- From: Daniel DeLeo <
>
- To:
- Subject: [chef] Re: ChefDK and Test Kitchen SSL issue
- Date: Thu, 18 Dec 2014 10:15:41 -0800
On Thursday, December 18, 2014 at 9:58 AM, Ryan Kelley wrote:
>
i'm running into this issue with the out of the box install of ChefDK on
>
both a OSX system and Ubuntu. using chef generate cookbook and getting the
>
default .kitchen.yml file and then running kitchen create to pull down and
>
create the box. i'm getting an error at what i'm assuming is the embedded
>
curl operation to pull down opscode ubuntu or centos box i get this
>
>
> > > > > > ------Exception-------
>
> > > > > > Class: Kitchen::ActionFailed
>
> > > > > > Message: Failed to complete #create action: [Expected process
>
> > > > > > to exit with [0], but received '1'
>
> > > > >
>
> > > >
>
> > >
>
> >
>
>
>
>
---- Begin output of vagrant up --no-provision --provider=virtualbox ----
>
STDOUT: Bringing machine 'default' up with 'virtualbox' provider...
>
==> default: Box 'opscode-ubuntu-12.04' could not be found. Attempting to
>
find and install...
>
default: Box Provider: virtualbox
>
default: Box Version: >= 0
>
==> default: Adding box 'opscode-ubuntu-12.04' (v0) for provider: virtualbox
>
default: Downloading:
>
https://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_ubuntu-12.04_chef-provisionerless.box
>
>
SSL certificate problem: unable to get local issuer certificate
>
More details here: http://curl.haxx.se/docs/sslcerts.html
>
>
curl performs SSL certificate verification by default, using a "bundle"
>
of Certificate Authority (CA) public keys (CA certs). If the default
>
bundle file isn't adequate, you can specify an alternate file
>
using the --cacert option.
>
If this HTTPS server uses a certificate signed by a CA represented in
>
the bundle, the certificate verification probably failed due to a
>
problem with the certificate (it might be expired, or the name might
>
not match the domain name in the URL).
>
If you'd like to turn off curl's verification of the certificate, use
>
the -k (or --insecure) option
>
>
this has to be a bug seeing that myself and other co-workers are getting
>
the same error with DK 3.5.1 .
>
i have tried adding the embedded SSL cert in the chefdk package to my local
>
cert store , no dice. on my mac i have set insecure globally for curl in
>
.curlrc which works ( i dont want this to be the fix) ,that does not work
>
on my linux machines. i'm running the support versions of ubuntu for DK.
>
really need to figure out what i'm doing wrong and how to fix it.
>
thanks
>
Ryan
Can you determine which copy of curl vagrant is using, and what CA cert
bundle curl is using? Also, are you unable to make any HTTPS requests, or
just to S3, e.g., what does `curl -I
https://google.com` say?
I wonder if this is the same issue as
https://github.com/opscode/chef-dk/issues/199#issuecomment-60644778 In short, ;
some root certs got removed from the curl CA bundle because they’re using
SHA1, but AWS’s cert is signed by one of these, so you need it.
--
Daniel DeLeo
Archive powered by MHonArc 2.6.16.