Hey folks,
I'm very happy to announce we've released Chef Infra Client 17.2 with some great overall improvements to the Infra Client experience. Be sure to check it out.
What's New in 17.2
Compliance Phase Improvements
Chef InSpec 4.37
We've updated Chef InSpec from 4.36.4 to 4.37.8:
New Features
- The new
inspec automatecommand replaces theinspec compliancecommand, which is now deprecated. - Added support for
zfs_poolandzfs_datasetresources on Linux. - Improved
portresource performance: adding more specific search while usingsscommand. - Updated the
inspec init plugincommand with the following changes:- The values of flags passed to the
inspec init plugincommand are now wrapped in double quotes instead of single quotes. - Template files are now ERB files.
- The
activatorflag replaces thehookflag, which is now an alias.
- The values of flags passed to the
Bug Fixes
- Fixed an error when using profile dependencies and require_controls.
- Fixed the
windows_firewall_ruleresource when it failed to validate more than one rule. - The
httpresource response body is now coerced into UTF-8. - Modified the
windows_featureresource to indicate if a feature is enabled rather than just available. fileresourcemore_permissive_thanmatcher returns nil instead of throwing an exception when the file does not exist.inspec detect --no-colornow returns color-free output.
Slow Resource Report
Chef Infra Client now includes a --slow-report flag that shows the 10 slowest running resources in a Chef Infra Client run to help you troubleshoot and optimize your cookbooks. This new flag also takes an argument for the number of resources to list if you'd like to see additional resources included in the output. Our next release of Chef Workstation will include the ability to set this flag in Test Kitchen to allow testing for slow resources in the development process.
Example Output
Starting Chef Infra Client, version 17.2.12
Patents: https://www.chef.io/patents
resolving cookbooks for run list: ["test"]
Synchronizing Cookbooks:
- test (0.0.1)
Installing Cookbook Gems:
Compiling Cookbooks...
Converging 1 resources
Recipe: test::default
* file[/tmp/foo.xzy] action create (up to date)
Running handlers:
Top 1 slowest resource:
resource elapsed_time cookbook recipe source
------------------ ------------ -------- ------- ----------------------------------------
file[/tmp/foo.xzy] 0.015114 test default test/recipes/default.rb:2:in `from_file'
- Chef::Handler::SlowReport
Running handlers complete
Chef Infra Client finished, 0/1 resources updated in 03 seconds
Improved YAML Recipe Support
Chef Infra Client now supports both .yaml and .yml file extensions for recipes. If a .yml and .yaml recipe of the same name is present, Chef Infra Client will now fail as there is no way to determine which recipe should be loaded in this case.
Improved Reporting to Automate
Chef Infra Client run reporting to Automate now respects attribute allowlist and denylist configurations set in the client.rb. This change allows users to limit the data sent to their Automate servers to prevent indexing sensitive data or to reduce the necessary storage space on the Automate server.
Updated Resources
homebrew_path
The homebrew_path now passes the homebrew_path when creating or deleting taps. This change prevents failures when running homebrew in a non-standard location or on a M1 system. Thanks @mattlqx!
hostname
The hostname resource now sets the hostname on Windows systems using native PowerShell calls for increased reliability and allows changing the hostname on domain-attached systems. To change the hostname on a domain-attached system, pass a domain administrator account using the new domain_user and domain_password properties.
openssl_x509_certificate
The openssl_x509_certificate no longer marks the creation of the X509 certificate file as sensitive since this makes troubleshooting difficult and this content is not sensitive. Thanks @jasonwbarnett!
windows_firewall_rule
The windows_firewall_rule resource now allows specifying multiple IP addresses in the remote_address property.
windows_pagefile
The windows_pagefile resource features improved performance and support for the latest releases of Windows 10. These improvements also make managing pagefiles more predictable:
- The
pathproperty now accepts a drive letter in addition to the full path of the pagefile on disk. For example,C,C:, orC:\can now be used to specify a pagefile stored atC:\pagefile.sys. - Creating a new pagefile no longer disables the system-managed pagefile by default. If you wish to create a pagefile while also disabling the system-managed pagefile, set
system_managed false.
windows_printer
The windows_printer resource includes improved logging when adding or removing printers.
windows_printer_port
The windows_printer_port resource has been refactored with several improvements:
- Better performance when adding and removing ports.
- Supports updating existing ports with new values.
- Clearer logging of changes made to ports.
- Deprecated the
descriptionproperty, which does not set a description on the ports.
windows_security_policy
The windows_security_policy resource now limits the value of ResetLockoutCount to any value less than LockoutDuration rather than limiting it to 30 minutes.
zypper_repository
The zypper_repository resource now accepts an array of GPG key locations in the gpgkey property. Thanks for reporting this @bkabrda.
Get the Build
As always, you can download binaries directly from downloads.chef.io or by using the mixlib-install command-line utility:
$ mixlib-install download chef -v 17.2.29
Alternatively, you can install Chef Infra Client using one of the following command options:
# In Shell
$ curl https://omnitruck.chef.io/install.sh | sudo bash -s -- -P chef -v 17.2.29
# In Windows Powershell
. { iwr -useb https://omnitruck.chef.io/install.ps1 } | iex; install -project chef -version 17.2.29
If you want to give this version a spin in Test Kitchen, create or add the following to your kitchen.yml file:
provisioner:
product_name: chef
product_version: 17.2.29
Enjoy,
Tim