chef server URL being set to "172.17.0.1" and fails SSL verify

[Priminus]

I'm using the following script:

require` 'chef/provisioning/docker_driver'

chef_env = 'chefserver'
domain = 'myapp.local'
subdomain = "#{chef_env}.#{domain}"

num_appservers = 2

# Launch Application servers in parallel
machine_batch do
  1.upto(num_appservers) do |i|
      chef_server(
        :chef_server_url => 'https://chefserver.vagrant.local/organizations/chefserver',
        :options => {
          :client_name=>'admin',
          :signing_key_filename => "/etc/chef-server/admin.pem"
        }
      )
     chef_environment chef_env
      machine_options :docker_options => {
        :base_image => {
        :name => 'ubuntu',
        :repository => 'ubuntu',
        :tag => '14.04',
        },
        :ports => [443]
      },
    end
  end
end

I run this command with debug turned on:
chef-client script.rb

In debug logs I get this firstly:

[2016-03-01T16:52:07+00:00] DEBUG: Using Chef server URL: https://172.17.0.1/organizations/chefserver

Then I get these:

[2016-03-02T12:43:06+00:00] ERROR: SSL Error connecting to https://172.17.0.1/organizations/chefserver/nodes/app2.myapp.local - SSL_connect returned=1 errno=0 state=error: certificate verify failed
[2016-03-01T16:52:20+00:00] ERROR: machine_batch[default] (@recipe_files::/root/deploy_env.rb line 17) had an error: RuntimeError: Error: command 'chef-client -l debug' exited with code 1.

My client.rb file is in /etc/chef with this:

log_level        :info
log_location     STDOUT
node_name        'admin'
client_key       '/etc/chef-server/admin.pem'
chef_server_url  'https://chefserver.vagrant.local/organizations/chefserver'
validation_client_name 'chefserver-validator'
validation_key   '/etc/chef-server/chefserver-validator.pem'
ssl_verify_mode  :verify_none

I figure it's because "172.17.0.1" is the IP of the Docker container, whilst the certificate I'm providing is of "chefserver.vagrant.local". But I can't change the chefserver URL being used.

[Priminus]

I tried with this:

      :convergence_options => {
        :ssl_verify_mode => 'verify_none',
        :chef_server => 'https://chefserver.vagrant.local/organizations/chefserver'
      }

But it didn't change the chefserver URL. It did get me past SSL verify because of the SSL verify mode, however I would much prefer to have this work.
Even with this, I get the following error:

                       Unexpected API Request Failure:
                       -------------------------------
                       Cannot load environment chefserver

[hh]

Not sure if it'll help, but I use the following to allow ssl verification.

chef_server_cert = {                                                                           
  "/etc/chef/trusted_certs/chef_my_com.crt" => {                                        
    content: open(                                                                             
      ::File.dirname(Chef::Config[:config_file]                                                
                    )+'/trusted_certs/chef_my_com.crt'                                  
    ).read()                                                                                   
  }                                                                                            
}
machine nodename do                                                                            
  converge true                                                                                
  action context.action                                                                        
  file chef_server_cert                                                                        
end                                                                                            

[Priminus]

Been trying to copy file over to docker machine but keep getting this:
No such file or directory @ rb_sysopen - proc/7955/root/etc/chef/trusted_certs/chef_my_com.crt
It's not supposed to exist, that's my target. Something I'm not understanding about the 'file' option?
Update: I found this: #66
Does it matter that I'm running this on a vagrant centos vm?

[Priminus]

Tested yagzoo's modification and I get...
nc: connect to 10.0.2.15 port 60059 (tcp) failed: No route to host
On the right track, I'll dig into it.

[Priminus]

I've written a fix for docker_transport.rb upload_file which works (FileUtils won't work here), so now I can copy certs over with "file" in my recipe.
According to 'hh' this should've sufficed, but I get
ERROR: SSL Validation failure connecting to host: 172.17.0.1 - hostname "172.17.0.1" does not match the server certificate
Hmm.....well why does docker_transport assume my chef server is local when my host is localhost???

 if host == '127.0.0.1' || host == '::1'
          Chef::Log.debug("Using Chef server URL: #{uri.to_s}")
          return uri.to_s

EDIT: This is a known issue, chef-boneyard/chef-provisioning#347, I'm using workaround. I guess the main issue I had was 'file' didn't work so I couldn't move a cert over to container. I'll probably submit a PR for this.

[Priminus]

I changed it to this and created PR #80, let me know if this is a valid PR else I'll close it/update it:

    def upload_file(local_path, path)
      dir = File.dirname(path)
      localfile = File.basename(local_path)
      execute(['mkdir','-p',dir])
      container.archive_in(local_path, dir, overwrite: true)
      execute(['mv',dir+"/"+localfile,path])
    end