Chef::Config.ssl_verify_mode :verify_none doesn't get passed on the Cheffish::ServerApi

[aespinosa]

The documented workaround in #37 doesn't seem to get passed through the HTTP client.

I posted a wrapper cookbook against the chef-server cookbook to bootstrap users (and organizations eventually) in https://gist.github.com/aespinosa/62bf4801ac570ab76f47a644b793b194

I have done various ways of adding ssl_verify_mode and none seem to work. So far I have tried the following

1. put Chef::Config.ssl_verify_mode inside a ruby_block
2. put the whole chef_server parameter inside a lazy { Chef::Config.ssl_verify_mode ... } block

[lamont-granquist]

So we need to rip Cheffish::ServerApi out and come up with a better solution to properly injecting config into Chef::ServerApi and Chef::HTTP and friends

[aespinosa]

This workaround seems to satisfy my needs. I basically added the freshly configured chef-server's certificate to the chef-client trusted certificate store.

execute 'download chefserver certs' do
  command "knife ssl fetch -c #{Chef::Config.config_file} https://#{node['fqdn']}"
  creates "#{Chef::Config.config_dir}/trusted_certs"
end


chef_user 'foo' do
  chef_server "https://#{node['fqdn']}"
   # ...
end