done by the second add_machine_options statement is not merging the two different source together properly.

Any insights or suggestions would be greatly appreciated.

Sweitz


#2

Hi Sweitz,

I would like you to try doing the merge outside the machine resource and just add one add_machine_options. Also validate that the machine_options variable is getting the right values from the data bag. If this doesn’t work then let us know what version of chef-provisioning and chef-provisioning-aws are you using.

Thanks


#3

Afiune,

Sometimes fresh eyes make a big difference. When attempting to do the merge outside of the machine resource I noticed that the hashes from the databag where strings ( for example, “ssh_username”). Before doing the merge outside of the machine resource I mapped the content of the databag into a Ruby structure the resulted in the string hashes being mapped into Ruby variables. I then ran the machine resource with the two add_machine_options and it worked great!

Thanks for looking at my problem. I can now continue exploring Chef Delivery.

Sweitz


#4

Fantastic! Have a wonderful week…