Knife Windows Bootstrap fails to download chef-client #8713
Comments
TimothyTitan
added a commit
to TimothyTitan/chef
that referenced
this issue
Oct 29, 2020
Adding tls1.2 support for powershell. From - chef#8713
10 tasks
|
Fixed in master |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
User Story
As an infrastructure engineer, I will use this work when I want to bootstrap windows server boxes with chef-clients.
Description
The Windows Server boxes are configured with TLS 1.2 and fails due to the generated powershell script (wget.ps1) from knife to download the chef-client with the following error:
The underlying connection was closed: An unexpected error
Chef Version
12+
Platform Version
Chef is running on Ubuntu 16
Chef-client on Windows Server 2016 TLS 1.2
Steps taken to fix the issue at the moment:
cd /opt/chefdk/embedded/lib/ruby/gems/2.5.0/gems/knife-windows-1.9.6/lib/chef/knife/core/
edit windows_bootstrap_context.rb by adding
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Like so....
param(
[String] $remoteUrl,
[String] $localPath
)
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
$ProxyUrl = $env:http_proxy;
$webClient = new-object System.Net.WebClient;
if ($ProxyUrl -ne '') {
$WebProxy = New-Object System.Net.WebProxy($ProxyUrl,$true)
$WebClient.Proxy = $WebProxy
}
$webClient.DownloadFile($remoteUrl, $localPath);
Requested resolution
Please allow for some type of switch that will add the Service Point Manager Security Protocol of tls1.2 when bootstrapping chef-clients with
knife bootstrap windows winrm
The text was updated successfully, but these errors were encountered: