diff options
| author | Serdar Sutay <serdar@opscode.com> | 2014-08-28 13:51:08 -0700 |
|---|---|---|
| committer | Serdar Sutay <serdar@opscode.com> | 2014-08-28 13:51:08 -0700 |
| commit | f0cc9ee51c50fb5f896b329d243ec273a65ff14a (patch) | |
| tree | f080d2a38c9b42134c42d8db456ee1057d59be78 /lib | |
| parent | 395534b88d54e6ec57eadfaab81c736c688e7938 (diff) | |
| parent | 753e7162f6fb2e45cd6082c3b58ebc41cd1c01a0 (diff) | |
| download | chef-f0cc9ee51c50fb5f896b329d243ec273a65ff14a.tar.gz | |
Merge pull request #1895 from opscode/mcquin/CHEF-5282
Add --ssl-verify-mode and --[no-]verify-api-cert options.
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/chef/knife/bootstrap.rb | 16 | ||||
| -rw-r--r-- | lib/chef/knife/core/bootstrap_context.rb | 30 |
2 files changed, 46 insertions, 0 deletions
diff --git a/lib/chef/knife/bootstrap.rb b/lib/chef/knife/bootstrap.rb index cf4f3c7a0c..36a0fc1e47 100644 --- a/lib/chef/knife/bootstrap.rb +++ b/lib/chef/knife/bootstrap.rb @@ -188,6 +188,21 @@ class Chef :description => "Add options to curl when install chef-client", :proc => Proc.new { |co| Chef::Config[:knife][:bootstrap_curl_options] = co } + option :node_ssl_verify_mode, + :long => "--node-ssl-verify-mode [peer|none]", + :description => "Whether or not to verify the SSL cert for all HTTPS requests.", + :proc => Proc.new { |v| + valid_values = ["none", "peer"] + unless valid_values.include?(v) + raise "Invalid value '#{v}' for --node-ssl-verify-mode. Valid values are: #{valid_values.join(", ")}" + end + } + + option :node_verify_api_cert, + :long => "--[no-]node-verify-api-cert", + :description => "Verify the SSL cert for HTTPS requests to the Chef server API.", + :boolean => true + def bootstrap_template # For some reason knife.merge_configs doesn't pick up the default values from # Chef::Config[:knife][:bootstrap_template] unless Chef::Config[:knife][:bootstrap_template] @@ -204,6 +219,7 @@ class Chef if File.exists?(template) Chef::Log.debug("Using the specified bootstrap template: #{File.dirname(template)}") return template + end # Otherwise search the template directories until we find the right one diff --git a/lib/chef/knife/core/bootstrap_context.rb b/lib/chef/knife/core/bootstrap_context.rb index 0fdd77594a..12d422a162 100644 --- a/lib/chef/knife/core/bootstrap_context.rb +++ b/lib/chef/knife/core/bootstrap_context.rb @@ -64,6 +64,36 @@ CONFIG client_rb << "# Using default node name (fqdn)\n" end + # We configure :verify_api_cert only when it's overridden on the CLI + # or when specified in the knife config. + if !@config[:node_verify_api_cert].nil? || knife_config.has_key?(:verify_api_cert) + value = @config[:node_verify_api_cert].nil? ? knife_config[:verify_api_cert] : @config[:node_verify_api_cert] + client_rb << %Q{verify_api_cert #{value}\n} + end + + # We configure :ssl_verify_mode only when it's overridden on the CLI + # or when specified in the knife config. + if @config[:node_ssl_verify_mode] || knife_config.has_key?(:ssl_verify_mode) + value = case @config[:node_ssl_verify_mode] + when "peer" + :verify_peer + when "none" + :verify_none + when nil + knife_config[:ssl_verify_mode] + else + nil + end + + if value + client_rb << %Q{ssl_verify_mode :#{value}\n} + end + end + + if @config[:ssl_verify_mode] + client_rb << %Q{ssl_verify_mode :#{knife_config[:ssl_verify_mode]}\n} + end + if knife_config[:bootstrap_proxy] client_rb << %Q{http_proxy "#{knife_config[:bootstrap_proxy]}"\n} client_rb << %Q{https_proxy "#{knife_config[:bootstrap_proxy]}"\n} |