gpt4 book ai didi

chef-infra - 调配时Chef-solo ssl警告

转载 作者:行者123 更新时间:2023-12-03 09:01:57 27 4
gpt4 key购买 nike

当使用 Vagrant 和厨师作为供应者时,我得到以下警告:

[web] Chef 11.12.2 Omnibus package is already installed.
[web] Running provisioner: chef_solo...
Generating chef JSON and uploading...
Running chef-solo...
stdin: is not a tty
[2014-04-10T14:48:46+00:00] INFO: Forking chef instance to converge...
[2014-04-10T14:48:46+00:00] WARN:
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
SSL validation of HTTPS requests is disabled. HTTPS connections are still
encrypted, but chef is not able to detect forged replies or man in the middle
attacks.

To fix this issue add an entry like this to your configuration file:

```
# Verify all HTTPS connections (recommended)
ssl_verify_mode :verify_peer

# OR, Verify only connections to chef-server
verify_api_cert true
```

To check your SSL configuration, or troubleshoot errors, you can use the
`knife ssl check` command like so:

```
knife ssl check -c /tmp/vagrant-chef-1/solo.rb
```

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

很高兴知道Chef在Vagrantfile中需要哪种设置来解决此问题。

最佳答案

此警告是在Chef 11.12.0中引入的。有关详细信息,请参见release notes:

When ssl_verify_mode is set to :verify_none, Chef will print a warning. Use knife ssl check to test SSL connectivity and then add ssl_verify_mode :verify_peer to your configuration file to fix the warning. Though :verify_none is currently the default, this will be changed in a future release, so users are encouraged to be proactive in testing and updating their SSL configuration.



要在Vagrant中修复此警​​告,您必须修改它在VM中创建的 solo.rb配置文件。使用Vagrant,您可以使用 custom_config_path 选项。

因此,您可以这样修改您的Vagrantfile:
Vagrant.configure("2") do |config|
config.vm.provision "chef_solo" do |chef|
# the next line is added
chef.custom_config_path = "Vagrantfile.chef"
end
end

这使得Vagrant将本地文件 Vagrantfile.chef的内容包含到生成的solo.rb中,因此该文件需要存在于主机系统上,而不是VM上。

然后,在目录中创建一个新文件 Vagrantfile.chef,并在其中保留以下内容的Vagrantfile:
Chef::Config.ssl_verify_mode = :verify_peer

下一轮 vagrant provision不应再显示警告。

关于chef-infra - 调配时Chef-solo ssl警告,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/22991561/

27 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com