[chef] Re: Chaining SSL certificates at deployment time.

[Aaron Peterson < >]

Yes, unless I'm missing something, each uniquely named execute
resource should have its own notifies queue, so your code should work.
 For now you might want to try:

    notifies :run, "execute[add chain certificate #{cert}]", :immediate

This will cause those actions to happen immediately after each
cookbook_file resource rather than at the end with the rest of the
delayed actions, like nginx's service restart, which you *do* only
want one of.


On Thu, Jul 7, 2011 at 16:09, Jason J. W. Williams
<
 >
 wrote:
> Since nginx requires that intermediate chaining certificates be concatenated
> in the same .crt file as the SSL cert for the website, I've been trying to
> write my recipe to install the SSL cert and chaining cert files separately
> and then dynamically concatenating them into a new composite cert. For
> example, I have my actual certs cert1.crt and cert2.crt, this would produce
> composite-cert1.crt and composite-cert2.crt. However, the recipe code
> (https://gist.github.com/1070755) only triggers the chaining for cert1:
> cookbook_file[/etc/nginx/ssl/cert1.crt] sending run action to execute[add
> chain certificate cert1.crt]
> ...
> cookbook_file[/etc/nginx/ssl/cert2.crt] not queuing delayed action run on
> execute[add chain certificate cert2.crt] (delayed), as it's already been
> queued
> Any pointers would be greatly appreciated.
> -J



-- 
Aaron Peterson 
<
 >
Opscode Technical Evangelist