在测试厨房中禁用 Chef/Berks SSL 验证
Disable Chef/Berks SSL verification inside test kitchen
运行 测试厨房时,VirtualBox VM 中的 Chef 客户端不接受我的 Chef 服务器的自签名证书。
$ bundle exec kitchen converge default-windows-2008r2
-----> Starting Kitchen (v1.17.0)
-----> Converging <default-windows-2008r2>...
Preparing files for transfer
Preparing dna.json
Resolving cookbook dependencies with Berkshelf 4.2.0...
Using compat_resource (12.19.0)
Installing cron (4.1.3) from http://berksapi.mycompany.com/ ([chef_server] https://chef.mycompany.com:443/organizations/devops)
Installing logentries-windows (0.2.2) from http://berksapi.mycompany.com/ ([chef_server] https://chef.mycompany.com:443/organizations/devops)
>>>>>> ------Exception-------
>>>>>> Class: Kitchen::ActionFailed
>>>>>> Message: 1 actions failed.
>>>>>> Failed to complete #converge action: [SSL_connect returned=1 errno=0 state=error: certificate verify failed] on default-windows-2008r2
>>>>>> ----------------------
>>>>>> Please see .kitchen/logs/kitchen.log for more details
>>>>>> Also try running `kitchen diagnose --all` for configuration
Installing logrotate (2.2.0) from http://berksapi.mycompany.com/ ([chef_server] https://chef.mycompany.com:443/organizations/devops)
Using mingw (2.0.1)
Installing omnibus_updater (3.0.2) from http://berksapi.mycompany.com/ ([chef_server] https://chef.mycompany.com:443/organizations/devops)
Installing ohai (5.2.0) from http://berksapi.mycompany.com/ ([chef_server] https://chef.mycompany.com:443/organizations/devops)
$ echo $?
20
我工作站的 Berks 配置已禁用 SSL 验证:
$ cat ~/.berkshelf/config.json
{
"ssl":{
"verify": false
}
}
我也试过设置 Chef 属性来禁用验证:
# .kitchen.yml
suites:
- name: default
attributes:
chef_client:
config:
ssl_verify_mode: ":verify_none"
如果您更新到较新版本的 Berkshelf(4.2.0 大约 18 个月大),我们已经修复了大部分内容,以使用与 Chef 本身相同的 .chef/trusted_certs/ 文件夹,这可能会解决此问题无需禁用验证。
运行 测试厨房时,VirtualBox VM 中的 Chef 客户端不接受我的 Chef 服务器的自签名证书。
$ bundle exec kitchen converge default-windows-2008r2
-----> Starting Kitchen (v1.17.0)
-----> Converging <default-windows-2008r2>...
Preparing files for transfer
Preparing dna.json
Resolving cookbook dependencies with Berkshelf 4.2.0...
Using compat_resource (12.19.0)
Installing cron (4.1.3) from http://berksapi.mycompany.com/ ([chef_server] https://chef.mycompany.com:443/organizations/devops)
Installing logentries-windows (0.2.2) from http://berksapi.mycompany.com/ ([chef_server] https://chef.mycompany.com:443/organizations/devops)
>>>>>> ------Exception-------
>>>>>> Class: Kitchen::ActionFailed
>>>>>> Message: 1 actions failed.
>>>>>> Failed to complete #converge action: [SSL_connect returned=1 errno=0 state=error: certificate verify failed] on default-windows-2008r2
>>>>>> ----------------------
>>>>>> Please see .kitchen/logs/kitchen.log for more details
>>>>>> Also try running `kitchen diagnose --all` for configuration
Installing logrotate (2.2.0) from http://berksapi.mycompany.com/ ([chef_server] https://chef.mycompany.com:443/organizations/devops)
Using mingw (2.0.1)
Installing omnibus_updater (3.0.2) from http://berksapi.mycompany.com/ ([chef_server] https://chef.mycompany.com:443/organizations/devops)
Installing ohai (5.2.0) from http://berksapi.mycompany.com/ ([chef_server] https://chef.mycompany.com:443/organizations/devops)
$ echo $?
20
我工作站的 Berks 配置已禁用 SSL 验证:
$ cat ~/.berkshelf/config.json
{
"ssl":{
"verify": false
}
}
我也试过设置 Chef 属性来禁用验证:
# .kitchen.yml
suites:
- name: default
attributes:
chef_client:
config:
ssl_verify_mode: ":verify_none"
如果您更新到较新版本的 Berkshelf(4.2.0 大约 18 个月大),我们已经修复了大部分内容,以使用与 Chef 本身相同的 .chef/trusted_certs/ 文件夹,这可能会解决此问题无需禁用验证。