chef-server: Upgrade to latest current build #4216
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This upgrades us to the latest unstable packages built from master. To do so, it: - Adds server_name_indication SSL configuration to avoid the issue outlined in #2002. - Adapts our various wrapper scripts to changes in the upstream packages around ruby+bundler. Chef Server is currently in the process of trying to upgrade many of its deps, so more churn here is likely. - Sets the new retry_on_conn_closed option for oc_httpc to true, which hopefully works around some recent ibrowse changes. Signed-off-by: Steven Danna <steve@chef.io>
We already allow core/ruby, this is just a version upgrade where the package name changed. Signed-off-by: Steven Danna <steve@chef.io>
This code was trying to run `knife opc "org user" add. Now, we split on whitespace to make sure we pass "org user" as seperate args. I believe this was working before because of subtle differences in the wrapper scripts. Signed-off-by: Steven Danna <steve@chef.io>
stevendanna
force-pushed
the
ssd/upgrade-chef-server-maybe
branch
from
d509140
to
0d1ee32
Compare
stevendanna
changed the title
This allows us to avoid a breaking changing by continuing to verify certificates but ignoring hostname mismatches. Signed-off-by: Steven Danna <steve@chef.io>
Signed-off-by: Steven Danna <steve@chef.io>
Signed-off-by: Steven Danna <steve@chef.io>
If we don't set the umask, directories in /hab/pkgs/ might become unreadable by the hab user. Signed-off-by: Steven Danna <steve@chef.io>
This limits the curves offered via TLS in accordance with our TLS scanner. Signed-off-by: Steven Danna <steve@chef.io>
| @@ -126,12 +138,14 @@ | |||
| {cull_interval, {1, min}}, | |||
| {max_age, {70, sec}}, | |||
| {max_connection_duration, {70, sec}}, | |||
| {retry_on_conn_closed, true}, | |||
There was a problem hiding this comment.
ohh nice! you remembered to get this!
PrajaktaPurohit
approved these changes
Aug 13, 2020
yzl
approved these changes
Aug 13, 2020
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This upgrades us to the latest unstable packages built from master.
To do so, it:
Adds server_name_indication SSL configuration and our custom
{verify, verify_ca}to avoid the issueoutlined in [chef-server] update to latest chef server #2002.
Updates other SSL related configuration to be in compliance with our security checks.
Adapts our various wrapper scripts to changes in the upstream
packages around ruby+bundler. Chef Server is currently in the
process of trying to upgrade many of its deps, so more churn here is
likely.
Sets the new retry_on_conn_closed option for oc_httpc to true, which
hopefully works around some recent ibrowse changes.
Signed-off-by: Steven Danna steve@chef.io