Chef Infra Client 16.6.14 Released!

Hi Everyone,

We have a new release of Chef Infra Client out today packed full of improvements for configuring the Chef Infra Client, utilizing the latest and greatest PowerShell releases, and remotely executing Chef Infra Client. Be sure to check it out!

pwsh Support

We've updated multiple parts of the Chef Infra Client to fully support Microsoft's pwsh (commonly known as PowerShell Core) in addition to our previous support for PowerShell.

powershell_script resource

The powershell_script resource includes a new interpreter property that accepts either powershell or pwsh.

powershell_script 'check version table' do
  code '$PSVersionTable'
  interpreter 'pwsh'
end

powershell_out / powershell_exec helpers

The powershell_out and powershell_exec helpers for use in custom resources have been updated to support pwsh with a new argument that accepts either :pwsh or :powershell.

powershell_exec('$PSVersionTable', :pwsh)

Enhanced 32-bit Windows Support

The powershell_exec helper now supports the 32-bit version of Windows. This ensures many of the newer PowerShell based resources in Chef Infra Client will function as expected on 32-bit systems.

New Resources

chef_client_config

The chef_client_config resource allows you to manage Chef Infra Client's client.rb file without the need for the chef-client cookbook.

Example

chef_client_config 'Create client.rb' do
  chef_server_url 'https://chef.example.dmz'
end

chef-client Cookbook Future

With the inclusion of the chef_client_config resource in Chef Infra Client 16.6, it is now possible to fully manage the Chef Infra Client without the need for the chef-client cookbook. We highly recommend using the chef_client_config, chef_client_trusted_certicate, and chef_client_* service resources to manage your clients instead of the chef-client cookbook. In the future we will mark that cookbook as deprecated, at which time it will no longer receive updates.

Here's a sample of fully managing Linux hosts with the built-in resources:

chef_client_config 'Create client.rb' do
  chef_server_url 'https://chef.example.dmz'
end

chef_client_trusted_certificate "chef.example.dmz" do
  certificate <<~CERT
  -----BEGIN CERTIFICATE-----
  MIIDeTCCAmGgAwIBAgIJAPziuikCTox4MA0GCSqGSIb3DQEBCwUAMGIxCzAJBgNV
  BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNp
  c2NvMQ8wDQYDVQQKDAZCYWRTU0wxFTATBgNVBAMMDCouYmFkc3NsLmNvbTAeFw0x
  OTEwMDkyMzQxNTJaFw0yMTEwMDgyMzQxNTJaMGIxCzAJBgNVBAYTAlVTMRMwEQYD
  VQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMQ8wDQYDVQQK
  DAZCYWRTU0wxFTATBgNVBAMMDCouYmFkc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEB
  BQADggEPADCCAQoCggEBAMIE7PiM7gTCs9hQ1XBYzJMY61yoaEmwIrX5lZ6xKyx2
  PmzAS2BMTOqytMAPgLaw+XLJhgL5XEFdEyt/ccRLvOmULlA3pmccYYz2QULFRtMW
  hyefdOsKnRFSJiFzbIRMeVXk0WvoBj1IFVKtsyjbqv9u/2CVSndrOfEk0TG23U3A
  xPxTuW1CrbV8/q71FdIzSOciccfCFHpsKOo3St/qbLVytH5aohbcabFXRNsKEqve
  ww9HdFxBIuGa+RuT5q0iBikusbpJHAwnnqP7i/dAcgCskgjZjFeEU4EFy+b+a1SY
  QCeFxxC7c3DvaRhBB0VVfPlkPz0sw6l865MaTIbRyoUCAwEAAaMyMDAwCQYDVR0T
  BAIwADAjBgNVHREEHDAaggwqLmJhZHNzbC5jb22CCmJhZHNzbC5jb20wDQYJKoZI
  hvcNAQELBQADggEBAGlwCdbPxflZfYOaukZGCaxYK6gpincX4Lla4Ui2WdeQxE95
  w7fChXvP3YkE3UYUE7mupZ0eg4ZILr/A0e7JQDsgIu/SRTUE0domCKgPZ8v99k3A
  vka4LpLK51jHJJK7EFgo3ca2nldd97GM0MU41xHFk8qaK1tWJkfrrfcGwDJ4GQPI
  iLlm6i0yHq1Qg1RypAXJy5dTlRXlCLd8ufWhhiwW0W75Va5AEnJuqpQrKwl3KQVe
  wGj67WWRgLfSr+4QG1mNvCZb2CkjZWmxkGPuoP40/y7Yu5OFqxP5tAjj4YixCYTW
  EVA0pmzIzgBg+JIe3PdRy27T0asgQW/F4TY61Yk=
  -----END CERTIFICATE-----
  CERT
end

chef_client_systemd_timer "Run chef-client as a systemd timer" do
  interval "1hr"
  cpu_quota 50
end

Target Mode Improvements

Chef Infra Client 16 introduced an experimental Target Mode feature for executing resources remotely against hosts that do not have a Chef Infra Client or even Ruby installed. For Chef Infra Client 16.6 we've improved this functionality by converting the majority of the Ohai plugins to run remotely. This means when using Target Mode you'll have the majority of Ohai data as if the Chef Infra Client was installed on the node. Keep in mind this data collection can be time consuming over high latency network connections, and cloud plugins which fetch metadata cannot currently be run remotely. Ohai also now includes a --target option for remote data gathering, which accepts a Train URI: ohai --target ssh://foobar.example.org/. We still consider Target Mode to be an experimental feature, and we'd love your feedback on what works and what doesn't in your environment.

Updated Resources

ifconfig

The ifconfig resource has been updated to no longer add empty blank lines to the configuration files. Thanks for this improvement @jmherbst!

windows_audit_policy

The windows_audit_policy resource has been updated to fix a bug on failure-only auditing.

Ohai Improvements

Passwd Plugin For Windows

The optional Ohai Passwd plugin now supports Windows hosts in addition to Unix-like systems. To collect user/group data on Windows hosts you can use the ohai_optional_plugins property in the new chef_client_config resource to enable this plugin.

chef_client_config 'Create client.rb' do
  chef_server_url 'https://chef.example.dmz'
  ohai_optional_plugins [:Passwd]
end

Thanks for adding Windows support to this plugin @jaymzh!

Improved Azure Detection

The Azure plugin has been improved to better detect Windows hosts running on Azure. The plugin will now look for DHCP with the domain of reddog.microsoft.com. Thanks for this improvement @jasonwbarnett!

EC2 IAM Role Data

Ohai now collects IAM Role data on EC2 hosts including the role name and info. To address potential security concerns the data we collect is sanitized to ensure we don't report security credentials to the Chef Infra Server. Thanks for this improvement @kcbraunschweig!

Security

Ruby has been updated to 2.7.2, which includes a fix for CVE-2020-25613.

Get the Build

As always, you can download binaries directly from downloads.chef.io or by using the mixlib-install command-line utility:

$ mixlib-install download chef -v 16.6.14

Alternatively, you can install Chef Infra Client using one of the following command options:

# In Shell
$ curl https://omnitruck.chef.io/install.sh | sudo bash -s -- -P chef -v 16.6.14

# In Windows Powershell
. { iwr -useb https://omnitruck.chef.io/install.ps1 } | iex; install -project chef -version 16.6.14

If you want to give this version a spin in Test Kitchen, create or add the following to your kitchen.yml file:

provisioner:
  product_name: chef
  product_version: 16.6.14

Enjoy,
Tim

32-bit Arm builds are available here: https://mattray.github.io/arm/