Chef 13.4.19 Released

Ohai Chefs!

We’re happy to announce the release of Chef v13.4!

Release Highlights

Security release of RubyGems

Chef Client 13.4 includes RubyGems 2.6.13 to fix the following CVEs:

  • CVE-2017-0899
  • CVE-2017-0900
  • CVE-2017-0901
  • CVE-2017-0902

Ifconfig provider on Red Hat now supports additional properties

It is now possible to set ETHTOOL_OPTS, BONDING_OPTS, MASTER and
SLAVE properties on interfaces on Red Hat compatible systems. See https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/s1-networkscripts-interfaces.html for further information

Properties

  • ethtool\_opts

    Ruby types: String
    Platforms: Fedora, RHEL, Amazon Linux
    A string containing arguments to ethtool. The string will be wrapped
    in double quotes, so ensure that any needed quotes in the property
    are surrounded by single quotes

  • bonding\_opts

    Ruby types: String
    Platforms: Fedora, RHEL, Amazon Linux
    A string containing configuration parameters for the bonding device.

  • master

    Ruby types: String
    Platforms: Fedora, RHEL, Amazon Linux
    The channel bonding interface that this interface is linked to.

  • slave

    Ruby types: String
    Platforms: Fedora, RHEL, Amazon Linux
    Whether the interface is controlled by the channel bonding interface
    defined by master, above.

Chef Vault is now included

Chef Client 13.4 now includes the chef-vault gem, making it easier for
users of chef-vault to use their encrypted items.

Windows remote_file resource with alternate credentials

The remote_file resource now supports the use of credentials on Windows when accessing a remote UNC path on Windows such as \\myserver\myshare\mydirectory\myfile.txt. This
allows access to the file at that path location even if the Chef client process identity does not have permission to access the file. The new properties remote_user, remote_domain, and remote_password may be used to specify credentials with access to the remote file so that it may be read.

Note: This feature is mainly used for accessing files between two nodes in different domains and having different user accounts.
In case the two nodes are in same domain, remote_file resource does not need remote_user and remote_password specified because the user has the same access on both systems through the domain.

Properties

The following properties are new for the remote_file resource:

  • remote_user
    Ruby types: String
    Windows only: The user name of a user with access to the remote file specified by the source property. Default value: nil. The user name may optionally be specifed with a domain, i.e. domain\user or user@my.dns.domain.com via Universal Principal Name (UPN) format. It can also be specified without a domain simply as user if the domain is instead specified using the remote_domain attribute. Note that this property is ignored if source is not a UNC path. If this property is specified, the remote_password property must be specified.

  • remote_password
    Ruby types String
    Windows only: The password of the user specified by the remote_user property. Default value: nil. This property is mandatory if remote_user is specified and may only be specified if remote_user is specified. The sensitive property for this resource will automatically be set to true if remote_password is specified.

  • remote_domain
    Ruby types String
    Windows only: The domain of the user user specified by the remote_user property. Default value: nil. If not specified, the user and password properties specified by the remote_user and remote_password properties will be used to authenticate that user against the domain in which the system hosting the UNC path specified via source is joined, or if that system is not joined to a domain it will authenticate the user as a local account on that system. An alternative way to specify the domain is to leave this property unspecified and specify the domain as part of the remote_user property.

Examples

Accessing file from a (different) domain account

remote_file "E://domain_test.txt"  do
  source  "\\\\myserver\\myshare\\mydirectory\\myfile.txt"
  remote_domain "domain"
  remote_user "username"
  remote_password "password"
end

OR

remote_file "E://domain_test.txt"  do
  source  "\\\\myserver\\myshare\\mydirectory\\myfile.txt"
  remote_user "domain\\username"
  remote_password "password"
end

Accessing file using a local account on the remote machine

remote_file "E://domain_test.txt"  do
  source  "\\\\myserver\\myshare\\mydirectory\\myfile.txt"
  remote_domain "."
  remote_user "username"
  remote_password "password"
end

OR

remote_file "E://domain_test.txt"  do
  source  "\\\\myserver\\myshare\\mydirectory\\myfile.txt"
  remote_user ".\\username"
  remote_password "password"
end

windows_path resource

windows_path resource has been moved to core chef from windows cookbook. Use the windows_path resource to manage the path environment variable on Microsoft Windows.

Actions

  • :add - Add an item to the system path
  • :remove - Remove an item from the system path

Properties

  • path - Name attribute. The name of the value to add to the system path

Examples

Add Sysinternals to the system path

windows_path 'C:\Sysinternals' do
  action :add
end

Remove 7-Zip from the system path

windows_path 'C:\7-Zip' do
  action :remove
end

Ohai Release Notes 13.4

Windows EC2 Detection

Detection of nodes running in EC2 has been greatly improved and should now detect nodes 100% of the time including nodes that have been migrated to EC2 or were built with custom AMIs.

Azure Metadata Endpoint Detection

Ohai now polls the new Azure metadata endpoint, giving us additional configuration details on nodes running in Azure

Sample data now available under azure:

{
  "metadata": {
    "compute": {
      "location": "westus",
      "name": "timtest",
      "offer": "UbuntuServer",
      "osType": "Linux",
      "platformFaultDomain": "0",
      "platformUpdateDomain": "0",
      "publisher": "Canonical",
      "sku": "17.04",
      "version": "17.04.201706191",
      "vmId": "8d523242-71cf-4dff-94c3-1bf660878743",
      "vmSize": "Standard_DS1_v2"
    },
    "network": {
      "interfaces": {
        "000D3A33AF03": {
          "mac": "000D3A33AF03",
          "public_ipv6": [

          ],
          "public_ipv4": [
            "52.160.95.99",
            "23.99.10.211"
          ],
          "local_ipv6": [

          ],
          "local_ipv4": [
            "10.0.1.5",
            "10.0.1.4",
            "10.0.1.7"
          ]
        }
      },
      "public_ipv4": [
        "52.160.95.99",
        "23.99.10.211"
      ],
      "local_ipv4": [
        "10.0.1.5",
        "10.0.1.4",
        "10.0.1.7"
      ],
      "public_ipv6": [

      ],
      "local_ipv6": [

      ]
    }
  }
}

Package Plugin Supports Arch Linux

The Package plugin has been updated to include package information on Arch Linux systems.

Please see the CHANGELOG for the complete list of changes.

Get the Build

As always, you can download binaries directly from downloads.chef.io or by using the new mixlib-install command line utility available in ChefDK 0.19.6 or greater.

$ mixlib-install download chef -v 13.4.19

Alternatively, you can install Chef using one of the following command options:

# In Shell
$ curl https://omnitruck.chef.io/install.sh | sudo bash -s -- -P chef -v 13.4.19

# In Windows Powershell
. { iwr -useb https://omnitruck.chef.io/install.ps1 } | iex; install -project chef -version 13.4.19