4

I have a use-case where a chef recipe needs to use 'remote_file' to fetch a file on a virtual, and the fetch needs to be do through an HTTP proxy. This is not working because chef-client doesn't use the system proxy settings ... it gets its proxy settings from the /etc/chef/chef-client.rb

So how do I get proxy settings (or settings in general) into the chef-client.rb file on a client?

Ideally, I'd like it to happen at client bootstrap time, but I can't see how to do that short of hacking the code.

The other possibility is that I could create a recipe that updates the chef-client.rb file. But that strikes me as a bit dangerous. And it means that you need to run chef-client twice before it works, assuming that the missing proxy setting in the first run causes the run to ultimately fail.

Any ideas on how to fix this?

Stephen C
  • 551
  • 4
  • 18
  • Are you looking to have only one remote_file use the HTTP proxy, or is it okay to have all the recipes use that proxy? – natacado Jan 26 '12 at 07:46

3 Answers3

5

Fyi: The default config file is /etc/chef/client.rb, you would need to pass -c /etc/chef/chef-client.rb to use that file.

To set theChef configuration settings for http proxy, you can set the proxy to use with knife bootstrap with the command-line option --bootstrap-proxy URL. Or, you can add this in in your knife.rb. 

knife[:bootstrap_proxy] = "https://proxy.example.com"

Replace the "https://proxy.example.com" value with your proxy server URL.

This will add the http_proxy and https_proxy lines to the /etc/chef/client.rb file automatically. Alternatively, you can create a customized bootstrap template with these configuration values in the client config section. Something like this (modified from ubuntu10.04-gems.erb):

(
cat <<'EOP'
http_proxy "http://proxy.example.com" # replace with your URL
<%= config_content %>
EOP
) > /etc/chef/client.rb
jtimberman
  • 7,587
  • 2
  • 34
  • 42
1

Came across this question when I try to get a Chef solo run behind firewall work.

The same http_proxy settings for chef client client.rb can be used in solo.rb

So the chef solo run will be like this

solo.rb looks like below

cookbook_path File.expand_path("../cookbooks", __FILE__)
json_attribs File.expand_path("../node.json", __FILE__)

# HTTP for environment behind firewall
# http://docs.opscode.com/config.html
# solo.rb and client.rb can use the same http_proxy settings
http_proxy "http://proxy.company.com:3128"
# http_proxy_user "username"
# http_proxy_pass "password"

The chef run => chef-solo -c solo.rb -j node.json -l debug`

It works! ;-)

Terry Wang
  • 181
  • 8
0

So I had the same issue and could not get hints to work properly as it doesn't seem to work in this particular way + lack of documenation samples.

In the end I just opted to edit the chef-full.erb which is the bootstrap default template use to generate the client.rb

To get the right file run this:

$ gem contents chef | grep bootstrap | grep full
/home/henryt/.rvm/gems/ruby-1.9.3-p547/gems/chef-11.16.4/lib/chef/knife/bootstrap/chef-full.erb

Then vim that chef-full.erb file and add ohai :disabled_plugins line inside the client.rb here document (cat > /etc/chef/client.rb <<'EOP')

Ohai::Config[:disabled_plugins] = [:Passwd]

My patch file:

--- ~me/.rvm/gems/ruby-1.9.3-p547/gems/chef-11.16.4/lib/chef/knife/bootstrap/chef-full.erb.orig
   2016-07-22 00:53:33.689961205 -0700
+++ ~me/.rvm/gems/ruby-1.9.3-p547/gems/chef-11.16.4/lib/chef/knife/bootstrap/chef-full.erb
2016-07-22 00:44:21.253493396 -0700
@@ -64,6 +64,7 @@

cat > /etc/chef/client.rb <<'EOP'
<%= config_content %>
+Ohai::Config[:disabled_plugins] = [:Passwd]
EOP

cat > /etc/chef/first-boot.json <<'EOP'

Now every time I bootstrap a machine the client.rb gets generated with that ohai :disabled_plugins line and I don't have to have a custom client.rb file.

BE77Y
  • 2,667
  • 3
  • 18
  • 23
takumi
  • 11
  • 3