Chef Infra Client 17.2 released!

Hey folks,

I'm very happy to announce we've released Chef Infra Client 17.2 with some great overall improvements to the Infra Client experience. Be sure to check it out.

What's New in 17.2

Compliance Phase Improvements

Chef InSpec 4.37

We've updated Chef InSpec from 4.36.4 to 4.37.8:

New Features
  • The new inspec automate command replaces the inspec compliance command, which is now deprecated.
  • Added support for zfs_pool and zfs_dataset resources on Linux.
  • Improved port resource performance: adding more specific search while using ss command.
  • Updated the inspec init plugin command with the following changes:
    • The values of flags passed to the inspec init plugin command are now wrapped in double quotes instead of single quotes.
    • Template files are now ERB files.
    • The activator flag replaces the hook flag, which is now an alias.
Bug Fixes
  • Fixed an error when using profile dependencies and require_controls.
  • Fixed the windows_firewall_rule resource when it failed to validate more than one rule.
  • The http resource response body is now coerced into UTF-8.
  • Modified the windows_feature resource to indicate if a feature is enabled rather than just available.
  • file resource more_permissive_than matcher returns nil instead of throwing an exception when the file does not exist.
  • inspec detect --no-color now returns color-free output.

Slow Resource Report

Chef Infra Client now includes a --slow-report flag that shows the 10 slowest running resources in a Chef Infra Client run to help you troubleshoot and optimize your cookbooks. This new flag also takes an argument for the number of resources to list if you'd like to see additional resources included in the output. Our next release of Chef Workstation will include the ability to set this flag in Test Kitchen to allow testing for slow resources in the development process.

Example Output

Starting Chef Infra Client, version 17.2.12
resolving cookbooks for run list: ["test"]
Synchronizing Cookbooks:
  - test (0.0.1)
Installing Cookbook Gems:
Compiling Cookbooks...
Converging 1 resources
Recipe: test::default
  * file[/tmp/foo.xzy] action create (up to date)

Running handlers:

Top 1 slowest resource:

resource           elapsed_time cookbook recipe  source
------------------ ------------ -------- ------- ----------------------------------------
file[/tmp/foo.xzy] 0.015114     test     default test/recipes/default.rb:2:in `from_file'

  - Chef::Handler::SlowReport
Running handlers complete
Chef Infra Client finished, 0/1 resources updated in 03 seconds

Improved YAML Recipe Support

Chef Infra Client now supports both .yaml and .yml file extensions for recipes. If a .yml and .yaml recipe of the same name is present, Chef Infra Client will now fail as there is no way to determine which recipe should be loaded in this case.

Improved Reporting to Automate

Chef Infra Client run reporting to Automate now respects attribute allowlist and denylist configurations set in the client.rb. This change allows users to limit the data sent to their Automate servers to prevent indexing sensitive data or to reduce the necessary storage space on the Automate server.

Updated Resources


The homebrew_path now passes the homebrew_path when creating or deleting taps. This change prevents failures when running homebrew in a non-standard location or on a M1 system. Thanks @mattlqx!


The hostname resource now sets the hostname on Windows systems using native PowerShell calls for increased reliability and allows changing the hostname on domain-attached systems. To change the hostname on a domain-attached system, pass a domain administrator account using the new domain_user and domain_password properties.


The openssl_x509_certificate no longer marks the creation of the X509 certificate file as sensitive since this makes troubleshooting difficult and this content is not sensitive. Thanks @jasonwbarnett!


The windows_firewall_rule resource now allows specifying multiple IP addresses in the remote_address property.


The windows_pagefile resource features improved performance and support for the latest releases of Windows 10. These improvements also make managing pagefiles more predictable:

  • The path property now accepts a drive letter in addition to the full path of the pagefile on disk. For example, C, C:, or C:\ can now be used to specify a pagefile stored at C:\pagefile.sys.
  • Creating a new pagefile no longer disables the system-managed pagefile by default. If you wish to create a pagefile while also disabling the system-managed pagefile, set system_managed false.


The windows_printer resource includes improved logging when adding or removing printers.


The windows_printer_port resource has been refactored with several improvements:

  • Better performance when adding and removing ports.
  • Supports updating existing ports with new values.
  • Clearer logging of changes made to ports.
  • Deprecated the description property, which does not set a description on the ports.


The windows_security_policy resource now limits the value of ResetLockoutCount to any value less than LockoutDuration rather than limiting it to 30 minutes.


The zypper_repository resource now accepts an array of GPG key locations in the gpgkey property. Thanks for reporting this @bkabrda.

Get the Build

As always, you can download binaries directly from or by using the mixlib-install command-line utility:

$ mixlib-install download chef -v 17.2.29

Alternatively, you can install Chef Infra Client using one of the following command options:

# In Shell
$ curl | sudo bash -s -- -P chef -v 17.2.29
# In Windows Powershell
. { iwr -useb } | iex; install -project chef -version 17.2.29

If you want to give this version a spin in Test Kitchen, create or add the following to your kitchen.yml file:

  product_name: chef
  product_version: 17.2.29