Chef Infra Client 17.9.18 Released!

chef-ci · December 23, 2021, 3:22am

We are delighted to announce the availability of version 17.9.18 of Chef Infra Client.

Bug Fixes

Resolved a failure in the windows_feature_powershell resource introduced in Chef Infra Client 17.8.

Compliance Phase

InSpec 4.52.9

Updated InSpec from 4.50.3 to 4.52.9 with the following improvements:

Added remote target support for Alpine Linux.
Added the ability to specify a proxy as a parameter in the http resource.
Added support for TLS 1.3 to the ssl resource.
Fixed an edge case in the service resource where InSpec may falsely detect services as enabled on FreeBSD if that service is the suffix of another enabled service.
Fixed the ibmdb2_session resource so that it now correctly accepts queries with clauses.
Fixed the oracledb_session resource to properly handle nil in the query output.
Fixed the packages resource to correctly list only installed packages on Alpine Linux.

Secrets Manager Integrations

HashiCorp Vault AppRole Support

The secrets helper now supports fetching secrets from HashiCorp Vault using AppRole authentication.

Fetching secret data using an AppRole ID and an associated AppRole Secret ID:

secret(name: 'secret/example',
      service: :hashi_vault,
      config: {
        vault_addr: 'vault.example.com',
        auth_method: :approle,
        approle_id: "11111111-abcd-1111-abcd-111111111111",
        approle_secret_id: "22222222-abcd-2222-abcd-222222222222"
      })

Fetching secret data using a token and an AppRole name creates a SecretID associated with that AppRole:

secret(name: 'secret/example',
      service: :hashi_vault,
      config: {
        vault_addr: 'vault.example.com',
        auth_method: :approle,
        approle_name: "my-approle",
        token: '123456'
      })

Resource Updates

homebrew_tap

Updated the homebrew_tap resource to remove the full property. Homebrew no longer supports the --full option, and attempting to use it causes Homebrew to fail.

yum_package

The yum_package resource has received extensive refactoring to align its functionality with the dnf_package resource and expand how package names and versions can be provided.

The following ways of calling yum_package with a single name argument have been fixed and are now supported:

yum_package "ypbind-3:1.37.1"
yum_package "ypbind-3:1.37.1-9.el7"

The following ways of calling yum_package with a single named argument are still supported:

yum_package "ypbind-1.37.1"
yum_package "ypbind-1.37*"
yum_package "ypbind-1.37.1-*"
yum_package "ypbind-1.37*-*"
yum_package "ypbind-*:1.37.1-*"
yum_package "ypbind-*:1.37*-*"
yum_package "ypbind-1.37.1-9.el7"
yum_package "ypbind-1.37*-9.el7"
yum_package "ypbind-1.37.1-9.*"

The following ways of calling yum_package with a single named argument do not properly match candidate versions (due to support in the underlying YUM libraries) and will fail:

yum_package "ypbind-3:1.37*-9.el7"
yum_package "ypbind-3:1.37.*"
yum_package "ypbind-3:1.37.1-9.*"

The following ways of calling yum_package with a version property have been fixed and are now supported:

yum_package "ypbind" do
  version "1.37*"
end
yum_package "ypbind" do
  version "1.37.1-*"
end
yum_package "ypbind" do
  version "1.37*-*"
end
yum_package "ypbind" do
  version "3:1.37.1-9.el7"
end
yum_package "ypbind" do
  version "*:1.37.1-*"
end
yum_package "ypbind" do
  version "*:1.37*-*"
end
yum_package "ypbind" do
  version "1.37.1-9.el7"
end
yum_package "ypbind" do
  version "1.37*-9.el7"
end
yum_package "ypbind" do
  version "1.37.1-9.*"
end

The following ways of calling yum_package with a version property were not idempotent and that has been fixed (there was previously no way to correctly use the version property of the yum_package resource and have it behave idempotently):

yum_package "ypbind" do
  version "1.37.1"
end

yum_package "ypbind" do
  version "3:1.37.1"
end

The following ways of calling yum_package with a version property do not properly match candidate versions (due to support in the underlying yum libraries) and will fail:

yum_package "ypbind" do
  version "3:1.37*-9.el7"
end
yum_package "ypbind" do
  version "3:1.37.*"
end
yum_package "ypbind" do
  version "3:1.37.1-9.*"
end

We strongly encourage users to always provide the full epoch, version, and release (EVR) of an RPM since omitting the epoch is ambiguous and the RPM, YUM, and DNF libraries tend to assume zero when the epoch is omitted. Omitting the release is also not a best practice, but may be required due to the convention of embedding the distribution string in the release.

The same fixes apply to the :upgrade action. The :remove action may have been similarly fixed, and we have added many additional tests to the test suite around idempotency and correctness.

System Detection

Improved VMware detection

Ohai now collects hypervisor information on Windows guests and provides more information in the node['vmware'] attribute.
The properties node['vmware']['host'] and node['vmware']['guest'] provide more information about the hypervisor and the running version of the VMware Tools package. For example, you can use `node['vmware'] to get information about VM running on VMware vSphere:

{
  "host": {
    "type": "vmware_vsphere",
    "version": "VMware ESX 7.0.0 build-15843807"
  },
  "guest": {
    "vmware_tools_version": "11.0.5.17716"
  },
  "hosttime": "09 Dec 2021 12:16:55",
  "speed": "1992 MHz",
  "sessionid": "0x5ff24c6ec541d5ac",
  "balloon": "0 MB",
  "swap": "0 MB",
  "memlimit": "4294967295 MB",
  "memres": "0 MB",
  "cpures": "0 MHz",
  "cpulimit": "4294967295 MHz",
  "upgrade": "",
  "timesync": "Disabled"
}

The Chef Infra language also has two new helpers for detecting the guest VMware hypervisor:

vmware_desktop?: Determines if the current node is virtualized on VMware Desktop (Fusion/Player/Workstation).
vmware_vsphere?: Determines if the current node is virtualized on VMware vSphere (ESX).

Thanks for this new functionality @tecracer-theinen!

Packaging

RHEL 8 Build ID

Chef Infra Client packages no longer install a build ID file that prevents installing other Chef packages such as Infra Server or Workstation.

Get the Build

As always, you can download binaries directly from chef.io/downloads or by using the mixlib-install command-line utility:

$ mixlib-install download chef -v 17.9.18

Alternatively, you can install Chef Infra Client using one of the following command options:

# In Shell
$ curl https://omnitruck.chef.io/install.sh | sudo bash -s -- -P chef -v 17.9.18
# In Windows Powershell
. { iwr -useb https://omnitruck.chef.io/install.ps1 } | iex

Topic	Replies	Views
Chef Infra Client 16.17.39 Released! Chef Release Announcements	431	January 27, 2022
Chef Infra Client 16.15.22 Released! Chef Release Announcements	1014	September 22, 2021
Chef Infra Client 16.16.7 Released! Chef Release Announcements	697	September 30, 2021
Chef Infra Client 17.10.95 Released! Chef Release Announcements	851	November 27, 2023
Chef Infra Client 17.6.15 Released! Chef Release Announcements	441	October 1, 2021