- From: Daniel DeLeo <
>
- To:
- Subject: [chef] Re: How to ignore SSL check for resource http_request in cookbook
- Date: Mon, 28 Sep 2015 12:17:20 -0700
On Saturday, September 26, 2015 at 9:32 PM, jeffty wrote:
>
Hi All,
>
>
>
In my recipe I want to test a POST request with resource http_request in a
>
chef client:
>
>
>
http_request 'posting data' do
>
>
action :post
>
>
url 'https://my_restful_service:8080/test'
>
>
message '{}'
>
>
headers({'Authorization' => "Basic #{
>
>
Base64.encode64('guest:guest ')}",
>
>
'Content-Type' => 'application/xml'
>
>
})
>
>
end
>
>
>
>
And get below errors in the chef client node:
>
>
[2015-08-05T05:18:38-04:00] ERROR: http_request[posting data] (test::default
>
line 14) had an error: OpenSSL::SSL::SSLError: SSL_connect returned=1
>
errno=0 state=SSLv3 read server certificate B: certificate verify failed
>
>
[2015-08-05T05:18:38-04:00] FATAL: Chef::Exceptions::ChildConvergeError:
>
Chef run process exited unsuccessfully (exit code 1)
>
>
>
How to solve this? Is it possible disable SSL checking for this?
The SSL verify setting is global, so you’d need to modify
`Chef::Config[:ssl_verify_mode]` before and after (you can do that with
ruby_block resources). Though if the certificate is reasonable (i.e., the
hostname stuff is correct), but it’s just not signed, you can use `knife ssl
fetch` to pull down the cert and make chef trust it thereafter.
>
>
>
And if the post succeed how to do something based on the post status and
>
response content?
Noah just posted a tip on doing this in his blog:
https://coderanger.net/chef-tips/#4 ;
>
>
>
Thanks & Regards
>
>
Jason
--
Daniel DeLeo
Archive powered by MHonArc 2.6.16.