Merge pull request #5790 from GennadySpb/trusted_certs_dir

Support 'trusted_certs_dir' chef-client configuration option
8 years ago · 4bccbbba1f
parent 5967732442 53aaf84100
commit 4bccbbba1f
2 changed files with 29 additions and 8 deletions
--- a/provisioner/chef-client/provisioner.go
+++ b/provisioner/chef-client/provisioner.go
@ -63,6 +63,7 @@ type Config struct {
 	SkipCleanNode              bool     `mapstructure:"skip_clean_node"`
 	SkipInstall                bool     `mapstructure:"skip_install"`
 	SslVerifyMode              string   `mapstructure:"ssl_verify_mode"`
+	TrustedCertsDir            string   `mapstructure:"trusted_certs_dir"`
 	StagingDir                 string   `mapstructure:"staging_directory"`
 	ValidationClientName       string   `mapstructure:"validation_client_name"`
 	ValidationKeyPath          string   `mapstructure:"validation_key_path"`
@ -83,6 +84,7 @@ type ConfigTemplate struct {
 	NodeName                   string
 	ServerUrl                  string
 	SslVerifyMode              string
+	TrustedCertsDir            string
 	ValidationClientName       string
 	ValidationKeyPath          string
 }
@ -268,7 +270,8 @@ func (p *Provisioner) Provision(ui packer.Ui, comm packer.Communicator) error {
 		remoteValidationKeyPath,
 		p.config.ValidationClientName,
 		p.config.ChefEnvironment,
-		p.config.SslVerifyMode)
+		p.config.SslVerifyMode,
+		p.config.TrustedCertsDir)
 	if err != nil {
 		return fmt.Errorf("Error creating Chef config file: %s", err)
 	}
@ -283,7 +286,7 @@ func (p *Provisioner) Provision(ui packer.Ui, comm packer.Communicator) error {
 	if !(p.config.SkipCleanNode && p.config.SkipCleanClient) {

 		knifeConfigPath, knifeErr := p.createKnifeConfig(
-			ui, comm, nodeName, serverUrl, p.config.ClientKey, p.config.SslVerifyMode)
+			ui, comm, nodeName, serverUrl, p.config.ClientKey, p.config.SslVerifyMode, p.config.TrustedCertsDir)

 		if knifeErr != nil {
 			return fmt.Errorf("Error creating knife config on node: %s", knifeErr)
@ -341,7 +344,8 @@ func (p *Provisioner) createConfig(
 	remoteKeyPath string,
 	validationClientName string,
 	chefEnvironment string,
-	sslVerifyMode string) (string, error) {
+	sslVerifyMode string,
+	trustedCertsDir string) (string, error) {

 	ui.Message("Creating configuration file 'client.rb'")

@ -371,6 +375,7 @@ func (p *Provisioner) createConfig(
 		ValidationClientName:       validationClientName,
 		ChefEnvironment:            chefEnvironment,
 		SslVerifyMode:              sslVerifyMode,
+		TrustedCertsDir:            trustedCertsDir,
 		EncryptedDataBagSecretPath: encryptedDataBagSecretPath,
 	}
 	configString, err := interpolate.Render(tpl, &ctx)
@ -386,7 +391,7 @@ func (p *Provisioner) createConfig(
 	return remotePath, nil
 }

-func (p *Provisioner) createKnifeConfig(ui packer.Ui, comm packer.Communicator, nodeName string, serverUrl string, clientKey string, sslVerifyMode string) (string, error) {
+func (p *Provisioner) createKnifeConfig(ui packer.Ui, comm packer.Communicator, nodeName string, serverUrl string, clientKey string, sslVerifyMode string, trustedCertsDir string) (string, error) {
 	ui.Message("Creating configuration file 'knife.rb'")

 	// Read the template
@ -394,10 +399,11 @@ func (p *Provisioner) createKnifeConfig(ui packer.Ui, comm packer.Communicator,

 	ctx := p.config.ctx
 	ctx.Data = &ConfigTemplate{
-		NodeName:      nodeName,
-		ServerUrl:     serverUrl,
-		ClientKey:     clientKey,
-		SslVerifyMode: sslVerifyMode,
+		NodeName:        nodeName,
+		ServerUrl:       serverUrl,
+		ClientKey:       clientKey,
+		SslVerifyMode:   sslVerifyMode,
+		TrustedCertsDir: trustedCertsDir,
 	}
 	configString, err := interpolate.Render(tpl, &ctx)
 	if err != nil {
@ -685,6 +691,9 @@ environment "{{.ChefEnvironment}}"
 {{if ne .SslVerifyMode ""}}
 ssl_verify_mode :{{.SslVerifyMode}}
 {{end}}
+{{if ne .TrustedCertsDir ""}}
+trusted_certs_dir "{{.TrustedCertsDir}}"
+{{end}}
 `

 var DefaultKnifeTemplate = `
@ -696,4 +705,7 @@ node_name "{{.NodeName}}"
 {{if ne .SslVerifyMode ""}}
 ssl_verify_mode :{{.SslVerifyMode}}
 {{end}}
+{{if ne .TrustedCertsDir ""}}
+trusted_certs_dir "{{.TrustedCertsDir}}"
+{{end}}
 `
--- a/website/source/docs/provisioners/chef-client.html.md
+++ b/website/source/docs/provisioners/chef-client.html.md
@ -105,6 +105,11 @@ configuration is actually required.
    SSL certificates. If not set, this defaults to "verify\_peer" which validates
    all SSL certifications.

+-   `trusted_certs_dir` (string) -  This is a directory that contains additional 
+    SSL certificates to trust. Any certificates in this directory will be added to 
+    whatever CA bundle ruby is using. Use this to add self-signed certs for your 
+    Chef Server or local HTTP file servers.
+
 -   `staging_directory` (string) - This is the directory where all the
    configuration of Chef by Packer will be placed. By default this is
    "/tmp/packer-chef-client" when guest\_os\_type unix and
@ -158,6 +163,9 @@ environment "{{.ChefEnvironment}}"
 {{if ne .SslVerifyMode ""}}
 ssl_verify_mode :{{.SslVerifyMode}}
 {{end}}
+{{if ne .TrustedCertsDir ""}}
+trusted_certs_dir :{{.TrustedCertsDir}}
+{{end}}
 ```

 This template is a [configuration
@ -170,6 +178,7 @@ variables available to use:
 -   `NodeName` - The node name set in the configuration.
 -   `ServerUrl` - The URL of the Chef Server set in the configuration.
 -   `SslVerifyMode` - Whether Chef SSL verify mode is on or off.
+-   `TrustedCertsDir` - Path to dir with trusted certificates.
 -   `ValidationClientName` - The name of the client used for validation.
 -   `ValidationKeyPath` - Path to the validation key, if it is set.