1

I wrote a chef cookbook and it runs fine with test-kitchen. Now I want to harden ssh access to the production nodes by writing a recipe that overwrites /etc/ssh/sshd_config. Among other things, it changes the ssh port to a non-default one.

When now running "kitchen login" after "kitchen converge", it fails, because it can't connect on the default port.

Is there a way to configure test-kitchen with a different ssh port? Or is there a different way to do this? Could I recognize whether the recipe is running in test-kitchen and only change the ssh port in production environments?

Heinzi
  • 191
  • 1
  • 6

1 Answers1

2

I found a solution. Kitchen can override node attributes in the .kitchen.yml file. So using an attribute for the ssh port does the trick.

Heinzi
  • 191
  • 1
  • 6
  • I still get `SSH session could not be established] on default-debian-9 >>>>>> Failed to complete #verify action: [Transport error, can't connect to 'ssh' backend: SSH session could not be established] on default-centos-7 >>>>>> ---------------------- >>>>>> Please see .kitchen/logs/kitchen.log for more details >>>>>> Also try running ``kitchen diagnose --all`` for configuration`... – Chaim Eliyah Dec 17 '18 at 19:35
  • Never mind, I see what you are saying. Set the attribute to `22` in the kitchen-test run, you can change it when running in production. – Chaim Eliyah Dec 17 '18 at 19:52