We are delighted to announce the availability of version 20181001090525 of Chef Automate 2.
- Local Teams in the Browser: Admins can create and remove teams, edit team descriptions, and add or delete team members from the Automate UI.
- Upgrade with Users: Keep your users when upgrading to the new Automate! Administrators stay admins, too. Automate automatically adds all local users with the administrator role to the admins team, so they'll have admin-level access after the upgrade.
- Lost an Admin Password? No Problem! We've added a reset admin command to the CLI. See the changes before you make them with
chef-automate iam admin-access restore <pass> --dry-runto see what changes need to be made - then run again without the
--dry-runargument to actually make the changes to your Chef Automate installation. This command lets you:
- recreate the
adminuser with the new password
- recreate the
- add the
adminuser to the
- recreate the Administrator policy
- add the
adminsteam as a subject in the Administrator policy.
- recreate the
- What's the Diff: Easier-to-read diff for resources that change on a client run.
- Hold the Door: Retrieve the threshold value--for the configurations that set it--through the API.
- Un-listed: Deleting a user from the list view also deletes them from Local teams and existing policies. Likewise, deleting Local Teams and API Tokens also removes them from existing policies. An admin needs to do it, natch.
- Upgrade Compatibility: We run some extra tests to make sure that your Automate upgrade is really compatible and will work smoothly. In particular, you'll see the steps you need to take to upgrade your SAML configuration, if you have it. You can this compatibility check--it's OK if you don't use SAML--by adding
--skip-saml-checkto the upgrade command.
- Moar & Better Compliance: We improved the STIG RHEL7 cat1 v001.002 preview release compliance profile and the STIG Windows Server 2016 cat1 v001.006 preview release. We added STIG RHEL 7 cat1 v002.001 including the quality improvements from v001.002
- Minor Semver: We updated CIS Azure Foundations v1.0.0 resource pack to 1.2.0
- Delete Nodes from the Command Line: There's a new CLI command for deleting infrastructure nodes. For more information, see the docs on the Client Runs page under Deleting Nodes and the CLI Command Reference Page.
- No Haunting Nodes: Deleted nodes won't show up in the Client Runs search bar as suggestions.
- Login via LDAP/SAML/MSAD:
ca_contentssettings in configs for SAML/LDAP/MSAD are now validated before applying them to the system, and related errors will be easier to spot.
- Does Anybody Really Know What Time It Is: Select the date/time with the inputs on job scheduling.
- Right Log: The ingest service uses log level that's set in the config.
- Recent Events: The event feed guitar strings graph displays very recent events.
- Locals Only: LDAP or SAML users won't see "view your profile" on the menu, because only local users can save profiles.
- Major Metadata: Added major release metadata to CIS RHEL Compliance Profiles, so you can run profiles with older versions of Inspec.
- Get the Story Straight: The CIS RHEL 7 v2.2.0 Compliance Profile aligns with the CIS benchmark and skip message for 22.214.171.124
- Made it Right: Fixed control 17.3.1 for CIS Windows 2016 DC & MS.
- Login via MSAD:
ca_contentscan now be used for the MSAD connector.
- Login via SAML:
ca_contentsfor the SAML connector have always been required, but hadn't been validated in that way--they now are.
- Better handling of missing nodes, deleting missing nodes, and data cleanup. See below for full details.
In all prior versions, custom settings for managing node data--setting nodes missing, deleting missing nodes, and configuring data cleanup--were incorrectly applied. When you used the curl command against the api to set the settings, the command responded successfully, but resulted in the configuration being set to off. Thus, no nodes were marked missing, no data deleted, and no configuration data cleaned up. This was the result regardless of the value used for the setting.
To correct your settings, reapply the values you originally intended for your custom settings. You can find directions on how to set the values here: https://automate.chef.io/docs/client-runs/#managing-node-data
If you never tried to set any of these values, the defaults continue to apply and the operations that the settings applied to continue to work as expected. No action is needed.
We fixed the problems in using custom settings for managing node data in this release of Automate and we have increased the testing around managing node data to prevent this problem from recurring in the future.
How to Upgrade
By default Chef Automate 2 will automatically upgrade to this new version. If you have disabled automatic upgrades you can manually initiate an upgrade by running:
chef-automate upgrade run
As always, we welcome your feedback and invite you to contact us directly or share your feedback online. Thanks for using Chef Automate 2!