Add --openssl-fips to knife bootstrap

author: Jay Mundrawala <jdmundrawala@gmail.com> 2016-01-19 09:27:46 -0800
committer: Jay Mundrawala <jdmundrawala@gmail.com> 2016-01-25 09:52:41 -0800
commit: 701410038fc9f5abc5383843495671461a7490b2 (patch)
tree: 2cedab397ea1f3cb65dceea003544afda90d8745
parent: 8dc7e055ed65453081e60b74b461a2f67c3ec009 (diff)
download: chef-701410038fc9f5abc5383843495671461a7490b2.tar.gz
2 files changed, 9 insertions, 0 deletions
diff --git a/lib/chef/knife/bootstrap.rb b/lib/chef/knife/bootstrap.rb
index 23ec98e563..3816857c46 100644
--- a/lib/chef/knife/bootstrap.rb
+++ b/lib/chef/knife/bootstrap.rb
@@ -250,6 +250,11 @@ class Chef
           Chef::Config[:knife][:bootstrap_vault_item]
         }
 
+      option :openssl_fips,
+        :long => "--openssl-fips",
+        :description => "Set openssl to run in fips mode",
+        :boolean => true
+
       def initialize(argv=[])
         super
         @client_builder = Chef::Knife::Bootstrap::ClientBuilder.new(
diff --git a/lib/chef/knife/core/bootstrap_context.rb b/lib/chef/knife/core/bootstrap_context.rb
index b0a759dd05..e530d115d7 100644
--- a/lib/chef/knife/core/bootstrap_context.rb
+++ b/lib/chef/knife/core/bootstrap_context.rb
@@ -120,6 +120,10 @@ validation_client_name "#{@chef_config[:validation_client_name]}"
             client_rb << %Q{trusted_certs_dir "/etc/chef/trusted_certs"\n}
           end
 
+          if @config[:openssl_fips]
+            client_rb << %Q{openssl_fips true\n}
+          end
+
           client_rb
         end
author	Jay Mundrawala <jdmundrawala@gmail.com>	2016-01-19 09:27:46 -0800
committer	Jay Mundrawala <jdmundrawala@gmail.com>	2016-01-25 09:52:41 -0800
commit	701410038fc9f5abc5383843495671461a7490b2 (patch)
tree	2cedab397ea1f3cb65dceea003544afda90d8745
parent	8dc7e055ed65453081e60b74b461a2f67c3ec009 (diff)
download	chef-701410038fc9f5abc5383843495671461a7490b2.tar.gz