Hey Chefs!

We're happy to announce the release of Chef v14.4! This is a big one with a brand new knife profile management command, 7 new preview resources and a large number of improvements to existing resources.

Release Highlights

Knife configuration profile management commands

Several new commands have been added under knife config to help manage multiple
profiles in your credentials file.

knife config get-profile will display the active profile.

knife config use-profile PROFILE will set the workstation-level default
profile. That default can still be overridden by the --profile command line
option or the $CHEF_PROFILE environment variable.

knife config list-profiles will display all your available profiles along with
summary information on each.

$ knife config get-profile
staging
$ knife config use-profile prod
Set default profile to prod
$ knife config list-profiles
 Profile  Client  Key               Server
-----------------------------------------------------------------------------
 staging  myuser  ~/.chef/user.pem  https://example.com/organizations/staging
*prod     myuser  ~/.chef/user.pem  https://example.com/organizations/prod

Thank you @coderanger for this contribution.

New Resources

The following new previous resources were added to Chef 14.4. Cookbooks with the same resources will continue to take precedent until the Chef 15.0 release

Cron_d

Use the cron_d resource to manage cron definitions in /etc/cron.d. This is similar to the cron resource, but it does not use the monolithic /etc/crontab. file.

See cron_d resource documentation for full usage.

Cron_access

Use the cron_access resource to manage the /etc/cron.allow and /etc/cron.deny files. This resource previously shipped in the cron community cookbook and has fully backwards compatibility with the previous cron_manage definition in that cookbook.

See cron_access resource documentation for full usage.

openssl_x509_certificate

Use the openssl_x509_certificate resourc to generate signed or self-signed, PEM-formatted x509 certificates. If no existing key is specified, the resource will automatically generate a passwordless key with the certificate. If a CA private key and certificate are provided, the certificate will be signed with them. This resource previously shipped in the openssl cookbook as openssl_x509 and is fully backwards compatible with the legacy resource name.

See openssl_x509_certificate resource documentation for full usage.

Thank you @juju482 for updating this resource so it could be included here.

openssl_x509_request

Use the openssl_x509_request resource to generate PEM-formatted x509 certificates requests. If no existing key is specified, the resource will automatically generate a passwordless key with the certificate.

See openssl_x509_request resource documentation for full usage.

Thank you @juju482 for contributing this resource.

openssl_x509_crl

Use the openssl_x509_crl resource to generate PEM-formatted x509 certificate revocation list (CRL) files.

See openssl_x509_crl resource documentation for full usage.

Thank you @juju482 for contributing this resource.

openssl_ec_private_key

Use the openssl_ec_private_key resource to generate ec private key files. If a valid ec key file can be opened at the specified location, no new file will be created.

See openssl_ec_private_key resource documentation for full usage.

Thank you @juju482 for contributing this resource.

openssl_ec_public_key

Use the openssl_ec_public_key resource to generate ec public key files given a private key.

See openssl_ec_public_key resource documentation for full usage.

Thank you @juju482 for contributing this resource.

Resource improvements

windows_package

The windows_package resource now supports setting the sensitive property to avoid showing errors if a package install fails.

sysctl

The sysctl resource will now update the on-disk systctl.d file even if the current sysctl value matches the desired value.

windows_task

The windows_task resource now supports setting the task priority of the scheduled task with a new priority property. Additionally windows_task now supports managing the behavior of task execution when a system is on battery using new disallow_start_if_on_batteries and stop_if_going_on_batteries properties.

ifconfig

The ifconfig resource now supports setting the interface's VLAN via a new vlan property on RHEL platform_family and setting the interface's gateway via a new gateway property on RHEL/Debian platform_family.

Thank you @tomdoherty for this contribution.

route

The route resource has been improved to support additional RHEL platform_family systems as well as Amazon Linux.

systemd_unit

The systemd_unit resource now supports specifying options multiple times in the content hash. Instead of setting the value to a string you can now set it to an array of strings.

Thank you @dbresson for this contribution.

Security Updates

OpenSSL

OpenSSL updated to 1.0.2p to resolve:

• Client DoS due to large DH parameter (CVE-2018-0732)
• Cache timing vulnerability in RSA Key Generation (CVE-2018-0737)

Please see the CHANGELOG for the complete list of changes.

Get the Build

As always, you can download binaries directly from downloads.chef.io or by using the new mixlib-install command line utility available in ChefDK 0.19.6 or greater.

$ mixlib-install download chef -v 14.4.56

Alternatively, you can install Chef using one of the following command options:

# In Shell
$ curl https://omnitruck.chef.io/install.sh | sudo bash -s -- -P chef -v 14.4.56

# In Windows Powershell
. { iwr -useb https://omnitruck.chef.io/install.ps1 } | iex; install -project chef -version 14.4.56

If you want to give this version a spin in Test Kitchen, create or add the following to your kitchen.yml file:

provisioner:
  product_name: chef
  product_version: 14.4.56