Information Technology Reference
In-Depth Information
Adding certificate for default-centos65.vagrantup.com in /Users/misheska
/learningchef/chef-repo/.chef/trusted_certs/default-centos65_vagrantup_com.crt
Run
knife ssl check
one final time, and it should verify successfully. If not, double-check
to make sure the local hosts entry is correct, and that the hostname matched the expected
name/IP when you ran
knife ssl check
in the previous step:
$
knife ssl check
Connecting to host default-centos65.vagrantup.com:443
Successfully verified certificates from `default-centos65.vagrantup.com'
Configure Chef-Client to Use a Production SSL Setup
The
chef-client
cookbook includes a recipe
chef-client::config
, which can be used to
automatically generate the
/etc/chef/client.rb
config file with the SSL settings we need. In
this way you can automate the configuration of SSL on your nodes.
Log in to the node and check the
/etc/chef/client.rb
file. The
client.rb
file was created to con-
figure
chef-client
settings when you ran
knife bootstrap
on the node. Notice that it re-
sembles the following. Make sure you log back out to the exist prompt when you are done.
$
kitchen login
Last login: Sat Aug 16 09:06:12 2014 from 10.0.2.2
Welcome to your Packer-built virtual machine.
[vagrant@node-centos65 ~]$
cat /etc/chef/client.rb
log_location STDOUT
chef_server_url
"https://default-centos65.vagrantup.com/organizations/learningchef"
validation_client_name "learningchef-validator"
# Using default node name (fqdn)
[vagrant@node-centos65 ~]$
exit
logout
Connection to 127.0.0.1 closed.
In order to enable verification of the SSL certificate on the server, we need to add the follow-
ing setting to
/etc/chef/client.rb
(the default setting is
:verify_none
):