在廚房內禁用廚師/ Berks SSL驗證

Question

在運行廚房測試時，VirtualBox VM內的廚師客戶端不接受我的廚師服務器的自簽名證書。

$ bundle exec kitchen converge default-windows-2008r2 
-----> Starting Kitchen (v1.17.0) 
-----> Converging <default-windows-2008r2>... 
     Preparing files for transfer 
     Preparing dna.json 
     Resolving cookbook dependencies with Berkshelf 4.2.0... 
Using compat_resource (12.19.0) 
Installing cron (4.1.3) from http://berksapi.mycompany.com/ ([chef_server] https://chef.mycompany.com:443/organizations/devops) 
Installing logentries-windows (0.2.2) from http://berksapi.mycompany.com/ ([chef_server] https://chef.mycompany.com:443/organizations/devops) 

>>>>>> ------Exception------- 
>>>>>> Class: Kitchen::ActionFailed 
>>>>>> Message: 1 actions failed. 
>>>>>>  Failed to complete #converge action: [SSL_connect returned=1 errno=0 state=error: certificate verify failed] on default-windows-2008r2 
>>>>>> ---------------------- 
>>>>>> Please see .kitchen/logs/kitchen.log for more details 
>>>>>> Also try running `kitchen diagnose --all` for configuration 

Installing logrotate (2.2.0) from http://berksapi.mycompany.com/ ([chef_server] https://chef.mycompany.com:443/organizations/devops) 
Using mingw (2.0.1) 
Installing omnibus_updater (3.0.2) from http://berksapi.mycompany.com/ ([chef_server] https://chef.mycompany.com:443/organizations/devops) 
Installing ohai (5.2.0) from http://berksapi.mycompany.com/ ([chef_server] https://chef.mycompany.com:443/organizations/devops) 

$ echo $? 
20 

我的工作站的伯克斯配置已經擁有SSL驗證禁用：

$ cat ~/.berkshelf/config.json 
{ 
    "ssl":{ 
    "verify": false 
    } 
} 

我也試着設置廚師屬性禁用驗證：

# .kitchen.yml 
suites: 
    - name: default 
    attributes: 
     chef_client: 
     config: 
      ssl_verify_mode: ":verify_none" 

Answer 1

如果你更新到新版本的Berkshelf（4.2.0約18個月大）我們已經修復了大部分東西，使用與Chef本身相同的.chef/trusted_certs/文件夾，這可能會解決此問題而無需禁用驗證。