Information Technology Reference
In-Depth Information
On the node, SSL verification is controlled through settings in the file
/etc/chef/client.rb
, the
file that configures
chef-client
. You can enable this setting by setting attributes in the
chef-client
cookbook. Nearly everything in the
chef-client
cookbook is controllable
through attributes.
COOKBOOKS SHOULD CHANGE BEHAVIOR BASED ON ATTRIBUTES
Well-written cookbooks change behavior based on attributes. Ideally, you shouldn't have to modi-
fy the contents of a cookbook to accommodate your needs.
Look at the attributes directory for things you can override to change the behavior of a cookbook.
Well-written cookbook also have sane defaults, and a
README.md
file to describe how the at-
tributes influence cookbook behavior.
SSL setups can be quite complex to set up. So it is recommended that you first validate the
setup with
knife
on your development workstation, before trying to configure your nodes to
use verified SSL connections. Let's do that now. We'll use a simple setup that makes use of
You will need to make sure that Chef Server is configured to use a certificate you intend to
be used to verify communication over HTTPS. By default, Chef Server automatically gener-
ates a self-signed certificate during the installation. If you want to use the self-signed certific-
ate, everything is already set up for you. In this exercise, we'll use the self-signed certificate.
NOTE
Refer to the
Chef documentation
for more information on how to configure ChefServer
with a certificate authority-verified certificate.
Also, a Chef community member, Mislav Marohnić, wrote an
excellent blog post on
Once the certificate is configured on Chef Server, run
knife ssl check
on your develop-
ment workstation to find out what you need to do next. You should see output similar to the
following:
