knife azure does not honor --node-ssl-verify-mode flag about knife-azure HOT 21 CLOSED

@msnahill for more info

from knife-azure.

No cigar:
Manually built the knife-azure gem from https://github.com/chef/knife-azure/tree/adamedx/node_ssl_verify fork.

Command:
knife azure server create --azure-dns-name myserver --azure-vm-size Medium -I a699494373c04fc0bc8f2bb1389d6106__Windows-Server-2012-R2-20150916-en.us-127GB.vhd --azure-service-location 'Central US' --winrm-user myuser --winrm-password 'cleartextpassword' --bootstrap-protocol cloud-api --azure-network-name 'vnet_express_route' --azure-subnet-name 'Tenant Subnet' --no-node-verify-api-cert --node-ssl-verify-mode none --azure-vm-startup-timeout 15

Error:
OpenSSL::SSL:SSLError: SSL_Connect refused.

Notes:

• manually adding ssl_verify_mode :verify_none solves the issue
  other note:
• knife ssl fetch -c client.rb fails with uninitialized constant Chef::Handler azure/start_hander, report_handler..

from knife-azure.

bootstrapping a box with new gem placed a literal knife[:node_ssl_verify_mode] = 'none'

from knife-azure.

the only way this command works is with exactly ssl_verify_mode :verify_none
no = and no knife[:...]

from knife-azure.

also, unrelated findings:
validator_client_name & chef_server_url are defined twice.

/cc: @andrewelizondo

from knife-azure.

@vinyar @andrewelizondo
We are working on this. Thank You!

from knife-azure.

Work in progress: #253
chef-partners/azure-chef-extension#87

from knife-azure.

👍

from knife-azure.

@vinyar , we have provided a work-around for this. You can use --azure-extension-client-config option in knife azure server create command to specify the path of client.rb file which contains all the required options.
Please use knife-azure master branch.

We are still continuing on chef-partners/azure-chef-extension#87. But this will require an extension release also.

from knife-azure.

@NimishaS
Hi, we'll test it and get back to you.
Q: Will passing node name add the value to client.rb?

Could you please update the readme.md with directions on how to use this flag (so others can benefit from the workaround)

Thank you

from knife-azure.

@NimishaS - No luck. Invalid option.

knife azure server create --azure-dns-name myserver --azure-vm-size Medium -I a699494373c04fc0bc8f2bb1389d6106__Windows-Server-2012-R2-20150916-en.us-127GB.vhd --azure-service-location 'Central US' --winrm-user myuser --winrm-password 'cleartextpassword' --bootstrap-protocol cloud-api --azure-network-name 'vnet_express_route' --azure-subnet-name 'Tenant Subnet' --no-node-verify-api-cert --node-ssl-verify-mode none --azure-vm-startup-timeout 15 --azure-domain-name 'ExpressRoute.domain.example.com' --azure-domain-passwd 'AnotherClearTextPassword' --azure-domain-user 'domainaccount' --azure-domain-ou-dn 'OU=SubFolder,OU=Folder,DC=ExpressRoute,DC=domain,DC=example,DC=com' --azure-extension-client-config 'D:\myfolder\client.rb'

Error: invalid option: --azure-extension-client-config

note: we tried various underscores as well (azure_extension_client_config), but no luck.

from knife-azure.

@vinyar , the new option --azure-extension-client-config exists in knife-azure master branch currently and is not released yet. May be that's why you faced the error. Option is defined here https://github.com/chef/knife-azure/blob/master/lib/chef/knife/azure_server_create.rb#L358

Please follow the given steps to test master branch:

$ gem uninstall 'knife-azure'
$ git clone https://github.com/chef/knife-azure
$ cd knife-azure
$ gem build knife-azure.gemspec
$ gem install ./knife-azure-1.5.0.gem    #version number may vary

from knife-azure.

oooh! I got it. I misunderstood the 'in the master branch' comment. I'll build it and retry. 👍
I naively looked at the master code but used the released gem 🌵

from knife-azure.

@NimishaS,

@vinyar and I built a new Knife-Azure gem following your instructions. After installing the gem, we added the --azure-extension-client-config parameter to our knife azure server create command and found the following:

The entire file we passed in as the value for --azure-extension-client-config was added to the top of the resulting client.rb file. I was under the impression that this --azure-extension-client-config parameter would replace the client.rb file, not add to it. Given your description of it's use (#250 (comment)), I'm not sure if the result of our test was what was intended.

Let us know whether you're happy with our result, or if you would like to make any changes to master and have us test again.

from knife-azure.

note: as part of an experiment, we created a file with just one line ssl_verify_mode :verify_none which added just that one line to a client.rb on the new azure node, and that allowed chef-client to execute.

from knife-azure.

@msnahill , @vinyar: It is an expected behavior that the extension appends some necessary parameters and handlers to the client.rb file. But that won't hamper any of the functionality.

from knife-azure.

Resolved with #253.

from knife-azure.

could we please add documentation to Readme and -h command line help

from knife-azure.

@vinyar , we'll do that

from knife-azure.

@vinyar , working on updating Readme here #270.
-h command line help is already updated.

from knife-azure.

AWSOME! Thank you!

from knife-azure.