Chef Infra Client 16.6.14 Released!

Hi Everyone,

We have a new release of Chef Infra Client out today packed full of improvements for configuring the Chef Infra Client, utilizing the latest and greatest PowerShell releases, and remotely executing Chef Infra Client. Be sure to check it out!

pwsh Support

We've updated multiple parts of the Chef Infra Client to fully support Microsoft's pwsh (commonly known as PowerShell Core) in addition to our previous support for PowerShell.

powershell_script resource

The powershell_script resource includes a new interpreter property that accepts either powershell or pwsh.

powershell_script 'check version table' do
  code '$PSVersionTable'
  interpreter 'pwsh'

powershell_out / powershell_exec helpers

The powershell_out and powershell_exec helpers for use in custom resources have been updated to support pwsh with a new argument that accepts either :pwsh or :powershell.

powershell_exec('$PSVersionTable', :pwsh)

Enhanced 32-bit Windows Support

The powershell_exec helper now supports the 32-bit version of Windows. This ensures many of the newer PowerShell based resources in Chef Infra Client will function as expected on 32-bit systems.

New Resources


The chef_client_config resource allows you to manage Chef Infra Client's client.rb file without the need for the chef-client cookbook.


chef_client_config 'Create client.rb' do
  chef_server_url 'https://chef.example.dmz'

chef-client Cookbook Future

With the inclusion of the chef_client_config resource in Chef Infra Client 16.6, it is now possible to fully manage the Chef Infra Client without the need for the chef-client cookbook. We highly recommend using the chef_client_config, chef_client_trusted_certicate, and chef_client_* service resources to manage your clients instead of the chef-client cookbook. In the future we will mark that cookbook as deprecated, at which time it will no longer receive updates.

Here's a sample of fully managing Linux hosts with the built-in resources:

chef_client_config 'Create client.rb' do
  chef_server_url 'https://chef.example.dmz'

chef_client_trusted_certificate "chef.example.dmz" do
  certificate <<~CERT

chef_client_systemd_timer "Run chef-client as a systemd timer" do
  interval "1hr"
  cpu_quota 50

Target Mode Improvements

Chef Infra Client 16 introduced an experimental Target Mode feature for executing resources remotely against hosts that do not have a Chef Infra Client or even Ruby installed. For Chef Infra Client 16.6 we've improved this functionality by converting the majority of the Ohai plugins to run remotely. This means when using Target Mode you'll have the majority of Ohai data as if the Chef Infra Client was installed on the node. Keep in mind this data collection can be time consuming over high latency network connections, and cloud plugins which fetch metadata cannot currently be run remotely. Ohai also now includes a --target option for remote data gathering, which accepts a Train URI: ohai --target ssh:// We still consider Target Mode to be an experimental feature, and we'd love your feedback on what works and what doesn't in your environment.

Updated Resources


The ifconfig resource has been updated to no longer add empty blank lines to the configuration files. Thanks for this improvement @jmherbst!


The windows_audit_policy resource has been updated to fix a bug on failure-only auditing.

Ohai Improvements

Passwd Plugin For Windows

The optional Ohai Passwd plugin now supports Windows hosts in addition to Unix-like systems. To collect user/group data on Windows hosts you can use the ohai_optional_plugins property in the new chef_client_config resource to enable this plugin.

chef_client_config 'Create client.rb' do
  chef_server_url 'https://chef.example.dmz'
  ohai_optional_plugins [:Passwd]

Thanks for adding Windows support to this plugin @jaymzh!

Improved Azure Detection

The Azure plugin has been improved to better detect Windows hosts running on Azure. The plugin will now look for DHCP with the domain of Thanks for this improvement @jasonwbarnett!

EC2 IAM Role Data

Ohai now collects IAM Role data on EC2 hosts including the role name and info. To address potential security concerns the data we collect is sanitized to ensure we don't report security credentials to the Chef Infra Server. Thanks for this improvement @kcbraunschweig!


Ruby has been updated to 2.7.2, which includes a fix for CVE-2020-25613.

Get the Build

As always, you can download binaries directly from or by using the mixlib-install command-line utility:

$ mixlib-install download chef -v 16.6.14

Alternatively, you can install Chef Infra Client using one of the following command options:

# In Shell
$ curl | sudo bash -s -- -P chef -v 16.6.14

# In Windows Powershell
. { iwr -useb } | iex; install -project chef -version 16.6.14

If you want to give this version a spin in Test Kitchen, create or add the following to your kitchen.yml file:

  product_name: chef
  product_version: 16.6.14


32-bit Arm builds are available here: