I have installed chef-dk and started using berkshe

2019-01-25 16:50发布

问题:

I have installed chef client 12.0.3, on top of it I have install chef-dk version 0.3.5 but why chef-dk is installing chef client version Chef: 11.18.0.rc.1

  1. Unable to Upload cookbooks to chef server
  2. berks shelf list is working but berks upload failed

Error:

E, [2015-01-08T04:58:36.707534 #22533] ERROR -- : Ridley::Errors::ClientError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
E, [2015-01-08T04:58:36.708931 #22533] ERROR -- : /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/celluloid-0.16.0/lib/celluloid/responses.rb:29:in `value'
/opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/celluloid-0.16.0/lib/celluloid/calls.rb:92:in `value'
/opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/celluloid-0.16.0/lib/celluloid/proxies/sync_proxy.rb:33:in `method_missing'
/opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/celluloid-0.16.0/lib/celluloid/proxies/cell_proxy.rb:17:in `_send_

    There was an error connecting to the Chef Server

回答1:

It is failing the SSL verification process. Follow these instructions to fix it for knife. For berkshelf you can disable SSL verification in your config.json or you can set $SSL_CERT_FILE to the downloaded server certificate.



回答2:

This is a berks related issue.
You can cancel the ssl verify option in berks config file:

echo '{"ssl": { "verify": false }}' > ~/.berkshelf/config.json


回答3:

As I'm a big fan of fixing the error instead of fixing the symptom here is what you can do to be sure the SSL connection works with validation (with a little more detail than coderanger one):

1) Get the server certificate and add it to the cacert.pem file of chef-dk

openssl s_client -showcerts -connect <YOUR_CHEF_SERVER>:443 </dev/null 2>/dev/null|openssl x509 -outform PEM >> /opt/chefdk/embedded/ssl/certs/cacert.pem

2) set the env variables for ssl libs:

export SSL_CERT_FILE=/opt/chefdk/embedded/ssl/certs/cacert.pem

Retry your upload and it should work.



回答4:

You can also disable ssl checking on the command line:

berks upload --no-ssl-verify