Chef Client 14.2.0 Prerelease

Ohai Chefs!

We have selected 14.2.0 as our Chef v14.2 release candidate which is scheduled for release on Thursday June 7, 2018.

Release Highlights

ssh-agent support for user keys

You can now use ssh-agent to hold your user key when using knife. This allows storing your user key in an encrypted form as well as using ssh -A agent forwarding for running knife commands from remote devices.

You can enable this by adding ssh_agent_signing true to your knife.rb or ssh_agent_signing = true in your credentials file.

To encrypt your existing user key, you can use OpenSSL:

( openssl rsa -in user.pem -pubout && openssl rsa -in user.pem -aes256 ) > user_enc.pem
chmod 600 user_enc.pem

This will prompt you for a passphrase for to use to encrypt the key. You can then load the key into your ssh-agent by running ssh-add user_enc.pem. Make sure you add the ssh_agent_signing to your configuration, and update your client_key to point at the new, encrypted key (and once you’ve verified things are working, remember to delete your unencrypted key file).

default_env Property in Execute Resource

The shell_out helper has been extended with a new option default_env to allow disabling Chef from modifying PATH and LOCALE environmental variables as it shells out. This new option defaults to true (modify the env), preserving the previous behavior of the helper.

The execute resource has also been updated with a new property default_env that allows utilizing this the ENV sanity functionality in shell_out. The new property defaults to false, but it can be set to true in order to ensure a sane PATH and LOCALE when shelling out. If you find that binaries cannot be found when using the execute resource, default_env set to true may resolve those issues.

Small Size on Disk

Chef now bundles the inspec-core and train-core gems, which omit many cloud dependencies not needed within the Chef client. This change reduces the install size of a typical system by ~22% and the number of files within that installation by ~20% compared to Chef 14.1. Enjoy the extra disk space.

Virtualization detection on AWS

Ohai now detects the virtualization hypervisor amazonec2 when running on Amazon’s new C5/M5 instances.

Please see the CHANGELOG for the complete list of changes.

Get the Build

As always, you can download binaries directly from downloads.chef.io or by using the new mixlib-install command line utility available in ChefDK 0.19.6 or greater.

$ mixlib-install download chef -v 14.2.0 -c current

Alternatively, you can install Chef using one of the following command options:

# In Shell
$ curl https://omnitruck.chef.io/install.sh | sudo bash -s -- -P chef -v 14.2.0 -c current

# In Windows Powershell
. { iwr -useb https://omnitruck.chef.io/install.ps1 } | iex; install -project chef -version 14.2.0 -channel current