{"id":6644,"date":"2014-12-22T11:30:50","date_gmt":"2014-12-22T02:30:50","guid":{"rendered":"http:\/\/www.creationline.com\/?p=6644"},"modified":"2023-08-29T13:53:02","modified_gmt":"2023-08-29T04:53:02","slug":"chef-12%e3%81%ae%e6%96%b0%e6%a9%9f%e8%83%bd-knife-ssl-checkfetch-opschef_ja-getchef_ja","status":"publish","type":"post","link":"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/chef\/6644","title":{"rendered":"Chef 12\u306e\u65b0\u6a5f\u80fd: knife ssl check\/fetch #opschef_ja #getchef_ja"},"content":{"rendered":"<p>\u65e2\u5831\u306e\u901a\u308a\u3001Chef 12\u3067\u306fChef Client\u304b\u3089Chef Server\u306b\u5bfe\u3059\u308b\u3059\u3079\u3066\u306e\u30ea\u30af\u30a8\u30b9\u30c8\u3067SSL\u8a3c\u660e\u66f8\u306e\u691c\u8a3c\u3092\u30c7\u30d5\u30a9\u30eb\u30c8\u3067\u6709\u52b9\u306b\u306a\u308a\u307e\u3057\u305f\u3002\u691c\u8a3c\u306b\u5931\u6557\u3057\u305f\u5834\u5408\u3001\u30ea\u30af\u30a8\u30b9\u30c8\u306f\u4e2d\u6b62\u3055\u308c\u307e\u3059\u3002<\/p>\n<ul>\n<li><a href=\"\/lab\/6602#what-s-new\">SSL\u8a3c\u660e\u66f8\u306e\u691c\u8a3c\u306e\u6539\u5584<\/a><\/li>\n<li><a href=\"\/lab\/6602#knife-bootstrap-settings\">knife bootstrap\u8a2d\u5b9a<\/a><\/li>\n<li><a href=\"\/lab\/6602#ssl-certificates\">SSL\u8a3c\u660e\u66f8<\/a><\/li>\n<\/ul>\n<p>\u305d\u306e\u305f\u3081\u3001Workstation\u3084Node\u304b\u3089Chef Server\u306b\u901a\u4fe1\u3059\u308b\u524d\u306b\u3001SSL\u8a3c\u660e\u66f8\u306e\u6e96\u5099\u3092\u3057\u306a\u3051\u308c\u3070\u3044\u3051\u307e\u305b\u3093\u3002\u672c\u7a3f\u3067\u306f\u3001\u305d\u306e\u305f\u3081\u306bChef 12\u3067\u65b0\u8a2d\u3055\u308c\u305f\u6a5f\u80fd\u306b\u3064\u3044\u3066\u5b9f\u4f8b\u3092\u6319\u3052\u306a\u304c\u3089\u898b\u3066\u3044\u304d\u307e\u3059(\u53c2\u8003: <a href=\"\/lab\/6632\">[\u548c\u8a33] Chef 12: \u300c\u4fe1\u983c\u3067\u304d\u306a\u3044\u81ea\u5df1\u7f72\u540d\u8a3c\u660e\u66f8\u300d\u30a8\u30e9\u30fc\u306e\u4fee\u6b63<\/a>)\u3002<\/p>\n<h2>\u691c\u8a3c\u74b0\u5883<\/h2>\n<p>Chef Server\u3001Workstation\u3001Node\u7528\u306b\u305d\u308c\u305e\u308c1\u53f0\u305a\u3064Ubuntu 14.04 LTS\u3092\u6e96\u5099\u3057\u307e\u3059\u3002<br \/>\nChef Server\u306f\u30d0\u30fc\u30b8\u30e7\u30f312.0.0\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u3066\u304a\u304d\u307e\u3059\u3002<br \/>\nWorkstation\u306b\u306fChef-DK\u3067\u306f\u306a\u304fChef Client 12.0.3\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u3001Chef Server\u304b\u3089Chef Starter Kit\u3092\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3057\u3066chef-repo\u3092\u4f5c\u3063\u3066\u304a\u304d\u307e\u3059(\u53c2\u8003: <a href=\"\/lab\/6265\">Chef Starter Kit\u306e\u6d3b\u7528<\/a>)\u3002<br \/>\nNode\u306b\u306f\u7279\u306b\u64cd\u4f5c\u3092\u884c\u3044\u307e\u305b\u3093\u3002<\/p>\n<h2>\u4e8b\u524d\u78ba\u8a8d<\/h2>\n<p><strong>knife client list<\/strong>\u3067Client\u4e00\u89a7\u3092\u53d6\u5f97\u3057\u3066\u307f\u307e\u3057\u3087\u3046\u3002<\/p>\n<p><code lang=\"bash\"><br \/>\nubuntu@ws:~\/chef-repo$ knife client list<br \/>\nERROR: SSL Validation failure connecting to host: chef-server.example.jp - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed<br \/>\nERROR: Could not establish a secure connection to the server.<br \/>\nUse `knife ssl check` to troubleshoot your SSL configuration.<br \/>\nIf your Chef Server uses a self-signed certificate, you can use<br \/>\n`knife ssl fetch` to make knife trust the server's certificates.<\/code><\/p>\n<p><code lang=\"bash\"><br \/>\n<\/code><\/p>\n<p><code lang=\"bash\">Original Exception: OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed<br \/>\nubuntu@ws:~\/chef-repo$<br \/>\n<\/code><\/p>\n<p>\u3053\u306e\u3088\u3046\u306b\u3001SSL\u8a3c\u660e\u66f8\u306e\u691c\u8a3c\u30a8\u30e9\u30fc\u3068\u306a\u308a\u307e\u3057\u305f\u3002<\/p>\n<p><strong>knife bootstrap<\/strong>\u3067Node\u3092Chef Server\u306b\u767b\u9332\u3057\u3066\u307f\u307e\u3057\u3087\u3046\u3002<\/p>\n<p><code lang=\"bash\"><br \/>\nubuntu@ws:~\/chef-repo$ knife bootstrap node.example.jp -x ubuntu --sudo<br \/>\nConnecting to node.example.jp<br \/>\nFailed to authenticate ubuntu - trying password auth<br \/>\nEnter your password:<br \/>\nnode.example.jp knife sudo password:<br \/>\nnode.example.jp<br \/>\nnode.example.jp Installing Chef Client...<br \/>\n:<br \/>\n:<br \/>\n:<br \/>\nnode.example.jp Thank you for installing Chef!<br \/>\nnode.example.jp Starting first Chef Client run...<br \/>\nnode.example.jp Starting Chef Client, version 12.0.3<br \/>\nnode.example.jp Creating a new client identity for node.example.jp using the validator key.<br \/>\nnode.example.jp [2014-12-17T16:30:42+09:00] ERROR: SSL Validation failure connecting to host: chef-server.example.jp - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed<br \/>\nnode.example.jp<br \/>\nnode.example.jp ================================================================================<br \/>\nnode.example.jp Chef encountered an error attempting to create the client \"node.example.jp\"<br \/>\nnode.example.jp ================================================================================<br \/>\nnode.example.jp<br \/>\nnode.example.jp [2014-12-17T16:30:42+09:00] FATAL: Stacktrace dumped to \/var\/chef\/cache\/chef-stacktrace.out<br \/>\nnode.example.jp Chef Client failed. 0 resources updated in 1.168508524 seconds<br \/>\nnode.example.jp [2014-12-17T16:30:42+09:00] ERROR: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed<br \/>\nnode.example.jp [2014-12-17T16:30:42+09:00] FATAL: Chef::Exceptions::ChildConvergeError: Chef run process exited unsuccessfully (exit code 1)<br \/>\nubuntu@ws:~\/chef-repo$<br \/>\n<\/code><\/p>\n<p>Chef Client\u30d1\u30c3\u30b1\u30fc\u30b8\u306e\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3068\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u307e\u3067\u306f\u6210\u529f\u3057\u305f\u3082\u306e\u306e\u3001\u5b9f\u969b\u306bNode\u3092Chef Server\u306b\u767b\u9332\u3059\u308b\u6642\u70b9\u3067SSL\u8a3c\u660e\u66f8\u306e\u691c\u8a3c\u30a8\u30e9\u30fc\u3068\u306a\u308a\u307e\u3057\u305f\u3002<\/p>\n<p>\u5148\u7a0b<strong>knife client list<\/strong>\u3092\u5b9f\u884c\u3057\u305f\u969b\u306e\u30a8\u30e9\u30fc\u30e1\u30c3\u30bb\u30fc\u30b8\u306b\u3069\u3046\u5bfe\u51e6\u3059\u308b\u304b\u66f8\u3044\u3066\u3042\u308a\u307e\u3057\u305f\u3002\u305d\u306e\u524d\u306b<strong>knife ssl check<\/strong>\u3067\u72b6\u6cc1\u3092\u3088\u308a\u8a73\u3057\u304f\u78ba\u8a8d\u3057\u3066\u307f\u307e\u3057\u3087\u3046\u3002<\/p>\n<p><code lang=\"bash\"><br \/>\nubuntu@ws:~\/chef-repo$ knife ssl check<br \/>\nConnecting to host chef-server.example.jp:443<br \/>\nERROR: The SSL certificate of chef-server.example.jp could not be verified<br \/>\nCertificate issuer data: \/C=US\/ST=WA\/L=Seattle\/O=YouCorp\/OU=Operations\/CN=chef-server.example.jp\/emailAddress=you@example.com<\/code><\/p>\n<p><code lang=\"bash\"><code lang=\"bash\"><\/code><\/code><\/p>\n<p>Configuration Info:<\/p>\n<p><code lang=\"bash\"><code lang=\"bash\"><\/code><\/code><\/p>\n<p>OpenSSL Configuration:<br \/>\n* Version: OpenSSL 1.0.1j 15 Oct 2014<br \/>\n* Certificate file: \/opt\/chef\/embedded\/ssl\/cert.pem<br \/>\n* Certificate directory: \/opt\/chef\/embedded\/ssl\/certs<br \/>\nChef SSL Configuration:<br \/>\n* ssl_ca_path: nil<br \/>\n* ssl_ca_file: nil<br \/>\n* trusted_certs_dir: \"\/home\/ubuntu\/chef-repo\/.chef\/trusted_certs\"<\/p>\n<p><code lang=\"bash\"><code lang=\"bash\"><\/code><\/code><\/p>\n<p>TO FIX THIS ERROR:<\/p>\n<p><code lang=\"bash\"><code lang=\"bash\"><\/code><\/code><\/p>\n<p>If the server you are connecting to uses a self-signed certificate, you must<br \/>\nconfigure chef to trust that server's certificate.<\/p>\n<p><code lang=\"bash\"><code lang=\"bash\"><\/code><\/code><\/p>\n<p>By default, the certificate is stored in the following location on the host<br \/>\nwhere your chef-server runs:<\/p>\n<p><code lang=\"bash\"><code lang=\"bash\"><\/code><\/code><\/p>\n<p>\/var\/opt\/chef-server\/nginx\/ca\/SERVER_HOSTNAME.crt<\/p>\n<p><code lang=\"bash\"><code lang=\"bash\"><\/code><\/code><\/p>\n<p>Copy that file to your trusted_certs_dir (currently: \/home\/ubuntu\/chef-repo\/.chef\/trusted_certs)<br \/>\nusing SSH\/SCP or some other secure method, then re-run this command to confirm<br \/>\nthat the server's certificate is now trusted.<\/p>\n<p><code lang=\"bash\"><br \/>\n<\/code><\/p>\n<p><code lang=\"bash\">ubuntu@ws:~\/chef-repo$<br \/>\n<\/code><\/p>\n<p>\u3053\u3053\u3067\u306f\u624b\u52d5\u3067\u306e\u5bfe\u51e6\u65b9\u6cd5\u304c\u51fa\u3066\u3044\u307e\u3059\u3002\u3059\u306a\u308f\u3061\u3001Chef Server\u306e<strong>\/var\/opt\/opscode\/nginx\/ca<\/strong>\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u306b\u81ea\u52d5\u751f\u6210\u3055\u308c\u3066\u3044\u308bSSL\u8a3c\u660e\u66f8\u3092\u3001\u4f55\u3089\u304b\u306e\u30bb\u30ad\u30e5\u30a2\u306a\u624b\u6bb5\u3092\u7528\u3044\u3066Workstation\u306e<strong>.chef\/trusted_certs\/<\/strong>\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u4ee5\u4e0b\u306b\u8a2d\u7f6e\u305b\u3088\u3001\u3068\u3044\u3046\u3053\u3068\u3067\u3059\u3002\u306a\u304a\u30e1\u30c3\u30bb\u30fc\u30b8\u4e2d\u306eChef Server\u306e\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u306f\u30d0\u30b0\u3067\u9593\u9055\u3063\u3066\u3044\u307e\u3059(\u53c2\u8003: <a href=\"https:\/\/github.com\/opscode\/chef\/issues\/2604\">`knife ssh check` points to incorrect chef server file location for Chef Server 12<\/a>)\u3002<\/p>\n<p>Chef Server\u306eSSL\u8a3c\u660e\u66f8\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u3092\u78ba\u8a8d\u3057\u3066\u307f\u307e\u3057\u3087\u3046\u3002<\/p>\n<p><code lang=\"bash\"><br \/>\nubuntu@chef-server:~$ sudo ls -l \/var\/opt\/opscode\/nginx\/ca<br \/>\n[sudo] password for ubuntu:<br \/>\n\u5408\u8a08 12<br \/>\n-rw-r--r-- 1 root root  361 12\u6708 17 15:54 chef-server.example.jp-ssl.conf<br \/>\n-rw-r--r-- 1 root root 1326 12\u6708 17 15:54 chef-server.example.jp.crt<br \/>\n-rw-r--r-- 1 root root 1679 12\u6708 17 15:54 chef-server.example.jp.key<br \/>\nubuntu@chef-server:~$<br \/>\n<\/code><\/p>\n<p>\u5f8c\u3067\u5fc5\u8981\u306b\u306a\u308b\u306e\u3067\u3001SSL\u8a3c\u660e\u66f8\u306eSHA256\u30c1\u30a7\u30c3\u30af\u30b5\u30e0\u3092\u8abf\u3079\u3066\u304a\u304d\u307e\u3059\u3002<\/p>\n<p><code lang=\"bash\"><br \/>\nubuntu@chef-server:~$ sudo sha256sum \/var\/opt\/opscode\/nginx\/ca\/chef-server.example.jp.crt<br \/>\nd76dbd162d075a94a64918301970a9f19799c9c4fbf5cc204b25144ebe14b8ec  \/var\/opt\/opscode\/nginx\/ca\/chef-server.example.jp.crt<br \/>\nubuntu@chef-server:~$<br \/>\n<\/code><\/p>\n<h2>SSL\u8a3c\u660e\u66f8\u306e\u53d6\u5f97<\/h2>\n<p>\u3067\u306f\u3001<strong>knife ssl fetch<\/strong>\u30b3\u30de\u30f3\u30c9\u3092\u7528\u3044\u3066Chef Server\u304b\u3089SSL\u8a3c\u660e\u66f8\u3092\u53d6\u5f97\u3057\u3066\u307f\u307e\u3057\u3087\u3046\u3002<\/p>\n<p><code lang=\"bash\"><br \/>\nubuntu@ws:~\/chef-repo$ knife ssl fetch<br \/>\nWARNING: Certificates from chef-server.example.jp will be fetched and placed in your trusted_cert<br \/>\ndirectory (\/home\/ubuntu\/chef-repo\/.chef\/trusted_certs).<\/code><\/p>\n<p><code lang=\"bash\"><code lang=\"bash\"><\/code><\/code><\/p>\n<p>Knife has no means to verify these are the correct certificates. You should<br \/>\nverify the authenticity of these certificates after downloading.<\/p>\n<p><code lang=\"bash\"><br \/>\n<\/code><\/p>\n<p><code lang=\"bash\">Adding certificate for chef-server.example.jp in \/home\/ubuntu\/chef-repo\/.chef\/trusted_certs\/chef-server_example_jp.crt<br \/>\nubuntu@ws:~\/chef-repo$<br \/>\n<\/code><\/p>\n<p>\u53d6\u5f97\u3067\u304d\u307e\u3057\u305f\u3002<strong>.chef\/trusted_certs\/<\/strong>\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u3092\u78ba\u8a8d\u3057\u3066\u307f\u307e\u3059\u3002<\/p>\n<p><code lang=\"bash\"><br \/>\nubuntu@ws:~\/chef-repo$ ls -l .chef\/trusted_certs\/<br \/>\n\u5408\u8a08 4<br \/>\n-rw-r--r-- 1 ubuntu ubuntu 1326 12\u6708 17 16:34 chef-server_example_jp.crt<br \/>\nubuntu@ws:~\/chef-repo$<br \/>\n<\/code><\/p>\n<p>\u30e1\u30c3\u30bb\u30fc\u30b8\u306b\u3042\u308b\u901a\u308a\u3001\u672c\u5f53\u306b\u6b63\u3057\u3044SSL\u8a3c\u660e\u66f8\u3092\u53d6\u5f97\u3057\u305f\u306e\u304b\u3069\u3046\u304b\u3092\u8abf\u3079\u308b\u8853\u3092knife\u306f\u6301\u3063\u3066\u3044\u307e\u305b\u3093\u3002\u306a\u306e\u3067\u3001\u5148\u7a0bChef Server\u4e0a\u3067\u78ba\u8a8d\u3057\u305fSSL\u8a3c\u660e\u66f8\u306eSHA256\u30c1\u30a7\u30c3\u30af\u30b5\u30e0\u3068\u7a81\u304d\u5408\u308f\u305b\u3092\u884c\u3044\u307e\u3059\u3002<\/p>\n<p><code lang=\"bash\"><br \/>\nubuntu@ws:~\/chef-repo$ sha256sum .chef\/trusted_certs\/chef-server_example_jp.crt<br \/>\nd76dbd162d075a94a64918301970a9f19799c9c4fbf5cc204b25144ebe14b8ec  .chef\/trusted_certs\/chef-server_example_jp.crt<br \/>\nubuntu@ws:~\/chef-repo$<br \/>\n<\/code><\/p>\n<p>SHA256\u30c1\u30a7\u30c3\u30af\u30b5\u30e0\u304c\u7b49\u3057\u3044\u306e\u3067\u3001\u6b63\u3057\u304fSSL\u8a3c\u660e\u66f8\u3092\u53d6\u5f97\u3067\u304d\u305f\u3053\u3068\u304c\u78ba\u8a8d\u3067\u304d\u307e\u3057\u305f\u3002<\/p>\n<p>\u3067\u306f\u3001\u901a\u4fe1\u304c\u3067\u304d\u308b\u304b\u78ba\u8a8d\u3057\u3066\u307f\u307e\u3057\u3087\u3046\u3002\u307e\u305a<strong>knife ssl check<\/strong>\u30b3\u30de\u30f3\u30c9\u3067\u3059\u3002<\/p>\n<p><code lang=\"bash\"><br \/>\nubuntu@ws:~\/chef-repo$ knife ssl check<br \/>\nConnecting to host chef-server.example.jp:443<br \/>\nSuccessfully verified certificates from `chef-server.example.jp'<br \/>\nubuntu@ws:~\/chef-repo$<br \/>\n<\/code><\/p>\n<p>SSL\u8a3c\u660e\u66f8\u306e\u691c\u8a3c\u306b\u6210\u529f\u3057\u307e\u3057\u305f\u3002\u6b21\u306b<strong>knife client list<\/strong>\u30b3\u30de\u30f3\u30c9\u3067\u3059\u3002<\/p>\n<p><code lang=\"bash\"><br \/>\nubuntu@ws:~\/chef-repo$ knife client list<br \/>\ntestorg-validator<br \/>\nubuntu@ws:~\/chef-repo$<br \/>\n<\/code><\/p>\n<p>\u554f\u984c\u306a\u304fClient\u4e00\u89a7\u304c\u53d6\u5f97\u3067\u304d\u307e\u3057\u305f\u3002\u305d\u3057\u3066<strong>knife bootstrap<\/strong>\u30b3\u30de\u30f3\u30c9\u3067\u3059\u3002<\/p>\n<p><code lang=\"bash\"><br \/>\nubuntu@ws:~\/chef-repo$ knife bootstrap node.example.jp -x ubuntu --sudo<br \/>\nConnecting to node.example.jp<br \/>\nFailed to authenticate ubuntu - trying password auth<br \/>\nEnter your password:<br \/>\nnode.example.jp knife sudo password:<br \/>\nnode.example.jp<br \/>\nnode.example.jp Starting first Chef Client run...<br \/>\nnode.example.jp Starting Chef Client, version 12.0.3<br \/>\nnode.example.jp Creating a new client identity for node.example.jp using the validator key.<br \/>\nnode.example.jp resolving cookbooks for run list: []<br \/>\nnode.example.jp Synchronizing Cookbooks:<br \/>\nnode.example.jp Compiling Cookbooks...<br \/>\nnode.example.jp [2014-12-17T16:36:56+09:00] WARN: Node node.example.jp has an empty run list.<br \/>\nnode.example.jp Converging 0 resources<br \/>\nnode.example.jp<br \/>\nnode.example.jp Running handlers:<br \/>\nnode.example.jp Running handlers complete<br \/>\nnode.example.jp Chef Client finished, 0\/0 resources updated in 1.812147235 seconds<br \/>\nubuntu@ws:~\/chef-repo$ <\/code><\/p>\n<p><code lang=\"bash\"><br \/>\n<\/code><\/p>\n<p><code lang=\"bash\">ubuntu@ws:~\/chef-repo$ knife node list<br \/>\nnode.example.jp<br \/>\nubuntu@ws:~\/chef-repo$<br \/>\n<\/code><\/p>\n<p>Node\u3092Chef Server\u306b\u767b\u9332\u3067\u304d\u307e\u3057\u305f\u3002<\/p>\n<p>\u306a\u304a\u3001bootstrap\u6642\u306bSSL\u8a3c\u660e\u66f8\u304cWorkstation\u304b\u3089Node\u306b\u8ee2\u9001\u3055\u308c\u3001<strong>\/etc\/chef\/trusted_certs\/<\/strong>\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u4ee5\u4e0b\u306b\u4fdd\u5b58\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>\u6b21\u306f\u3001Workstation\u3067SSL\u8a3c\u660e\u66f8\u3092\u53d6\u5f97\u3057\u3066\u304a\u3089\u305a\u3001Chef Server\u3078\u306e\u767b\u9332\u306b\u5931\u6557\u3057\u305f\u969b\u306eNode\u306e<strong>\/etc\/chef\/<\/strong>\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u306e\u72b6\u614b\u3067\u3059\u3002<\/p>\n<p><code lang=\"bash\"><br \/>\nubuntu@node:~$ ls -la \/etc\/chef\/<br \/>\n\u5408\u8a08 20<br \/>\ndrwxr-xr-x  2 root root 4096 12\u6708 17 16:39 .<br \/>\ndrwxr-xr-x 90 root root 4096 12\u6708 17 16:39 ..<br \/>\n-rw-r--r--  1 root root  173 12\u6708 17 16:39 client.rb<br \/>\n-rw-r--r--  1 root root   16 12\u6708 17 16:39 first-boot.json<br \/>\n-rw-------  1 root root 1679 12\u6708 17 16:39 validation.pem<br \/>\nubuntu@node:~$<br \/>\n<\/code><\/p>\n<p>\u6b21\u306f\u3001Workstation\u3067SSL\u8a3c\u660e\u66f8\u3092\u53d6\u5f97\u3057\u3066\u304a\u308a\u3001Chef Server\u3078\u306e\u767b\u9332\u306b\u6210\u529f\u3057\u305f\u969b\u306eNode\u306e<strong>\/etc\/chef\/<\/strong>\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u306e\u72b6\u614b\u3067\u3059\u3002<strong>\/etc\/chef\/trusted_certs\/<\/strong>\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u4ee5\u4e0b\u306bSSL\u8a3c\u660e\u66f8\u304c\u8a2d\u7f6e\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n<p><code lang=\"bash\"><br \/>\nubuntu@node:~$ ls -la \/etc\/chef\/<br \/>\n\u5408\u8a08 28<br \/>\ndrwxr-xr-x  3 root root 4096 12\u6708 17 16:40 .<br \/>\ndrwxr-xr-x 90 root root 4096 12\u6708 17 16:39 ..<br \/>\n-rw-------  1 root root 1675 12\u6708 17 16:40 client.pem<br \/>\n-rw-r--r--  1 root root  217 12\u6708 17 16:40 client.rb<br \/>\n-rw-r--r--  1 root root   16 12\u6708 17 16:40 first-boot.json<br \/>\ndrwxr-xr-x  2 root root 4096 12\u6708 17 16:40 trusted_certs<br \/>\n-rw-------  1 root root 1679 12\u6708 17 16:40 validation.pem<br \/>\nubuntu@node:~$ ls -la \/etc\/chef\/trusted_certs\/<br \/>\n\u5408\u8a08 12<br \/>\ndrwxr-xr-x 2 root root 4096 12\u6708 17 16:40 .<br \/>\ndrwxr-xr-x 3 root root 4096 12\u6708 17 16:40 ..<br \/>\n-rw-r--r-- 1 root root 1327 12\u6708 17 16:40 chef-server_example_jp.crt<br \/>\nubuntu@node:~$<br \/>\n<\/code><\/p>\n<p>\u3053\u306eSSL\u8a3c\u660e\u66f8\u306eSHA256\u30c1\u30a7\u30c3\u30af\u30b5\u30e0\u3092\u78ba\u8a8d\u3057\u3066\u307f\u307e\u3057\u3087\u3046\u3002\u7121\u99c4\u306a\u6539\u884c\u304c\u672b\u5c3e\u306b\u5165\u3063\u3066\u3044\u305f\u305f\u3081<strong>head<\/strong>\u30b3\u30de\u30f3\u30c9\u3067\u672b\u5c3e\u3092\u30ab\u30c3\u30c8\u3057\u3066\u3044\u307e\u3059\u304c\u3001SHA256\u30c1\u30a7\u30c3\u30af\u30b5\u30e0\u304c\u7b49\u3057\u3044\u3053\u3068\u304c\u308f\u304b\u308a\u307e\u3059\u3002<\/p>\n<p><code lang=\"bash\"><br \/>\nubuntu@node:~$ head -n -1 \/etc\/chef\/trusted_certs\/chef-server_example_jp.crt | sha256sum<br \/>\nd76dbd162d075a94a64918301970a9f19799c9c4fbf5cc204b25144ebe14b8ec  -<br \/>\nubuntu@node:~$<br \/>\n<\/code><\/p>\n<h2>knife bootstrap\u306e\u65b0\u30aa\u30d7\u30b7\u30e7\u30f3<\/h2>\n<p>SSL\u8a3c\u660e\u66f8\u306e\u691c\u8a3c\u306e\u6319\u52d5\u5909\u66f4\u306b\u3088\u308a\u3001<strong>knife bootstrap<\/strong>\u30b3\u30de\u30f3\u30c9\u306b<strong>--[no-]node-verify-api-cert<\/strong>\u30aa\u30d7\u30b7\u30e7\u30f3\u3068<strong>--node-ssl-verify-mode PEER_OR_NONE<\/strong>\u30aa\u30d7\u30b7\u30e7\u30f3\u304c\u8ffd\u52a0\u3055\u308c\u3066\u3044\u307e\u3059\u3002\u3053\u308c\u3089\u3092\u7528\u3044\u308b\u3068\u3001SSL\u8a3c\u660e\u66f8\u3092\u53d6\u5f97\u3057\u3066\u3044\u306a\u3044\u72b6\u614b\u3067\u3082Node\u306bbootstrap\u3092\u884c\u3063\u3066Chef Server\u306b\u767b\u9332\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002<\/p>\n<p>\u307e\u305a\u5148\u306b\u4e21\u30aa\u30d7\u30b7\u30e7\u30f3\u306e\u30c7\u30d5\u30a9\u30eb\u30c8\u5024\u3068\u6319\u52d5\u3092\u8868\u306b\u307e\u3068\u3081\u307e\u3059\u3002<\/p>\n<table border=\"border\">\n<tbody>\n<tr>\n<th style=\"padding: 5px;\">x<\/th>\n<th style=\"padding: 5px;\">\u30c7\u30d5\u30a9\u30eb\u30c8\u5024<\/th>\n<th style=\"padding: 5px;\">\u7d44\u307f\u5408\u308f\u305b1<\/th>\n<th style=\"padding: 5px;\">\u7d44\u307f\u5408\u308f\u305b2<\/th>\n<th style=\"padding: 5px;\">\u7d44\u307f\u5408\u308f\u305b3<\/th>\n<\/tr>\n<tr>\n<td style=\"padding: 5px;\">--node-ssl-verify-mode<\/td>\n<td style=\"padding: 5px;\">peer<\/td>\n<td style=\"padding: 5px;\">peer<\/td>\n<td style=\"padding: 5px;\">none<\/td>\n<td style=\"padding: 5px;\">none<\/td>\n<\/tr>\n<tr>\n<td style=\"padding: 5px;\">--node-verify-api-cert<\/td>\n<td style=\"padding: 5px;\">false<\/td>\n<td style=\"padding: 5px;\">true<\/td>\n<td style=\"padding: 5px;\">false<\/td>\n<td style=\"padding: 5px;\">true<\/td>\n<\/tr>\n<tr>\n<td style=\"padding: 5px;\">Chef Server API\u63a5\u7d9a\u4ee5\u5916<\/td>\n<td style=\"padding: 5px;\">\u691c\u8a3c\u3059\u308b<\/td>\n<td style=\"padding: 5px;\">\u691c\u8a3c\u3059\u308b<\/td>\n<td style=\"padding: 5px;\">\u691c\u8a3c\u3057\u306a\u3044<\/td>\n<td style=\"padding: 5px;\">\u691c\u8a3c\u3057\u306a\u3044<\/td>\n<\/tr>\n<tr>\n<td style=\"padding: 5px;\">Chef Server API\u63a5\u7d9a\u306e\u307f<\/td>\n<td style=\"padding: 5px;\"><strong>\u691c\u8a3c\u3059\u308b<\/strong>(\u203b1)<\/td>\n<td style=\"padding: 5px;\">\u691c\u8a3c\u3059\u308b<\/td>\n<td style=\"padding: 5px;\">\u691c\u8a3c\u3057\u306a\u3044<\/td>\n<td style=\"padding: 5px;\"><strong>\u691c\u8a3c\u3059\u308b<\/strong>(\u203b2)<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><strong>--node-ssl-verify-mode<\/strong>\u30aa\u30d7\u30b7\u30e7\u30f3\u306f\u3001Chef Server\u3092\u542b\u3080<strong>\u3059\u3079\u3066<\/strong>\u306eSSL\u8a3c\u660e\u66f8\u306e\u691c\u8a3c\u3092\u884c\u3046(<strong>peer<\/strong>)\u304b\u884c\u308f\u306a\u3044(<strong>none<\/strong>)\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002<\/p>\n<p><strong>--node-verify-api-cert<\/strong>\u30aa\u30d7\u30b7\u30e7\u30f3\u306fChef Server<strong>\u306e\u307f<\/strong>\u306eSSL\u8a3c\u660e\u66f8\u306e\u691c\u8a3c\u3092\u884c\u3046\u3068\u3044\u3046\u610f\u5473\u3092\u6301\u3061\u307e\u3059\u3002<strong>--node-ssl-verify-mode<\/strong>\u304c<strong>none<\/strong>\u306a\u3089\u3070\u3001Chef Server\u306eSSL\u8a3c\u660e\u66f8\u306e\u307f\u3092\u691c\u8a3c\u3057\u3001\u305d\u308c\u4ee5\u5916\u306eSSL\u8a3c\u660e\u66f8\u306e\u691c\u8a3c\u306f\u884c\u3044\u307e\u305b\u3093(\u203b2)\u3002<\/p>\n<p><strong>--no-node-verify-api-cert<\/strong>\u30aa\u30d7\u30b7\u30e7\u30f3\u306f<strong>--node-ssl-verify-mode<\/strong>\u306e\u6307\u5b9a\u306b\u4f9d\u5b58\u3057\u307e\u3059\u3002<strong>peer<\/strong>\u306e\u5834\u5408\u306f\u3053\u306e\u30aa\u30d7\u30b7\u30e7\u30f3\u306b\u95a2\u308f\u3089\u305a\u3001Chef Server\u306eSSL\u8a3c\u660e\u66f8\u306e\u691c\u8a3c\u3082\u884c\u3044\u307e\u3059(\u203b1)\u3002<\/p>\n<h3>\u30c7\u30d5\u30a9\u30eb\u30c8<\/h3>\n<p>Chef Server API\u306eSSL\u8a3c\u660e\u66f8\u3092\u691c\u8a3c\u3059\u308b\u305f\u3081\u3001Node\u306e\u767b\u9332\u304c\u3067\u304d\u307e\u305b\u3093\u3002<\/p>\n<p><code lang=\"bash\"><br \/>\nubuntu@ws:~\/chef-repo$ knife bootstrap node.example.jp -x ubuntu --sudo --node-ssl-verify-mode peer --no-node-verify-api-cert<br \/>\nConnecting to node.example.jp<br \/>\nFailed to authenticate ubuntu - trying password auth<br \/>\nEnter your password:<br \/>\nnode.example.jp knife sudo password:<br \/>\nnode.example.jp<br \/>\nnode.example.jp Starting first Chef Client run...<br \/>\nnode.example.jp Starting Chef Client, version 12.0.3<br \/>\nnode.example.jp [2014-12-18T10:26:35+09:00] ERROR: SSL Validation failure connecting to host: chef-server.example.jp - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed<br \/>\nnode.example.jp<br \/>\nnode.example.jp ================================================================================<br \/>\nnode.example.jp Chef encountered an error attempting to load the node data for \"node.example.jp\"<br \/>\nnode.example.jp ================================================================================<br \/>\nnode.example.jp<br \/>\nnode.example.jp Unexpected Error:<br \/>\nnode.example.jp -----------------<br \/>\nnode.example.jp OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed<br \/>\nnode.example.jp<br \/>\nnode.example.jp [2014-12-18T10:26:35+09:00] FATAL: Stacktrace dumped to \/var\/chef\/cache\/chef-stacktrace.out<br \/>\nnode.example.jp Chef Client failed. 0 resources updated in 1.868196441 seconds<br \/>\nnode.example.jp [2014-12-18T10:26:35+09:00] ERROR: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed<br \/>\nnode.example.jp [2014-12-18T10:26:35+09:00] FATAL: Chef::Exceptions::ChildConvergeError: Chef run process exited unsuccessfully (exit code 1)<br \/>\nubuntu@ws:~\/chef-repo$<br \/>\n<\/code><\/p>\n<h3>\u7d44\u307f\u5408\u308f\u305b1<\/h3>\n<p>Chef Server API\u306eSSL\u8a3c\u660e\u66f8\u3092\u691c\u8a3c\u3059\u308b\u305f\u3081\u3001Node\u306e\u767b\u9332\u304c\u3067\u304d\u307e\u305b\u3093\u3002<\/p>\n<p><code lang=\"bash\"><br \/>\nubuntu@ws:~\/chef-repo$ knife bootstrap node.example.jp -x ubuntu --sudo --node-ssl-verify-mode peer --node-verify-api-cert<br \/>\nConnecting to node.example.jp<br \/>\nFailed to authenticate ubuntu - trying password auth<br \/>\nEnter your password:<br \/>\nnode.example.jp knife sudo password:<br \/>\nnode.example.jp<br \/>\nnode.example.jp Starting first Chef Client run...<br \/>\nnode.example.jp Starting Chef Client, version 12.0.3<br \/>\nnode.example.jp [2014-12-18T10:27:16+09:00] ERROR: SSL Validation failure connecting to host: chef-server.example.jp - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed<br \/>\nnode.example.jp<br \/>\nnode.example.jp ================================================================================<br \/>\nnode.example.jp Chef encountered an error attempting to load the node data for \"node.example.jp\"<br \/>\nnode.example.jp ================================================================================<br \/>\nnode.example.jp<br \/>\nnode.example.jp Unexpected Error:<br \/>\nnode.example.jp -----------------<br \/>\nnode.example.jp OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed<br \/>\nnode.example.jp<br \/>\nnode.example.jp [2014-12-18T10:27:16+09:00] FATAL: Stacktrace dumped to \/var\/chef\/cache\/chef-stacktrace.out<br \/>\nnode.example.jp Chef Client failed. 0 resources updated in 0.928070223 seconds<br \/>\nnode.example.jp [2014-12-18T10:27:16+09:00] ERROR: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed<br \/>\nnode.example.jp [2014-12-18T10:27:16+09:00] FATAL: Chef::Exceptions::ChildConvergeError: Chef run process exited unsuccessfully (exit code 1)<br \/>\nubuntu@ws:~\/chef-repo$<br \/>\n<\/code><\/p>\n<h3>\u7d44\u307f\u5408\u308f\u305b2<\/h3>\n<p>Chef Server API\u306eSSL\u8a3c\u660e\u66f8\u3092\u691c\u8a3c\u3057\u306a\u3044\u306e\u3067\u3001\u305d\u306e\u65e8\u3092\u793a\u3059\u8b66\u544a\u3068\u3068\u3082\u306bNode\u304c\u767b\u9332\u3067\u304d\u307e\u3057\u305f\u3002<\/p>\n<p><code lang=\"bash\"><br \/>\nubuntu@ws:~\/chef-repo$ knife bootstrap node.example.jp -x ubuntu --sudo --node-ssl-verify-mode none --no-node-verify-api-cert<br \/>\nConnecting to node.example.jp<br \/>\nFailed to authenticate ubuntu - trying password auth<br \/>\nEnter your password:<br \/>\nnode.example.jp knife sudo password:<br \/>\nnode.example.jp<br \/>\nnode.example.jp Starting first Chef Client run...<br \/>\nnode.example.jp [2014-12-18T10:28:53+09:00] WARN:<br \/>\nnode.example.jp * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *<br \/>\nnode.example.jp SSL validation of HTTPS requests is disabled. HTTPS connections are still<br \/>\nnode.example.jp encrypted, but chef is not able to detect forged replies or man in the middle<br \/>\nnode.example.jp attacks.<br \/>\nnode.example.jp<br \/>\nnode.example.jp To fix this issue add an entry like this to your configuration file:<br \/>\nnode.example.jp<br \/>\nnode.example.jp ```<br \/>\nnode.example.jp   # Verify all HTTPS connections (recommended)<br \/>\nnode.example.jp   ssl_verify_mode :verify_peer<br \/>\nnode.example.jp<br \/>\nnode.example.jp   # OR, Verify only connections to chef-server<br \/>\nnode.example.jp   verify_api_cert true<br \/>\nnode.example.jp ```<br \/>\nnode.example.jp<br \/>\nnode.example.jp To check your SSL configuration, or troubleshoot errors, you can use the<br \/>\nnode.example.jp `knife ssl check` command like so:<br \/>\nnode.example.jp<br \/>\nnode.example.jp ```<br \/>\nnode.example.jp   knife ssl check -c \/etc\/chef\/client.rb<br \/>\nnode.example.jp ```<br \/>\nnode.example.jp<br \/>\nnode.example.jp * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *<br \/>\nnode.example.jp<br \/>\nnode.example.jp Starting Chef Client, version 12.0.3<br \/>\nnode.example.jp Creating a new client identity for node.example.jp using the validator key.<br \/>\nnode.example.jp resolving cookbooks for run list: []<br \/>\nnode.example.jp Synchronizing Cookbooks:<br \/>\nnode.example.jp Compiling Cookbooks...<br \/>\nnode.example.jp [2014-12-18T10:28:55+09:00] WARN: Node node.example.jp has an empty run list.<br \/>\nnode.example.jp Converging 0 resources<br \/>\nnode.example.jp<br \/>\nnode.example.jp Running handlers:<br \/>\nnode.example.jp Running handlers complete<br \/>\nnode.example.jp Chef Client finished, 0\/0 resources updated in 2.03396257 seconds<br \/>\nubuntu@ws:~\/chef-repo$<br \/>\n<\/code><\/p>\n<p>\u306a\u304a\u3001\u3053\u306e\u8a2d\u5b9a\u3067bootstrap\u3057\u305fNode\u3067\u306f\u3059\u3079\u3066\u306eSSL\u8a3c\u660e\u66f8\u3092\u691c\u8a3c\u3057\u306a\u3044\u306e\u3067\u3001\u4f8b\u3048\u3070<strong>remote_file<\/strong> Resource\u3067\u3082SSL\u8a3c\u660e\u66f8\u306e\u691c\u8a3c\u3092\u884c\u3044\u307e\u305b\u3093\u3002<\/p>\n<p><code lang=\"bash\"><br \/>\nubuntu@node:~$ chef-shell -c \/etc\/chef\/client.rb<br \/>\nloading configuration: \/etc\/chef\/client.rb<br \/>\nSession type: standalone<br \/>\nLoading..done.<\/code><\/p>\n<p><code lang=\"bash\"><code lang=\"bash\"><\/code><\/code><\/p>\n<p>This is the chef-shell.<br \/>\nChef Version: 12.0.3<br \/>\nhttp:\/\/www.opscode.com\/chef<br \/>\nhttp:\/\/docs.opscode.com\/<\/p>\n<p><code lang=\"bash\"><code lang=\"bash\"><\/code><\/code><\/p>\n<p>run `help' for help, `exit' or ^D to quit.<\/p>\n<p><code lang=\"bash\"><br \/>\n<\/code><\/p>\n<p><code lang=\"bash\">Ohai2u ubuntu@node.example.jp!<br \/>\nchef &gt; recipe_mode<br \/>\nchef:recipe &gt; remote_file \"\/tmp\/index.html\" do ; source \"https:\/\/192.168.122.101\/\" ; end<br \/>\n=&gt; &lt;remote_file[ tmp=\"\" index.html]=\"\" @name:=\"\" \"=\"\" index.html\"=\"\" @noop:=\"\" nil=\"\" @before:=\"\" @params:=\"\" {}=\"\" @provider:=\"\" chef::provider::remotefile=\"\" @allowed_actions:=\"\" [:nothing,=\"\" :create,=\"\" :delete,=\"\" :touch,=\"\" :create_if_missing]=\"\" @action:=\"\" \"create\"=\"\" @updated:=\"\" false=\"\" @updated_by_last_action:=\"\" @supports:=\"\" @ignore_failure:=\"\" @retries:=\"\" 0=\"\" @retry_delay:=\"\" 2=\"\" @source_line:=\"\" \"(irb#1):1:in=\"\" `irb_binding'\"=\"\" @guard_interpreter:=\"\" @default_guard_interpreter:=\"\" :default=\"\" @elapsed_time:=\"\" @sensitive:=\"\" @resource_name:=\"\" :remote_file=\"\" @path:=\"\" @backup:=\"\" 5=\"\" @atomic_update:=\"\" true=\"\" @force_unlink:=\"\" @manage_symlink_source:=\"\" @diff:=\"\" @source:=\"\" [\"https:=\"\" 192.168.122.101=\"\" \"]=\"\" @use_etag:=\"\" @use_last_modified:=\"\" @ftp_active_mode:=\"\" @headers:=\"\" @declared_type:=\"\" @cookbook_name:=\"\" @recipe_name:=\"\"&gt;<br \/>\nchef:recipe &gt; run_chef<br \/>\n[2014-12-18T10:45:21+09:00] INFO: Processing remote_file[\/tmp\/index.html] action create ((irb#1) line 1)<br \/>\n[2014-12-18T10:45:21+09:00] DEBUG: remote_file[\/tmp\/index.html] checksumming file at \/tmp\/index.html.<br \/>\n[2014-12-18T10:45:21+09:00] DEBUG: remote_file[\/tmp\/index.html] checking for changes<br \/>\n[2014-12-18T10:45:21+09:00] INFO: Unable to access cache at \/var\/chef. Switching cache to \/home\/ubuntu\/.chef<br \/>\n[2014-12-18T10:45:21+09:00] DEBUG: Cache control headers: {\"if-modified-since\"=&gt;\"Thu, 18 Dec 2014 01:43:24 GMT\", \"if-none-match\"=&gt;\"\\\"2cf6-50a732a46409e-gzip\\\"\"}<br \/>\n[2014-12-18T10:45:21+09:00] DEBUG: Chef::HTTP calling Chef::HTTP::Decompressor#handle_request<br \/>\n[2014-12-18T10:45:21+09:00] DEBUG: Chef::HTTP calling Chef::HTTP::CookieManager#handle_request<br \/>\n[2014-12-18T10:45:21+09:00] DEBUG: Chef::HTTP calling Chef::HTTP::ValidateContentLength#handle_request<br \/>\n[2014-12-18T10:45:21+09:00] DEBUG: Initiating GET to https:\/\/192.168.122.101\/<br \/>\n[2014-12-18T10:45:21+09:00] DEBUG: ---- HTTP Request Header Data: ----<br \/>\n[2014-12-18T10:45:21+09:00] DEBUG: if-modified-since: Thu, 18 Dec 2014 01:43:24 GMT<br \/>\n[2014-12-18T10:45:21+09:00] DEBUG: if-none-match: \"2cf6-50a732a46409e-gzip\"<br \/>\n[2014-12-18T10:45:21+09:00] DEBUG: Accept-Encoding: gzip;q=1.0,deflate;q=0.6,identity;q=0.3<br \/>\n[2014-12-18T10:45:21+09:00] DEBUG: ---- End HTTP Request Header Data ----<br \/>\n[2014-12-18T10:45:21+09:00] DEBUG: ---- HTTP Status and Header Data: ----<br \/>\n[2014-12-18T10:45:21+09:00] DEBUG: HTTP 1.1 200 OK<br \/>\n[2014-12-18T10:45:21+09:00] DEBUG: date: Thu, 18 Dec 2014 01:45:21 GMT<br \/>\n[2014-12-18T10:45:21+09:00] DEBUG: server: Apache\/2.4.7 (Ubuntu)<br \/>\n[2014-12-18T10:45:21+09:00] DEBUG: last-modified: Thu, 18 Dec 2014 01:03:50 GMT<br \/>\n[2014-12-18T10:45:21+09:00] DEBUG: etag: \"2cf6-50a732a46409e-gzip\"<br \/>\n[2014-12-18T10:45:21+09:00] DEBUG: accept-ranges: bytes<br \/>\n[2014-12-18T10:45:21+09:00] DEBUG: vary: Accept-Encoding<br \/>\n[2014-12-18T10:45:21+09:00] DEBUG: content-encoding: gzip<br \/>\n[2014-12-18T10:45:21+09:00] DEBUG: content-length: 3256<br \/>\n[2014-12-18T10:45:21+09:00] DEBUG: connection: close<br \/>\n[2014-12-18T10:45:21+09:00] DEBUG: content-type: text\/html<br \/>\n[2014-12-18T10:45:21+09:00] DEBUG: ---- End HTTP Status\/Header Data ----<br \/>\n[2014-12-18T10:45:21+09:00] DEBUG: Streaming download from https:\/\/192.168.122.101\/ to tempfile \/tmp\/chef-rest20141218-3903-j66u2<br \/>\n[2014-12-18T10:45:21+09:00] DEBUG: Initializing gzip stream deflator<br \/>\n[2014-12-18T10:45:21+09:00] DEBUG: Chef::HTTP::StreamHandler calling Chef::HTTP::ValidateContentLength::ContentLengthCounter#handle_chunk<br \/>\n[2014-12-18T10:45:21+09:00] DEBUG: Chef::HTTP::StreamHandler calling Chef::HTTP::Decompressor::GzipInflater#handle_chunk<br \/>\n[2014-12-18T10:45:21+09:00] DEBUG: Chef::HTTP::StreamHandler calling Chef::HTTP::ValidateContentLength::ContentLengthCounter#handle_chunk<br \/>\n[2014-12-18T10:45:21+09:00] DEBUG: Chef::HTTP::StreamHandler calling Chef::HTTP::Decompressor::GzipInflater#handle_chunk<br \/>\n[2014-12-18T10:45:21+09:00] DEBUG: Chef::HTTP::StreamHandler calling Chef::HTTP::ValidateContentLength::ContentLengthCounter#handle_chunk<br \/>\n[2014-12-18T10:45:21+09:00] DEBUG: Chef::HTTP::StreamHandler calling Chef::HTTP::Decompressor::GzipInflater#handle_chunk<br \/>\n[2014-12-18T10:45:21+09:00] DEBUG: Chef::HTTP::StreamHandler calling Chef::HTTP::ValidateContentLength::ContentLengthCounter#handle_chunk<br \/>\n[2014-12-18T10:45:21+09:00] DEBUG: Chef::HTTP::StreamHandler calling Chef::HTTP::Decompressor::GzipInflater#handle_chunk<br \/>\n[2014-12-18T10:45:21+09:00] DEBUG: Chef::HTTP calling Chef::HTTP::ValidateContentLength#handle_stream_complete<br \/>\n[2014-12-18T10:45:21+09:00] DEBUG: Content-Length validated correctly.<br \/>\n[2014-12-18T10:45:21+09:00] DEBUG: Chef::HTTP calling Chef::HTTP::CookieManager#handle_stream_complete<br \/>\n[2014-12-18T10:45:21+09:00] DEBUG: Chef::HTTP calling Chef::HTTP::Decompressor#handle_stream_complete<br \/>\n[2014-12-18T10:45:21+09:00] INFO: Unable to access cache at \/var\/chef. Switching cache to \/home\/ubuntu\/.chef<br \/>\n[2014-12-18T10:45:21+09:00] DEBUG: calculating checksum of \/tmp\/chef-rest20141218-3903-j66u2 to compare with 538f31569367cebb992643e46213f223fc20113e63a2e814a1dcb64a858ffb2e<br \/>\n[2014-12-18T10:45:21+09:00] DEBUG: found target_mode == nil, so no mode was specified on resource, not managing mode<br \/>\n[2014-12-18T10:45:21+09:00] DEBUG: found target_uid == nil, so no owner was specified on resource, not managing owner<br \/>\n[2014-12-18T10:45:21+09:00] DEBUG: found target_gid == nil, so no group was specified on resource, not managing group<br \/>\n=&gt; true<br \/>\nchef:recipe &gt; exit<br \/>\n=&gt; :recipe<br \/>\nchef &gt; exit<br \/>\nubuntu@node:~$ ls -l \/tmp\/index.html<br \/>\n-rw-rw-r-- 1 ubuntu ubuntu 11510 12\u6708 18 10:43 \/tmp\/index.html<br \/>\nubuntu@node:~$<br \/>\n&lt;\/remote_file[&gt;<\/code><\/p>\n<h3>\u7d44\u307f\u5408\u308f\u305b3<\/h3>\n<p>Chef Server API\u306eSSL\u8a3c\u660e\u66f8\u3092\u691c\u8a3c\u3059\u308b\u305f\u3081\u3001Node\u306e\u767b\u9332\u304c\u3067\u304d\u307e\u305b\u3093\u3002<\/p>\n<p><code lang=\"bash\"><br \/>\nubuntu@ws:~\/chef-repo$ knife bootstrap node.example.jp -x ubuntu --sudo --node-ssl-verify-mode none --node-verify-api-cert<br \/>\nConnecting to node.example.jp<br \/>\nFailed to authenticate ubuntu - trying password auth<br \/>\nEnter your password:<br \/>\nnode.example.jp knife sudo password:<br \/>\nnode.example.jp<br \/>\nnode.example.jp Starting first Chef Client run...<br \/>\nnode.example.jp Starting Chef Client, version 12.0.3<br \/>\nnode.example.jp Creating a new client identity for node.example.jp using the validator key.<br \/>\nnode.example.jp [2014-12-18T10:31:27+09:00] ERROR: SSL Validation failure connecting to host: chef-server.example.jp - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed<br \/>\nnode.example.jp<br \/>\nnode.example.jp ================================================================================<br \/>\nnode.example.jp Chef encountered an error attempting to create the client \"node.example.jp\"<br \/>\nnode.example.jp ================================================================================<br \/>\nnode.example.jp<br \/>\nnode.example.jp [2014-12-18T10:31:27+09:00] FATAL: Stacktrace dumped to \/var\/chef\/cache\/chef-stacktrace.out<br \/>\nnode.example.jp Chef Client failed. 0 resources updated in 1.158192561 seconds<br \/>\nnode.example.jp [2014-12-18T10:31:27+09:00] ERROR: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed<br \/>\nnode.example.jp [2014-12-18T10:31:27+09:00] FATAL: Chef::Exceptions::ChildConvergeError: Chef run process exited unsuccessfully (exit code 1)<br \/>\nubuntu@ws:~\/chef-repo$<br \/>\n<\/code><\/p>\n<p>\u3053\u308c\u3089\u306e\u8a2d\u5b9a\u306f<strong>knife.rb<\/strong>\u30d5\u30a1\u30a4\u30eb\u3084<strong>client.rb<\/strong>\u30d5\u30a1\u30a4\u30eb\u306e<strong>ssl_verify_mode<\/strong>\u30aa\u30d7\u30b7\u30e7\u30f3\u3084<strong>verify_api_cert<\/strong>\u30aa\u30d7\u30b7\u30e7\u30f3\u3067\u3082\u5236\u5fa1\u3055\u308c\u3066\u3044\u307e\u3059\u3002Node\u306e\u767b\u9332\u3092\u884c\u3063\u305f\u5f8c\u304b\u3089\u3067\u3082SSL\u8a3c\u660e\u66f8\u306e\u691c\u8a3c\u306e\u6319\u52d5\u3092\u5909\u66f4\u3067\u304d\u307e\u3059\u3002<\/p>\n<h2>\u307e\u3068\u3081<\/h2>\n<p>SSL\u8a3c\u660e\u66f8\u306e\u691c\u8a3c\u304c\u30c7\u30d5\u30a9\u30eb\u30c8\u3067\u6709\u52b9\u306b\u306a\u3063\u305f\u3053\u3068\u3067\u3001Chef\u304c\u884c\u3046\u901a\u4fe1\u306e\u5b89\u5168\u6027\u304c\u9ad8\u3081\u3089\u308c\u308b\u3053\u3068\u306b\u306a\u308a\u307e\u3057\u305f\u3002\u307e\u305f\u3053\u308c\u306b\u3088\u3063\u3066\u5897\u3048\u305f\u8a2d\u5b9a\u4f5c\u696d\u3082\u6975\u529b\u624b\u9593\u304c\u304b\u304b\u3089\u306a\u3044\u3088\u3046\u306b\u5de5\u592b\u3055\u308c\u3066\u3044\u307e\u3059\u3002\u662f\u975e\u6d3b\u7528\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u65e2\u5831\u306e\u901a\u308a\u3001Chef 12\u3067\u306fChef Client\u304b\u3089Chef Server\u306b\u5bfe\u3059\u308b\u3059\u3079\u3066\u306e\u30ea\u30af\u30a8\u30b9\u30c8\u3067SSL\u8a3c\u660e\u66f8\u306e\u691c\u8a3c\u3092\u30c7\u30d5\u30a9\u30eb\u30c8\u3067\u6709\u52b9\u306b\u306a\u308a\u307e\u3057\u305f\u3002\u691c\u8a3c\u306b\u5931\u6557\u3057\u305f\u5834\u5408\u3001\u30ea\u30af\u30a8\u30b9\u30c8\u306f\u4e2d\u6b62\u3055\u308c\u307e\u3059\u3002 SSL\u8a3c\u660e\u66f8\u306e\u691c [&#8230;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"content-type":"","footnotes":""},"categories":[36,31],"tags":[],"class_list":["post-6644","post","type-post","status-publish","format-standard","hentry","category-chef","category-higuchi"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.2 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Chef 12\u306e\u65b0\u6a5f\u80fd: knife ssl check\/fetch #opschef_ja #getchef_ja - Tech Blog\uff5c\u30af\u30ea\u30a8\u30fc\u30b7\u30e7\u30f3\u30e9\u30a4\u30f3<\/title>\n<meta name=\"description\" content=\"Chef, d-higuchi |\u65e2\u5831\u306e\u901a\u308a\u3001Chef 12\u3067\u306fChef Client\u304b\u3089Chef\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/chef\/6644\" \/>\n<meta property=\"og:locale\" content=\"ja_JP\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Chef 12\u306e\u65b0\u6a5f\u80fd: knife ssl check\/fetch #opschef_ja #getchef_ja - Tech Blog\uff5c\u30af\u30ea\u30a8\u30fc\u30b7\u30e7\u30f3\u30e9\u30a4\u30f3\" \/>\n<meta property=\"og:description\" content=\"Chef, d-higuchi |\u65e2\u5831\u306e\u901a\u308a\u3001Chef 12\u3067\u306fChef Client\u304b\u3089Chef\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/chef\/6644\" \/>\n<meta property=\"og:site_name\" content=\"Tech Blog\uff5c\u30af\u30ea\u30a8\u30fc\u30b7\u30e7\u30f3\u30e9\u30a4\u30f3\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/creationline\" \/>\n<meta property=\"article:published_time\" content=\"2014-12-22T02:30:50+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-08-29T04:53:02+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2026\/01\/screenshot.png\" \/>\n\t<meta property=\"og:image:width\" content=\"470\" \/>\n\t<meta property=\"og:image:height\" content=\"394\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Daisuke Higuchi\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@creationline\" \/>\n<meta name=\"twitter:site\" content=\"@creationline\" \/>\n<meta name=\"twitter:label1\" content=\"\u57f7\u7b46\u8005\" \/>\n\t<meta name=\"twitter:data1\" content=\"Daisuke Higuchi\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u63a8\u5b9a\u8aad\u307f\u53d6\u308a\u6642\u9593\" \/>\n\t<meta name=\"twitter:data2\" content=\"14\u5206\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/chef\/6644#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/chef\/6644\"},\"author\":{\"name\":\"Daisuke Higuchi\",\"@id\":\"https:\/\/www.creationline.com\/tech-blog\/#\/schema\/person\/16f1373831fb6fd17387f16ae1195206\"},\"headline\":\"Chef 12\u306e\u65b0\u6a5f\u80fd: knife ssl check\/fetch #opschef_ja #getchef_ja\",\"datePublished\":\"2014-12-22T02:30:50+00:00\",\"dateModified\":\"2023-08-29T04:53:02+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/chef\/6644\"},\"wordCount\":436,\"articleSection\":[\"Chef\",\"d-higuchi\"],\"inLanguage\":\"ja\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/chef\/6644\",\"url\":\"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/chef\/6644\",\"name\":\"Chef 12\u306e\u65b0\u6a5f\u80fd: knife ssl check\/fetch #opschef_ja #getchef_ja - Tech Blog\uff5c\u30af\u30ea\u30a8\u30fc\u30b7\u30e7\u30f3\u30e9\u30a4\u30f3\",\"isPartOf\":{\"@id\":\"https:\/\/www.creationline.com\/tech-blog\/#website\"},\"datePublished\":\"2014-12-22T02:30:50+00:00\",\"dateModified\":\"2023-08-29T04:53:02+00:00\",\"author\":{\"@id\":\"https:\/\/www.creationline.com\/tech-blog\/#\/schema\/person\/16f1373831fb6fd17387f16ae1195206\"},\"description\":\"Chef, d-higuchi |\u65e2\u5831\u306e\u901a\u308a\u3001Chef 12\u3067\u306fChef Client\u304b\u3089Chef\",\"breadcrumb\":{\"@id\":\"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/chef\/6644#breadcrumb\"},\"inLanguage\":\"ja\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/chef\/6644\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/chef\/6644#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"HOME\",\"item\":\"https:\/\/www.creationline.com\/tech-blog\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\u30af\u30e9\u30a6\u30c9\u30cd\u30a4\u30c6\u30a3\u30d6\",\"item\":\"https:\/\/www.creationline.com\/tech-blog\/cloudnative\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Chef\",\"item\":\"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/chef\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Chef 12\u306e\u65b0\u6a5f\u80fd: knife ssl check\/fetch #opschef_ja #getchef_ja\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.creationline.com\/tech-blog\/#website\",\"url\":\"https:\/\/www.creationline.com\/tech-blog\/\",\"name\":\"Tech Blog\uff5c\u30af\u30ea\u30a8\u30fc\u30b7\u30e7\u30f3\u30e9\u30a4\u30f3\",\"description\":\"\u30a2\u30b8\u30e3\u30a4\u30eb\uff06DevOps\u3001\u30af\u30e9\u30a6\u30c9\u30cd\u30a4\u30c6\u30a3\u30d6\u3001AI\uff06LLM\u306e\u5148\u7aef\u6280\u8853\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.creationline.com\/tech-blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"ja\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.creationline.com\/tech-blog\/#\/schema\/person\/16f1373831fb6fd17387f16ae1195206\",\"name\":\"Daisuke Higuchi\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"ja\",\"@id\":\"https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2023\/08\/d-higuchi-wp-icon-230x230.png\",\"url\":\"https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2023\/08\/d-higuchi-wp-icon-230x230.png\",\"contentUrl\":\"https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2023\/08\/d-higuchi-wp-icon-230x230.png\",\"caption\":\"Daisuke Higuchi\"},\"description\":\"Chef\u30fbDocker\u30fbMirantis\u88fd\u54c1\u306a\u3069\u306e\u6280\u8853\u8981\u7d20\u306b\u52a0\u3048\u3066\u3001\u4f1a\u8b70\u306e\u9032\u3081\u65b9\u30fb\u6587\u7ae0\u306e\u66f8\u304d\u65b9\u306a\u3069\u306e\u696d\u52d9\u6539\u5584\u306b\u3082\u53d6\u308a\u7d44\u3093\u3067\u3044\u307e\u3059\u3002\u300cChef\u6d3b\u7528\u30ac\u30a4\u30c9\u300d\u5171\u8457\u306e\u307b\u304b\u3001Debian Official Developer\u3082\u3084\u3063\u3066\u3044\u307e\u3059\u3002\",\"url\":\"https:\/\/www.creationline.com\/tech-blog\/author\/higuchi\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Chef 12\u306e\u65b0\u6a5f\u80fd: knife ssl check\/fetch #opschef_ja #getchef_ja - Tech Blog\uff5c\u30af\u30ea\u30a8\u30fc\u30b7\u30e7\u30f3\u30e9\u30a4\u30f3","description":"Chef, d-higuchi |\u65e2\u5831\u306e\u901a\u308a\u3001Chef 12\u3067\u306fChef Client\u304b\u3089Chef","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/chef\/6644","og_locale":"ja_JP","og_type":"article","og_title":"Chef 12\u306e\u65b0\u6a5f\u80fd: knife ssl check\/fetch #opschef_ja #getchef_ja - Tech Blog\uff5c\u30af\u30ea\u30a8\u30fc\u30b7\u30e7\u30f3\u30e9\u30a4\u30f3","og_description":"Chef, d-higuchi |\u65e2\u5831\u306e\u901a\u308a\u3001Chef 12\u3067\u306fChef Client\u304b\u3089Chef","og_url":"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/chef\/6644","og_site_name":"Tech Blog\uff5c\u30af\u30ea\u30a8\u30fc\u30b7\u30e7\u30f3\u30e9\u30a4\u30f3","article_publisher":"https:\/\/www.facebook.com\/creationline","article_published_time":"2014-12-22T02:30:50+00:00","article_modified_time":"2023-08-29T04:53:02+00:00","og_image":[{"width":470,"height":394,"url":"https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2026\/01\/screenshot.png","type":"image\/png"}],"author":"Daisuke Higuchi","twitter_card":"summary_large_image","twitter_creator":"@creationline","twitter_site":"@creationline","twitter_misc":{"\u57f7\u7b46\u8005":"Daisuke Higuchi","\u63a8\u5b9a\u8aad\u307f\u53d6\u308a\u6642\u9593":"14\u5206"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/chef\/6644#article","isPartOf":{"@id":"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/chef\/6644"},"author":{"name":"Daisuke Higuchi","@id":"https:\/\/www.creationline.com\/tech-blog\/#\/schema\/person\/16f1373831fb6fd17387f16ae1195206"},"headline":"Chef 12\u306e\u65b0\u6a5f\u80fd: knife ssl check\/fetch #opschef_ja #getchef_ja","datePublished":"2014-12-22T02:30:50+00:00","dateModified":"2023-08-29T04:53:02+00:00","mainEntityOfPage":{"@id":"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/chef\/6644"},"wordCount":436,"articleSection":["Chef","d-higuchi"],"inLanguage":"ja"},{"@type":"WebPage","@id":"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/chef\/6644","url":"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/chef\/6644","name":"Chef 12\u306e\u65b0\u6a5f\u80fd: knife ssl check\/fetch #opschef_ja #getchef_ja - Tech Blog\uff5c\u30af\u30ea\u30a8\u30fc\u30b7\u30e7\u30f3\u30e9\u30a4\u30f3","isPartOf":{"@id":"https:\/\/www.creationline.com\/tech-blog\/#website"},"datePublished":"2014-12-22T02:30:50+00:00","dateModified":"2023-08-29T04:53:02+00:00","author":{"@id":"https:\/\/www.creationline.com\/tech-blog\/#\/schema\/person\/16f1373831fb6fd17387f16ae1195206"},"description":"Chef, d-higuchi |\u65e2\u5831\u306e\u901a\u308a\u3001Chef 12\u3067\u306fChef Client\u304b\u3089Chef","breadcrumb":{"@id":"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/chef\/6644#breadcrumb"},"inLanguage":"ja","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.creationline.com\/tech-blog\/cloudnative\/chef\/6644"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/chef\/6644#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"HOME","item":"https:\/\/www.creationline.com\/tech-blog"},{"@type":"ListItem","position":2,"name":"\u30af\u30e9\u30a6\u30c9\u30cd\u30a4\u30c6\u30a3\u30d6","item":"https:\/\/www.creationline.com\/tech-blog\/cloudnative"},{"@type":"ListItem","position":3,"name":"Chef","item":"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/chef"},{"@type":"ListItem","position":4,"name":"Chef 12\u306e\u65b0\u6a5f\u80fd: knife ssl check\/fetch #opschef_ja #getchef_ja"}]},{"@type":"WebSite","@id":"https:\/\/www.creationline.com\/tech-blog\/#website","url":"https:\/\/www.creationline.com\/tech-blog\/","name":"Tech Blog\uff5c\u30af\u30ea\u30a8\u30fc\u30b7\u30e7\u30f3\u30e9\u30a4\u30f3","description":"\u30a2\u30b8\u30e3\u30a4\u30eb\uff06DevOps\u3001\u30af\u30e9\u30a6\u30c9\u30cd\u30a4\u30c6\u30a3\u30d6\u3001AI\uff06LLM\u306e\u5148\u7aef\u6280\u8853","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.creationline.com\/tech-blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"ja"},{"@type":"Person","@id":"https:\/\/www.creationline.com\/tech-blog\/#\/schema\/person\/16f1373831fb6fd17387f16ae1195206","name":"Daisuke Higuchi","image":{"@type":"ImageObject","inLanguage":"ja","@id":"https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2023\/08\/d-higuchi-wp-icon-230x230.png","url":"https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2023\/08\/d-higuchi-wp-icon-230x230.png","contentUrl":"https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2023\/08\/d-higuchi-wp-icon-230x230.png","caption":"Daisuke Higuchi"},"description":"Chef\u30fbDocker\u30fbMirantis\u88fd\u54c1\u306a\u3069\u306e\u6280\u8853\u8981\u7d20\u306b\u52a0\u3048\u3066\u3001\u4f1a\u8b70\u306e\u9032\u3081\u65b9\u30fb\u6587\u7ae0\u306e\u66f8\u304d\u65b9\u306a\u3069\u306e\u696d\u52d9\u6539\u5584\u306b\u3082\u53d6\u308a\u7d44\u3093\u3067\u3044\u307e\u3059\u3002\u300cChef\u6d3b\u7528\u30ac\u30a4\u30c9\u300d\u5171\u8457\u306e\u307b\u304b\u3001Debian Official Developer\u3082\u3084\u3063\u3066\u3044\u307e\u3059\u3002","url":"https:\/\/www.creationline.com\/tech-blog\/author\/higuchi"}]}},"_links":{"self":[{"href":"https:\/\/www.creationline.com\/tech-blog\/wp-json\/wp\/v2\/posts\/6644","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.creationline.com\/tech-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.creationline.com\/tech-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.creationline.com\/tech-blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.creationline.com\/tech-blog\/wp-json\/wp\/v2\/comments?post=6644"}],"version-history":[{"count":1,"href":"https:\/\/www.creationline.com\/tech-blog\/wp-json\/wp\/v2\/posts\/6644\/revisions"}],"predecessor-version":[{"id":65765,"href":"https:\/\/www.creationline.com\/tech-blog\/wp-json\/wp\/v2\/posts\/6644\/revisions\/65765"}],"wp:attachment":[{"href":"https:\/\/www.creationline.com\/tech-blog\/wp-json\/wp\/v2\/media?parent=6644"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.creationline.com\/tech-blog\/wp-json\/wp\/v2\/categories?post=6644"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.creationline.com\/tech-blog\/wp-json\/wp\/v2\/tags?post=6644"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}