Previously, groups were granted launch permissions by submitting a
ModifyImageAttribute request with the UserGroups parameter set
appropriately. This is no longer valid, as the LaunchPermission
parameter must be set.
Since the chef-client provisioner is cleaning the node and client at the chef-server from the provisioned node
it needs to have a flexible configuration
This is replacing the used knife flags: -s '<chef-server-url>' -k '/tmp/packer-chef-client/client.pem' -u '<client-name>'
and puts their values into a generated knife.rb
Additionally the knife.rb may include the optional ssl_verify_mode attribute to enable the verify mode verify_none
Background:
When deleting node and client to a self-hosted chef-server using self signed cerfiticates the usage of
knife node delete <node-name> -y -s '<chef-server-url>' -k '/tmp/packer-chef-client/client.pem' -u '<client-name>'
will lead into a ssl verification failure.
The error output of the knife call is somthing like:
2015/06/24 12:29:17 ui: docker: WARNING: No knife configuration file found
docker: WARNING: No knife configuration file found
2015/06/24 12:29:17 ui: docker: ERROR: SSL Validation failure connecting to host: 172.16.117.63 - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B:
certificate verify failed
docker: ERROR: SSL Validation failure connecting to host: 172.16.117.63 - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
2015/06/24 12:29:17 ui: docker: ERROR: Could not establish a secure connection to the server.
docker: ERROR: Could not establish a secure connection to the server.
2015/06/24 12:29:17 ui: docker: Use 'knife ssl check' to troubleshoot your SSL configuration.
docker: Use 'knife ssl check' to troubleshoot your SSL configuration.
2015/06/24 12:29:17 ui: docker: If your Chef Server uses a self-signed certificate, you can use
docker: If your Chef Server uses a self-signed certificate, you can use
2015/06/24 12:29:17 ui: docker: 'knife ssl fetch' to make knife trust the server's certificates.
docker: 'knife ssl fetch' to make knife trust the server's certificates.
2015/06/24 12:29:17 ui: docker:
docker:
2015/06/24 12:29:17 ui: docker: Original Exception: OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
docker: Original Exception: OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
2015/06/24 12:29:17 packer-builder-docker: 2015/06/24 12:29:17 Executed command exit status: 100
This updates the example for adding DigitalOcean
as a provider in the beginning tutorial. It looks
like it hadn't been updated in some time, and
was using old settings. I've updated it and
confirmed it works.