update list of root certificates that Chef client trusts #43370
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
https://codedotorg.atlassian.net/browse/INF-492
Testing story
Provisioning a new adhoc works:
bundle exec rake adhoc:start RAILS_ENV=adhoc
excerpt from
/var/log/chef-bootstrap-debug.log
:An existing adhoc (that runs local mode chef):
test-update-chef-certs-on-existing-instance
With a commit to comment out installation of pdftk-java package/aws/ci_build
runs. Also merged inupdate-chef-trusted-root-certificates
And a commit that re-enabled installation of pdftk-java package and pushed to origindpkg -s pdftk-java
showed that the the package was not installed. It appears that for an existing local mode EC2 Instance, we do not re-run Chef client with each build to apply new commits.sudo /opt/chef/bin/chef-client --chef-license accept-silent
) and verified withdpkg -s pdftk-java
that the package was installed.Deployment strategy
Follow-up work
Should we modify our build process to run Chef client for existing local mode environments each time a build runs?
Privacy
Security
Caching
PR Checklist: