Merge pull request #5790 from GennadySpb/trusted_certs_dir
Support 'trusted_certs_dir' chef-client configuration option
This commit is contained in:
Matthew Hooker
GitHub
commit
4bccbbba1f
|
|
@ -63,6 +63,7 @@ type Config struct {
|
|||
SkipCleanNode bool `mapstructure:"skip_clean_node"`
|
||||
SkipInstall bool `mapstructure:"skip_install"`
|
||||
SslVerifyMode string `mapstructure:"ssl_verify_mode"`
|
||||
TrustedCertsDir string `mapstructure:"trusted_certs_dir"`
|
||||
StagingDir string `mapstructure:"staging_directory"`
|
||||
ValidationClientName string `mapstructure:"validation_client_name"`
|
||||
ValidationKeyPath string `mapstructure:"validation_key_path"`
|
||||
|
|
@ -83,6 +84,7 @@ type ConfigTemplate struct {
|
|||
NodeName string
|
||||
ServerUrl string
|
||||
SslVerifyMode string
|
||||
TrustedCertsDir string
|
||||
ValidationClientName string
|
||||
ValidationKeyPath string
|
||||
}
|
||||
|
|
@ -268,7 +270,8 @@ func (p *Provisioner) Provision(ui packer.Ui, comm packer.Communicator) error {
|
|||
remoteValidationKeyPath,
|
||||
p.config.ValidationClientName,
|
||||
p.config.ChefEnvironment,
|
||||
p.config.SslVerifyMode)
|
||||
p.config.SslVerifyMode,
|
||||
p.config.TrustedCertsDir)
|
||||
if err != nil {
|
||||
return fmt.Errorf("Error creating Chef config file: %s", err)
|
||||
}
|
||||
|
|
@ -283,7 +286,7 @@ func (p *Provisioner) Provision(ui packer.Ui, comm packer.Communicator) error {
|
|||
if !(p.config.SkipCleanNode && p.config.SkipCleanClient) {
|
||||
|
||||
knifeConfigPath, knifeErr := p.createKnifeConfig(
|
||||
ui, comm, nodeName, serverUrl, p.config.ClientKey, p.config.SslVerifyMode)
|
||||
ui, comm, nodeName, serverUrl, p.config.ClientKey, p.config.SslVerifyMode, p.config.TrustedCertsDir)
|
||||
|
||||
if knifeErr != nil {
|
||||
return fmt.Errorf("Error creating knife config on node: %s", knifeErr)
|
||||
|
|
@ -341,7 +344,8 @@ func (p *Provisioner) createConfig(
|
|||
remoteKeyPath string,
|
||||
validationClientName string,
|
||||
chefEnvironment string,
|
||||
sslVerifyMode string) (string, error) {
|
||||
sslVerifyMode string,
|
||||
trustedCertsDir string) (string, error) {
|
||||
|
||||
ui.Message("Creating configuration file 'client.rb'")
|
||||
|
||||
|
|
@ -371,6 +375,7 @@ func (p *Provisioner) createConfig(
|
|||
ValidationClientName: validationClientName,
|
||||
ChefEnvironment: chefEnvironment,
|
||||
SslVerifyMode: sslVerifyMode,
|
||||
TrustedCertsDir: trustedCertsDir,
|
||||
EncryptedDataBagSecretPath: encryptedDataBagSecretPath,
|
||||
}
|
||||
configString, err := interpolate.Render(tpl, &ctx)
|
||||
|
|
@ -386,7 +391,7 @@ func (p *Provisioner) createConfig(
|
|||
return remotePath, nil
|
||||
}
|
||||
|
||||
func (p *Provisioner) createKnifeConfig(ui packer.Ui, comm packer.Communicator, nodeName string, serverUrl string, clientKey string, sslVerifyMode string) (string, error) {
|
||||
func (p *Provisioner) createKnifeConfig(ui packer.Ui, comm packer.Communicator, nodeName string, serverUrl string, clientKey string, sslVerifyMode string, trustedCertsDir string) (string, error) {
|
||||
ui.Message("Creating configuration file 'knife.rb'")
|
||||
|
||||
// Read the template
|
||||
|
|
@ -394,10 +399,11 @@ func (p *Provisioner) createKnifeConfig(ui packer.Ui, comm packer.Communicator,
|
|||
|
||||
ctx := p.config.ctx
|
||||
ctx.Data = &ConfigTemplate{
|
||||
NodeName: nodeName,
|
||||
ServerUrl: serverUrl,
|
||||
ClientKey: clientKey,
|
||||
SslVerifyMode: sslVerifyMode,
|
||||
NodeName: nodeName,
|
||||
ServerUrl: serverUrl,
|
||||
ClientKey: clientKey,
|
||||
SslVerifyMode: sslVerifyMode,
|
||||
TrustedCertsDir: trustedCertsDir,
|
||||
}
|
||||
configString, err := interpolate.Render(tpl, &ctx)
|
||||
if err != nil {
|
||||
|
|
@ -685,6 +691,9 @@ environment "{{.ChefEnvironment}}"
|
|||
{{if ne .SslVerifyMode ""}}
|
||||
ssl_verify_mode :{{.SslVerifyMode}}
|
||||
{{end}}
|
||||
{{if ne .TrustedCertsDir ""}}
|
||||
trusted_certs_dir "{{.TrustedCertsDir}}"
|
||||
{{end}}
|
||||
`
|
||||
|
||||
var DefaultKnifeTemplate = `
|
||||
|
|
@ -696,4 +705,7 @@ node_name "{{.NodeName}}"
|
|||
{{if ne .SslVerifyMode ""}}
|
||||
ssl_verify_mode :{{.SslVerifyMode}}
|
||||
{{end}}
|
||||
{{if ne .TrustedCertsDir ""}}
|
||||
trusted_certs_dir "{{.TrustedCertsDir}}"
|
||||
{{end}}
|
||||
`
|
||||
|
|
|
|||
|
|
@ -105,6 +105,11 @@ configuration is actually required.
|
|||
SSL certificates. If not set, this defaults to "verify\_peer" which validates
|
||||
all SSL certifications.
|
||||
|
||||
- `trusted_certs_dir` (string) - This is a directory that contains additional
|
||||
SSL certificates to trust. Any certificates in this directory will be added to
|
||||
whatever CA bundle ruby is using. Use this to add self-signed certs for your
|
||||
Chef Server or local HTTP file servers.
|
||||
|
||||
- `staging_directory` (string) - This is the directory where all the
|
||||
configuration of Chef by Packer will be placed. By default this is
|
||||
"/tmp/packer-chef-client" when guest\_os\_type unix and
|
||||
|
|
@ -158,6 +163,9 @@ environment "{{.ChefEnvironment}}"
|
|||
{{if ne .SslVerifyMode ""}}
|
||||
ssl_verify_mode :{{.SslVerifyMode}}
|
||||
{{end}}
|
||||
{{if ne .TrustedCertsDir ""}}
|
||||
trusted_certs_dir :{{.TrustedCertsDir}}
|
||||
{{end}}
|
||||
```
|
||||
|
||||
This template is a [configuration
|
||||
|
|
@ -170,6 +178,7 @@ variables available to use:
|
|||
- `NodeName` - The node name set in the configuration.
|
||||
- `ServerUrl` - The URL of the Chef Server set in the configuration.
|
||||
- `SslVerifyMode` - Whether Chef SSL verify mode is on or off.
|
||||
- `TrustedCertsDir` - Path to dir with trusted certificates.
|
||||
- `ValidationClientName` - The name of the client used for validation.
|
||||
- `ValidationKeyPath` - Path to the validation key, if it is set.
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue