We are delighted to announce the availability of version 17.8.25 of Chef Infra Client.
Compliance Phase Improvements
CLI Output
Chef Infra Client will now always show the Compliance Phase output on the CLI when run.
Interval Runs
You can now run the Compliance Phase at less frequent intervals than the main Chef Infra Client Infra Phase. This is helpful if compliance scans impact the system performance and are only necessary on a less frequent cadence. To enable interval runs, set the following attributes:
-
node['audit']['interval']['enabled']: Set to true to enable interval runs. -
node['audit']['interval']['time']: The time in minutes between Compliance Phase execution. This defaults to 1440 (once a day).
InSpec 4.50.3
Chef InSpec has been updated from 4.49.0 to 4.50.3 which adds Windows support to the http resource.
Resource Updates
All Resources
Updated the umask common property to accept both Strings and Integers, restoring pre-Chef Infra Client 17 behavior on several resources.
chef_client_launchd
Updated the chef_client_launchd resource to properly handle restarting the Chef Infra Client service when a configuration change is made.
chef_gem
Updated the chef_gem resource with significant performance improvements, especially on Windows hosts.
dnf_package
The dnf_package resource now supports the allow_downgrade property. This removes the previous deprecation warning when using the allow_downgrade property with dnf_package.
dpkg_package
The dpkg_package resource now properly compares versions with the :upgrade action to prevent package installation on each Chef Infra Client run.
macos_userdefaults
Updated the macos_userdefaults resource to resolve failures from coercing certain data types in properties.
mount
Updated the mount resource to converge idempotently on Linux with loopback mounts. Thanks for reporting this issue @Blorpy!
powershell_package
Refactored the powershell_package package to improve performance, especially on subsequent Chef Infra Client runs where no changes need to be performed.
rhsm_register
Updated the rhsm_register resource with the following new properties for managing how a node is registered with RHSM:
server_urlbase_urlservice_levelrelease
See the rhsm_register resource documentation for more information on using these new properties.
windows_feature_powershell
Refactored the windows_feature_powershell package to improve performance, especially on subsequent Chef Infra Client runs where no changes need to be performed.
zypper_package
Updated the zypper_package resource to prevent failures when removing packages that do not exist on the system or in available Zypper repositories.
Packaging
coreutils Dependency
Chef Infra Client RPMs now depend on coreutils. This resolves an issue where Chef Infra Client may install before coreutils when used in a kickstart script, causing the installation of the chef-client symlink to fail.
macOS 10.14 Package Removal
With the release of macOS 12, our N-2 macOS release policy now includes macOS 12, 11, and 10.15. macOS 10.14 packages will no longer be produced.
Security
Ruby 3.0.3
Ruby has been updated from 3.0.2 to 3.0.3 to resolve the following CVEs:
- CVE-2021-41817
- CVE-2021-41816
- CVE-2021-41819
Get the Build
As always, you can download binaries directly from downloads.chef.io or by using the mixlib-install command-line utility:
$ mixlib-install download chef -v 17.8.25
Alternatively, you can install Chef Infra Client using one of the following command options:
# In Shell
$ curl https://omnitruck.chef.io/install.sh | sudo bash -s -- -P chef -v 17.8.25
# In Windows Powershell
. { iwr -useb https://omnitruck.chef.io/install.ps1 } | iex