Hey Everyone,
Today we released Chef Infra Client 15.7.30. This new release comes with tons of great community enhancements for resources, an important security fix to our embedded OpenSSL and new helpers for identifying Windows systems.
Updated Resources
archive_file
The archive_file resource will now only change ownership on files and directories that were part of the archive itself. This prevents changing permissions on important high level directories such as /etc or /bin when you extract a file into those directories. Thanks for this fix, @bobchaos.
cron and cron_d
The cron and cron_d resources now include a timeout property, which allows you to configure actions to perform when a job times out. This property accepts a hash of timeout configuration options:
-
preserve-status:true/falsewith a default offalse -
foreground:true/falsewith a default offalse -
kill-after:Integerfor the timeout in seconds -
signal:StringorIntegerto send to the process such asHUP
launchd
The launchd resource has been updated to properly capitalize HardResourceLimits. Thanks for this fix, @rb2k.
sudo
The sudo resource no longer fails on the second Chef Infra Client run when using a Cmnd_Alias. Thanks for reporting this issue, @Rudikza.
user
The user resource on AIX no longer forces the user to change the password after Chef Infra Client modifies the password. Thanks for this fix, @Triodes.
The user resource on macOS 10.15 has received several important fixes to improve logging and prevent failures.
windows_task
The windows_task resource is now idempotent when a system is joined to a domain and the job runs under a local user account.
x509_certificate
The x509_certificate resource now includes a new renew_before_expiry property that allows you to auto renew certicates a specified number of days before they expire. Thanks @julienhuon for this improvement.
Additional Recipe Helpers
We have added new helpers for identifying Windows releases that can be used in any part of your cookbooks.
windows_workstation?
Returns true if the system is a Windows Workstation edition.
windows_server?
Returns true if the system is a Windows Server edition.
windows_server_core?
Returns true if the system is a Windows Server Core edition.
Notable Changes and Fixes
-
knife uploadandknife cookbook uploadwill now generate a metadata.json file from metadata.rb when uploading a cookbook to the Chef Infra Server. - A bug in
knife bootstrapbehavior that caused failures when bootstrapping Windows hosts from non-Windows hosts and vice versa has been resolved. - The existing system path is now preserved when bootstrapping Windows nodes. Thanks for this fix, @Xorima.
- Ohai now properly returns the drive name on Windows and includes new drive_type fields to allow you to determine the type of attached disk. Thanks for this improvement @sshock.
- Ohai has been updated to properly return DMI data to Chef Infra Client. Thanks for troubleshooting this, @zmscwx and @Sliim.
Platform Support
- Chef Infra Clients packages are no longer produced for Windows 2008 R2 as this release reached its end of life on Jan 14th, 2020.
- Chef Infra Client packages are no longer produced for RHEL 6 on the s390x platform. Builds will continue to be published for RHEL 7 on the s390x platform.
Security Updates
OpenSSL
OpenSSL has been updated to 1.0.2u to resolve CVE-2019-1551
Get the Build
As always, you can download binaries directly from downloads.chef.io or by using the mixlib-install command-line utility:
$ mixlib-install download chef -v 15.7.30
Alternatively, you can install Chef Infra Client using one of the following command options:
# In Shell
$ curl https://omnitruck.chef.io/install.sh | sudo bash -s -- -P chef -v 15.7.30
# In Windows Powershell
. { iwr -useb https://omnitruck.chef.io/install.ps1 } | iex; install -project chef -version 15.7.30
If you want to give this version a spin in Test Kitchen, create or add the following to your kitchen.yml file:
provisioner:
product_name: chef
product_version: 15.7.30
Enjoy,
Tim