Automate 2 version 20190116225739 Released!


We are delighted to announce the availability of version 20190116225739 of Chef Automate 2.

New Features

  • IAM v2 Beta: Open beta for Chef Automate's new identity and access management system! We've improved policies, with policy statements that allow fine-grained control and basic policy management from Chef Automate's user interface. We've also introduced roles, so you now have role-based access control (RBAC). Check out the new IAM v2 beta guide to get started with our new features.
  • Why not Both?: Download the Chef client nodes report in CSV and JSON formats from the Client Runs page. Try the search and filter tools to narrow down the list before downloading.


  • Change your View: Customize your view of Client Runs by selecting the gear icon at the top right corner of the table.
  • Now Loading: Added a loading state indicator to the Client Runs page.
  • New Design, Same Modal: Revised design displays for the error logs modal on the node detail page.
  • Music to Your Ears: We've improved the screen reader friendliness of our Admin page forms to declare each field label.
  • Scanner Nodes: Added bulk creation and bulk deletion docs for the scanner nodes.
  • Gather Logs: Now there's a snapshot of service metrics in the bundle created with chef-automate gather-logs to help the support team work even more effectively.
  • Improved Compliance: The STIG Windows Server 2016 preview compliance profile includes:
    • SV-86487r3_rule (Standard Mandatory DoD Notice and Consent Banner)
    • SV-88287r1_rule (The built-in administrator account must be renamed.)
    • SV-88289r1_rule (The built-in guest account must be renamed.)
  • Bam!: The compliance profile for CIS AWS Foundations v1.1.0 has control 2.4 'Ensure CloudTrail trails are integrated with CloudWatch Logs'.

Bug Fixes

  • Deleted and Visible: Deleted scan job names and username appear on the Event Feed.
  • Copy That: You may now copy a token from Automate UI on Firefox.
  • Shhhhh: Use the new 'quiet' option on the resource ignore_failure field in Chef client runs.
  • Final Countdown: Set context timeout on compliance ingestion calls, which rejects reports that can't be ingested because of a heavy load.
  • Oops: Fixed the Chef Automate <build version> link to lead to the right release notes.
  • Red Alert Repair: Fixed the preview compliance profiles for Windows 2016 STIG so that it stops yammering warnings about "constant already initialized".
  • The compliance profile for CIS AWS Foundations v1.1.0 has:
    • a fix to control 1.24 - Now it only checks the 'AdministratorAccess' AWS-managed policy.
    • a fix to control 2.1 - Removed "name" for AWS Config config and delivery channel.
  • Aristotle This!: Corrected the test logic on a number of Windows 2016 and RHEL 7 STIGs preview compliance profiles.
  • Can I Quote That?: Added quote marks around supported RHEL releases in CIS RHEL compliance profiles, so the release value won't be interpreted as a number. This fixes profiles not running on, for example, RHEL 7.10.

Backward Incompatibilities

  • Can I See Your ID, InSpec?: Report ingestion enforces InSpec 2.0.0 as the minimum supported version and rejects reports from anything underage. This circumvents a bug that could crash the service when processing reports with required, but missing, fields.

How to Upgrade

By default Chef Automate 2 will automatically upgrade to this new version. If you have disabled automatic upgrades you can manually initiate an upgrade by running:

chef-automate upgrade run

As always, we welcome your feedback and invite you to contact us directly or share your feedback online. Thanks for using Chef Automate 2!