We are delighted to announce the availability of version 17.8.25 of Chef Infra Client.
Compliance Phase Improvements
CLI Output
Chef Infra Client will now always show the Compliance Phase output on the CLI when run.
Interval Runs
You can now run the Compliance Phase at less frequent intervals than the main Chef Infra Client Infra Phase. This is helpful if compliance scans impact the system performance and are only necessary on a less frequent cadence. To enable interval runs, set the following attributes:
-
node['audit']['interval']['enabled']
: Set to true to enable interval runs. -
node['audit']['interval']['time']
: The time in minutes between Compliance Phase execution. This defaults to 1440 (once a day).
InSpec 4.50.3
Chef InSpec has been updated from 4.49.0 to 4.50.3 which adds Windows support to the http resource.
Resource Updates
All Resources
Updated the umask
common property to accept both Strings and Integers, restoring pre-Chef Infra Client 17 behavior on several resources.
chef_client_launchd
Updated the chef_client_launchd
resource to properly handle restarting the Chef Infra Client service when a configuration change is made.
chef_gem
Updated the chef_gem
resource with significant performance improvements, especially on Windows hosts.
dnf_package
The dnf_package
resource now supports the allow_downgrade
property. This removes the previous deprecation warning when using the allow_downgrade
property with dnf_package
.
dpkg_package
The dpkg_package
resource now properly compares versions with the :upgrade
action to prevent package installation on each Chef Infra Client run.
macos_userdefaults
Updated the macos_userdefaults
resource to resolve failures from coercing certain data types in properties.
mount
Updated the mount
resource to converge idempotently on Linux with loopback mounts. Thanks for reporting this issue @Blorpy!
powershell_package
Refactored the powershell_package
package to improve performance, especially on subsequent Chef Infra Client runs where no changes need to be performed.
rhsm_register
Updated the rhsm_register
resource with the following new properties for managing how a node is registered with RHSM:
server_url
base_url
service_level
release
See the rhsm_register resource documentation for more information on using these new properties.
windows_feature_powershell
Refactored the windows_feature_powershell
package to improve performance, especially on subsequent Chef Infra Client runs where no changes need to be performed.
zypper_package
Updated the zypper_package
resource to prevent failures when removing packages that do not exist on the system or in available Zypper repositories.
Packaging
coreutils Dependency
Chef Infra Client RPMs now depend on coreutils. This resolves an issue where Chef Infra Client may install before coreutils
when used in a kickstart script, causing the installation of the chef-client symlink to fail.
macOS 10.14 Package Removal
With the release of macOS 12, our N-2 macOS release policy now includes macOS 12, 11, and 10.15. macOS 10.14 packages will no longer be produced.
Security
Ruby 3.0.3
Ruby has been updated from 3.0.2 to 3.0.3 to resolve the following CVEs:
- CVE-2021-41817
- CVE-2021-41816
- CVE-2021-41819
Get the Build
As always, you can download binaries directly from downloads.chef.io or by using the mixlib-install
command-line utility:
$ mixlib-install download chef -v 17.8.25
Alternatively, you can install Chef Infra Client using one of the following command options:
# In Shell
$ curl https://omnitruck.chef.io/install.sh | sudo bash -s -- -P chef -v 17.8.25
# In Windows Powershell
. { iwr -useb https://omnitruck.chef.io/install.ps1 } | iex