Ohai Chefs!
We’re happy to announce the release of Chef Client 14.2.0. This release has some great new functionality as well a large number of important bug fixes.
What’s New
ssh-agent support for user keys
You can now use ssh-agent to hold your user key when using knife. This allows storing your user key in an encrypted form as well as using ssh -A agent forwarding for running knife commands from remote devices.
You can enable this by adding ssh_agent_signing true to your knife.rb or ssh_agent_signing = true in your credentials file.
To encrypt your existing user key, you can use OpenSSL:
( openssl rsa -in user.pem -pubout && openssl rsa -in user.pem -aes256 ) > user_enc.pem
chmod 600 user_enc.pem
This will prompt you for a passphrase for to use to encrypt the key. You can then load the key into your ssh-agent by running ssh-add user_enc.pem. Make sure you add the ssh_agent_signing to your configuration, and update your client_key to point at the new, encrypted key (and once you’ve verified things are working, remember to delete your unencrypted key file).
default_env Property in Execute Resource
The shell_out helper has been extended with a new option default_env to allow disabling Chef from modifying PATH and LOCALE environmental variables as it shells out. This new option defaults to true (modify the env), preserving the previous behavior of the helper.
The execute resource has also been updated with a new property default_env that allows utilizing this the ENV sanity functionality in shell_out. The new property defaults to false, but it can be set to true in order to ensure a sane PATH and LOCALE when shelling out. If you find that binaries cannot be found when using the execute resource, default_env set to true may resolve those issues.
Small Size on Disk
Chef now bundles the inspec-core and train-core gems, which omit many cloud dependencies not needed within the Chef client. This change reduces the install size of a typical system by ~22% and the number of files within that installation by ~20% compared to Chef 14.1. Enjoy the extra disk space.
Virtualization detection on AWS
Ohai now detects the virtualization hypervisor amazonec2 when running on Amazon’s new C5/M5 instances.
Getting This Release
As always, you can download binaries directly from downloads.chef.io, or by using the mixlib-install command line utility available in ChefDK.
$ mixlib-install download chef -c stable -v 14.2.0
Alternatively, you can install Chef using one of the following command options:
In Shell
$ curl https://omnitruck.chef.io/install.sh | sudo bash -s – -P chef -c stable -v 14.2.0
In Windows Powershell
. { iwr -useb https://omnitruck.chef.io/install.ps1 } | iex; install -project chef -channel stable -version 14.2.0
Thanks!