diff options
Diffstat (limited to 'lib/chef')
-rw-r--r-- | lib/chef/knife/bootstrap.rb | 18 | ||||
-rw-r--r-- | lib/chef/knife/core/bootstrap_context.rb | 28 |
2 files changed, 33 insertions, 13 deletions
diff --git a/lib/chef/knife/bootstrap.rb b/lib/chef/knife/bootstrap.rb index 3c934431ec..36a0fc1e47 100644 --- a/lib/chef/knife/bootstrap.rb +++ b/lib/chef/knife/bootstrap.rb @@ -188,20 +188,18 @@ class Chef :description => "Add options to curl when install chef-client", :proc => Proc.new { |co| Chef::Config[:knife][:bootstrap_curl_options] = co } - option :ssl_verify_mode, - :long => "--ssl-verify-mode [none|all]", + option :node_ssl_verify_mode, + :long => "--node-ssl-verify-mode [peer|none]", :description => "Whether or not to verify the SSL cert for all HTTPS requests.", - :proc => Proc.new { |verify_mode| - if verify_mode == "all" - mode = :verify_peer - elsif verify_mode == "none" - mode = :verify_none + :proc => Proc.new { |v| + valid_values = ["none", "peer"] + unless valid_values.include?(v) + raise "Invalid value '#{v}' for --node-ssl-verify-mode. Valid values are: #{valid_values.join(", ")}" end - Chef::Config[:knife][:ssl_verify_mode] = mode } - option :verify_api_cert, - :long => "--[no-]verify-api-cert", + option :node_verify_api_cert, + :long => "--[no-]node-verify-api-cert", :description => "Verify the SSL cert for HTTPS requests to the Chef server API.", :boolean => true diff --git a/lib/chef/knife/core/bootstrap_context.rb b/lib/chef/knife/core/bootstrap_context.rb index 831a214e66..12d422a162 100644 --- a/lib/chef/knife/core/bootstrap_context.rb +++ b/lib/chef/knife/core/bootstrap_context.rb @@ -64,11 +64,33 @@ CONFIG client_rb << "# Using default node name (fqdn)\n" end - unless @config[:verify_api_cert].nil? - client_rb << %Q{verify_api_cert #{@config[:verify_api_cert]}\n} + # We configure :verify_api_cert only when it's overridden on the CLI + # or when specified in the knife config. + if !@config[:node_verify_api_cert].nil? || knife_config.has_key?(:verify_api_cert) + value = @config[:node_verify_api_cert].nil? ? knife_config[:verify_api_cert] : @config[:node_verify_api_cert] + client_rb << %Q{verify_api_cert #{value}\n} end - if knife_config[:ssl_verify_mode] + # We configure :ssl_verify_mode only when it's overridden on the CLI + # or when specified in the knife config. + if @config[:node_ssl_verify_mode] || knife_config.has_key?(:ssl_verify_mode) + value = case @config[:node_ssl_verify_mode] + when "peer" + :verify_peer + when "none" + :verify_none + when nil + knife_config[:ssl_verify_mode] + else + nil + end + + if value + client_rb << %Q{ssl_verify_mode :#{value}\n} + end + end + + if @config[:ssl_verify_mode] client_rb << %Q{ssl_verify_mode :#{knife_config[:ssl_verify_mode]}\n} end |