Hey folks,
Today we shipped Chef Infra Client 17.1 with great improvements to our new Compliance Phase as improvements to Unified Mode and built-in resources.
What's New in 17.1
Compliance Phase Improvements
cli reporter by default
The compliance phase will now default to using both the json-file and the new cli reporter by default. This gives you a visual indication of the success of the Compliance Phase and is perfect for running both on the CLI and in Test Kitchen.
inspec_waiver_file_entry resource
Chef Infra Client now ships with a inspec_waiver_file_entry resource for managing Chef InSpec waivers. With this resource you can add and remove waiver entries to a single waiver file located at c:\chef\inspec_waiver_file.yml on Windows or /etc/chef/inspec_waivers.yml on all other systems.
See the inspec_waiver_file_entry documentation for more information and usage examples.
Chef InSpec 4.36
We've updated Chef InSpec from 4.33.1 to 4.36.4:
- Added the selinux resource which includes support for modules and booleans.
- Added the pattern input option for DSL and metadata inputs.
- Added the
members_arrayproperty for group & groups resources. - Train now reads the username and port from the
.ssh/configfile and will use these values if present. - Switch to GNU timeout-based implementation of SSH timeouts.
- Fixed the group resource when a member does not exist.
Unified Mode Improvements
We've extended support for Unified Mode to the edit_resource helper and also improved the Unified Mode related deprecation warnings to provide more useful information and not warn when resources are deprecated or set to only run on older Chef Infra Client releases.
Resource Improvements
service on systemd Hosts
The service resource on systemd hosts will now properly load the state of the service. Thanks for this fix @ramereth!
systemd_unit
We updated the systemd_unit resource to resolve a regression in Chef Infra Client 17.0 that would re-enable and restart unit files on each Chef Infra Client run. Thanks for this fix @gene1wood!
template
We updated the template resource to allow passing the cookbook_name variable to template files.
Windows Resource
We fixed a failure that could occur in multiple Windows resources due to larger 64-bit values that logged the error: RangeError: bignum too big to convert into 'long'.
windows_security_policy
The windows_security_policy resource now supports setting AuditPolicyChange and LockoutDuration.
yum_package / dnf_package
We've made multiple improvements to how we interact with the systems RPM database in the yum_package and dnf_package resources. These changes improve reliability interacting with the RPM database and includes significant performance improvements, especially when no installation or upgrade action is taken by Chef Infra Client.
Platform Detection
Rocky Linux, a RHEL clone, is now detected as a member of the rhel platform family.
Packaging
Reduced Dependencies
Chef Infra Client 17.1 is once again smaller than previous releases thanks to reduced dependencies in the packages.
RHEL 8 Packages
We improved our RHEL 8 packages with additional RHEL 8 optimizations and EL8 in the filename.
Get the Build
As always, you can download binaries directly from downloads.chef.io or by using the mixlib-install command-line utility:
$ mixlib-install download chef -v 17.1.35
Alternatively, you can install Chef Infra Client using one of the following command options:
# In Shell
$ curl https://omnitruck.chef.io/install.sh | sudo bash -s -- -P chef -v 17.1.35
# In Windows Powershell
. { iwr -useb https://omnitruck.chef.io/install.ps1 } | iex; install -project chef -version 17.1.35
If you want to give this version a spin in Test Kitchen, create or add the following to your kitchen.yml file:
provisioner:
product_name: chef
product_version: 17.1.35
Enjoy,
Tim