Chef Infra Client 17.1 Released!

Hey folks,

Today we shipped Chef Infra Client 17.1 with great improvements to our new Compliance Phase as improvements to Unified Mode and built-in resources.

What's New in 17.1

Compliance Phase Improvements

cli reporter by default

The compliance phase will now default to using both the json-file and the new cli reporter by default. This gives you a visual indication of the success of the Compliance Phase and is perfect for running both on the CLI and in Test Kitchen.

inspec_waiver_file_entry resource

Chef Infra Client now ships with a inspec_waiver_file_entry resource for managing Chef InSpec waivers. With this resource you can add and remove waiver entries to a single waiver file located at c:\chef\inspec_waiver_file.yml on Windows or /etc/chef/inspec_waivers.yml on all other systems.

See the inspec_waiver_file_entry documentation for more information and usage examples.

Chef InSpec 4.36

We've updated Chef InSpec from 4.33.1 to 4.36.4:

  • Added the selinux resource which includes support for modules and booleans.
  • Added the pattern input option for DSL and metadata inputs.
  • Added the members_array property for group & groups resources.
  • Train now reads the username and port from the .ssh/config file and will use these values if present.
  • Switch to GNU timeout-based implementation of SSH timeouts.
  • Fixed the group resource when a member does not exist.

Unified Mode Improvements

We've extended support for Unified Mode to the edit_resource helper and also improved the Unified Mode related deprecation warnings to provide more useful information and not warn when resources are deprecated or set to only run on older Chef Infra Client releases.

Resource Improvements

service on systemd Hosts

The service resource on systemd hosts will now properly load the state of the service. Thanks for this fix @ramereth!


We updated the systemd_unit resource to resolve a regression in Chef Infra Client 17.0 that would re-enable and restart unit files on each Chef Infra Client run. Thanks for this fix @gene1wood!


We updated the template resource to allow passing the cookbook_name variable to template files.

Windows Resource

We fixed a failure that could occur in multiple Windows resources due to larger 64-bit values that logged the error: RangeError: bignum too big to convert into 'long'.


The windows_security_policy resource now supports setting AuditPolicyChange and LockoutDuration.

yum_package / dnf_package

We've made multiple improvements to how we interact with the systems RPM database in the yum_package and dnf_package resources. These changes improve reliability interacting with the RPM database and includes significant performance improvements, especially when no installation or upgrade action is taken by Chef Infra Client.

Platform Detection

Rocky Linux, a RHEL clone, is now detected as a member of the rhel platform family.


Reduced Dependencies

Chef Infra Client 17.1 is once again smaller than previous releases thanks to reduced dependencies in the packages.

RHEL 8 Packages

We improved our RHEL 8 packages with additional RHEL 8 optimizations and EL8 in the filename.

Get the Build

As always, you can download binaries directly from or by using the mixlib-install command-line utility:

$ mixlib-install download chef -v 17.1.35

Alternatively, you can install Chef Infra Client using one of the following command options:

# In Shell
$ curl | sudo bash -s -- -P chef -v 17.1.35
# In Windows Powershell
. { iwr -useb } | iex; install -project chef -version 17.1.35

If you want to give this version a spin in Test Kitchen, create or add the following to your kitchen.yml file:

  product_name: chef
  product_version: 17.1.35