Hey folks,
Today we shipped Chef Infra Client 17.1 with great improvements to our new Compliance Phase as improvements to Unified Mode and built-in resources.
What's New in 17.1
Compliance Phase Improvements
cli reporter by default
The compliance phase will now default to using both the json-file
and the new cli
reporter by default. This gives you a visual indication of the success of the Compliance Phase and is perfect for running both on the CLI and in Test Kitchen.
inspec_waiver_file_entry resource
Chef Infra Client now ships with a inspec_waiver_file_entry
resource for managing Chef InSpec waivers. With this resource you can add and remove waiver entries to a single waiver file located at c:\chef\inspec_waiver_file.yml
on Windows or /etc/chef/inspec_waivers.yml
on all other systems.
See the inspec_waiver_file_entry documentation for more information and usage examples.
Chef InSpec 4.36
We've updated Chef InSpec from 4.33.1 to 4.36.4:
- Added the selinux resource which includes support for modules and booleans.
- Added the pattern input option for DSL and metadata inputs.
- Added the
members_array
property for group & groups resources. - Train now reads the username and port from the
.ssh/config
file and will use these values if present. - Switch to GNU timeout-based implementation of SSH timeouts.
- Fixed the group resource when a member does not exist.
Unified Mode Improvements
We've extended support for Unified Mode to the edit_resource
helper and also improved the Unified Mode related deprecation warnings to provide more useful information and not warn when resources are deprecated or set to only run on older Chef Infra Client releases.
Resource Improvements
service on systemd Hosts
The service
resource on systemd hosts will now properly load the state of the service. Thanks for this fix @ramereth!
systemd_unit
We updated the systemd_unit
resource to resolve a regression in Chef Infra Client 17.0 that would re-enable and restart unit files on each Chef Infra Client run. Thanks for this fix @gene1wood!
template
We updated the template
resource to allow passing the cookbook_name
variable to template files.
Windows Resource
We fixed a failure that could occur in multiple Windows resources due to larger 64-bit values that logged the error: RangeError: bignum too big to convert into 'long'
.
windows_security_policy
The windows_security_policy
resource now supports setting AuditPolicyChange
and LockoutDuration
.
yum_package / dnf_package
We've made multiple improvements to how we interact with the systems RPM database in the yum_package
and dnf_package
resources. These changes improve reliability interacting with the RPM database and includes significant performance improvements, especially when no installation or upgrade action is taken by Chef Infra Client.
Platform Detection
Rocky Linux, a RHEL clone, is now detected as a member of the rhel
platform family.
Packaging
Reduced Dependencies
Chef Infra Client 17.1 is once again smaller than previous releases thanks to reduced dependencies in the packages.
RHEL 8 Packages
We improved our RHEL 8 packages with additional RHEL 8 optimizations and EL8 in the filename.
Get the Build
As always, you can download binaries directly from downloads.chef.io or by using the mixlib-install
command-line utility:
$ mixlib-install download chef -v 17.1.35
Alternatively, you can install Chef Infra Client using one of the following command options:
# In Shell
$ curl https://omnitruck.chef.io/install.sh | sudo bash -s -- -P chef -v 17.1.35
# In Windows Powershell
. { iwr -useb https://omnitruck.chef.io/install.ps1 } | iex; install -project chef -version 17.1.35
If you want to give this version a spin in Test Kitchen, create or add the following to your kitchen.yml
file:
provisioner:
product_name: chef
product_version: 17.1.35
Enjoy,
Tim