[chef] Re: RE: Re: role NOT being applied?

[Tensibai < >]

Attributes in themselves won't do anything, what will do something is a recipe consuming thoose atrtibutes to choose what to set in templates or what to do.

Here the set of attributes in your role is to drive chef_client::config recipe, without this recipe, your just have attributes on your nodes an nothing in the runlist takes care about it.

 

Le 2014-11-04 16:42, Fouts, Chris a écrit :

Yes, but chef-client run should "put" it there – that's what I'm trying to accomplish.

 

From: Tyler [mailto:
Sent: Tuesday, November 04, 2014 9:35 AM
To:
Subject: [chef] Re: role NOT being applied?

 

That `ssl_verify_mode :verify_peer` line should be in your client.rb chef config file.  The recipe that Tensibai mentions will create & manage that file for you.  What does your client.rb file look like on one of the nodes?

 

What log file are you missing?

 

-T

 

On Nov 3, 2014, at 11:21 AM, Tensibai Zhaoying < "> > wrote:

 

Do you have chef_client::config I'm the node runlist ? (You did not specify that)

---- Fouts, Chris a écrit ----

I have the following in one of my *.json roles, and I have uploaded the role to my chef-server, and have assigned that role to my node (I'm very sure of this!).

 

"default_attributes": {

  "chef_client" : {

    "ssl_verify_mode" : ":verify_peer",

    "log_level" : ":debug",

    "logfile" : "/var/log/chef-client/chef.log"

  }

}

 

But yet, I still see this during my chef-client runs

 

SSL validation of HTTPS requests is disabled. HTTPS connections are still

encrypted, but chef is not able to detect forged replies or man in the middle

attacks.

 

To fix this issue add an entry like this to your configuration file:

 

```

  # Verify all HTTPS connections (recommended)

  ssl_verify_mode :verify_peer

 

  # OR, Verify only connections to chef-server

  verify_api_cert true

 

 

Of course I don't see the log file either.

 

Any clues?

 

Chris