Automate 2 version 20181001090525 Released!


#1

We are delighted to announce the availability of version 20181001090525 of Chef Automate 2.

New Features

  • Local Teams in the Browser: Admins can create and remove teams, edit team descriptions, and add or delete team members from the Automate UI.
  • Upgrade with Users: Keep your users when upgrading to the new Automate! Administrators stay admins, too. Automate automatically adds all local users with the administrator role to the admins team, so they'll have admin-level access after the upgrade.
  • Lost an Admin Password? No Problem! We've added a reset admin command to the CLI. See the changes before you make them with chef-automate iam admin-access restore <pass> --dry-run to see what changes need to be made - then run again without the --dry-run argument to actually make the changes to your Chef Automate installation. This command lets you:
    • recreate the admin user with the new password
    • recreate the admins team
    • add the admin user to the admins team
    • recreate the Administrator policy
    • add the admins team as a subject in the Administrator policy.

Improvements

  • What's the Diff: Easier-to-read diff for resources that change on a client run.
  • Hold the Door: Retrieve the threshold value--for the configurations that set it--through the API.
  • Un-listed: Deleting a user from the list view also deletes them from Local teams and existing policies. Likewise, deleting Local Teams and API Tokens also removes them from existing policies. An admin needs to do it, natch.
  • Upgrade Compatibility: We run some extra tests to make sure that your Automate upgrade is really compatible and will work smoothly. In particular, you'll see the steps you need to take to upgrade your SAML configuration, if you have it. You can this compatibility check--it's OK if you don't use SAML--by adding --skip-saml-check to the upgrade command.
  • Moar & Better Compliance: We improved the STIG RHEL7 cat1 v001.002 preview release compliance profile and the STIG Windows Server 2016 cat1 v001.006 preview release. We added STIG RHEL 7 cat1 v002.001 including the quality improvements from v001.002
  • Minor Semver: We updated CIS Azure Foundations v1.0.0 resource pack to 1.2.0
  • Delete Nodes from the Command Line: There's a new CLI command for deleting infrastructure nodes. For more information, see the docs on the Client Runs page under Deleting Nodes and the CLI Command Reference Page.
  • No Haunting Nodes: Deleted nodes won't show up in the Client Runs search bar as suggestions.
  • Login via LDAP/SAML/MSAD: ca_contents settings in configs for SAML/LDAP/MSAD are now validated before applying them to the system, and related errors will be easier to spot.
  • Does Anybody Really Know What Time It Is: Select the date/time with the inputs on job scheduling.

Bug Fixes

  • Right Log: The ingest service uses log level that's set in the config.
  • Recent Events: The event feed guitar strings graph displays very recent events.
  • Locals Only: LDAP or SAML users won't see "view your profile" on the menu, because only local users can save profiles.
  • Major Metadata: Added major release metadata to CIS RHEL Compliance Profiles, so you can run profiles with older versions of Inspec.
  • Get the Story Straight: The CIS RHEL 7 v2.2.0 Compliance Profile aligns with the CIS benchmark and skip message for 5.4.1.5
  • Made it Right: Fixed control 17.3.1 for CIS Windows 2016 DC & MS.
  • Login via MSAD: ca_contents can now be used for the MSAD connector.
  • Login via SAML: ca_contents for the SAML connector have always been required, but hadn't been validated in that way--they now are.
  • Better handling of missing nodes, deleting missing nodes, and data cleanup. See below for full details.

Backward Incompatibilities

In all prior versions, custom settings for managing node data--setting nodes missing, deleting missing nodes, and configuring data cleanup--were incorrectly applied. When you used the curl command against the api to set the settings, the command responded successfully, but resulted in the configuration being set to off. Thus, no nodes were marked missing, no data deleted, and no configuration data cleaned up. This was the result regardless of the value used for the setting.

To correct your settings, reapply the values you originally intended for your custom settings. You can find directions on how to set the values here: https://automate.chef.io/docs/client-runs/#managing-node-data

If you never tried to set any of these values, the defaults continue to apply and the operations that the settings applied to continue to work as expected. No action is needed.

We fixed the problems in using custom settings for managing node data in this release of Automate and we have increased the testing around managing node data to prevent this problem from recurring in the future.


How to Upgrade

By default Chef Automate 2 will automatically upgrade to this new version. If you have disabled automatic upgrades you can manually initiate an upgrade by running:

chef-automate upgrade run

As always, we welcome your feedback and invite you to contact us directly or share your feedback online. Thanks for using Chef Automate 2!