Release Announcement for Chef Automate 0.7.61
We are delighted to announce release 0.7.61 of Chef Automate. The release is available for download from https://downloads.chef.io/automate.
Early Access: FIPS Support in Chef Automate
Chef Automate supports operating in FIPS mode for our government customers. Please contact us on firstname.lastname@example.org for a copy of a FIPS-compatible ChefDK that supports interacting with the Chef Automate server in FIPS mode. General availability of both Chef Automate in FIPS mode and ChefDK will follow.
Outbound Proxy Support
Chef Automate now supports environments that require a web proxy for outbound network communication. This allows Chef Automate to be integrated with external SCM providers, such as Github, even in networks with rigorous security policies.
Changed Package Name to "automate"
This release includes a change to the Chef Automate install package name. For any customers who may have scripts or other automation expecting the package name to be “delivery”, please note you will need to update to “automate”.
We have thoroughly tested the new package and expect the behavior to be consistent with the previous package; however, we strongly advise customers to back up their existing environment as a standard practice prior to installing a new release.
Other Improvements and Fixes
Runner improvements: Logging and privilege escalation
Previous versions of Chef Automate would use the terms “Push Job started” even when using job runners, which are not push-job based. This misleading message has been rewritten. Additionally, when runner jobs failed, they would not supply enough information for users to understand why. Now, stderr and stdout from the failed job will be streamed to the workflow error log.
Runner installation will also no longer attempt to sudo if the user passed to install-runner is already root.
Bad error message if automate-ctl not run as root
automate-ctl would throw a stack trace if it wasn’t being run as root. This has now been corrected with an error message that indicates root privileges are needed.
Error Message running preflight-check
preflight-check reports “system has less than 80GB disk space required at /var” even though the target installation directory does have sufficient disk space. This release fixed this error and will provide accurate feedback.
automate-ctl node-summary improvements
The node-summary subcommand produces a summary of the nodes that are known to Chef Automate. The default setting for node-summary is to display the name, status, and the last time the nodes were checked. Read the docs for information.
Skip SSL verification for certain hosts
Chef Automate can now be configured to skip SSL certificate verification on a per-host basis. The delivery[‘no_ssl_verification’] parameter can be set in the /etc/delivery/delivery.rb configuration to take a list of hosts to skip SSL verification. We generally do not recommend turning off SSL certificate verification in production environments, but this setting is useful for test environments where a correct certificate chain is not available.
Accessing Chef Automate by IP
The Chef Automate web UI can now be accessed by IP, which is useful in situations where the server’s hostname is incorrect or not resolveable due to lack of DNS.
Fixed a bug that caused the UI to become unresponsive
In some cases the Chef Automate web UI was running into a timeout (especially in air-gapped environments). This was due to an external request for a font file, which is now packaged in the product and does not require Internet connectivity.
Allow use of uppercase characters in search filters
The Chef Automate UI now properly displays results from text filters that use uppercase characters.
We encourage you to upgrade often. As always, we welcome your feedback and invite you to contact us directly or participate in our feedback forum. Thanks for using Chef Automate!