Chef Infra Client 18.0.169 Released!

We are delighted to announce the availability of version 18.0.169 of Chef Infra Client.

REST Operations Resource Support

Added REST operations to the resources DSL. (#12755)

This allows you to create a resource partial that can be used in a custom resource like this:

use "core::rest_resource"

provides :rest_resource_by_query, target_mode: true

property :address, String, required: true
property :prefix, Integer, required: true
property :gateway, String

rest_api_collection "/api/v1/addresses"
rest_api_document   "/api/v1/address/?ip={address}"
rest_property_map({
  address: "address",
  prefix: "prefix",
  gateway: "gateway",
})

Thanks to the folks at tecRacer for providing the foundation for this feature.

Unified Mode in Custom Resources

Unified mode is now enabled for custom resources by default. (#12692)

In Chef Infra Client 16, we introduced unified mode allowing you to collapse the sometimes confusing compile and converge phases into a single unified phase. Unified mode makes it easier to write and troubleshoot failures in custom resources and this is now the default execution phase for custom resources. Set unified_mode false in a custom resource if you need to disable unified mode.

Potential Breaking Change

If your custom resources have specific compile/converge phase behaviors, please test them for compatibility. For more information, see the Out of Order Execution section of the Unified Mode documentation.

Note:

Chef-18.0.169 - While other platforms are now using Ruby 3.1, AIX is still using Ruby 3.0.

Known Issues:

FIPS support on Windows: Shortly before the Chef final GA build of Client 18 an issue was discovered with FIPS support for windows. We are currently investigating the root cause and correcting the issue. However please note FIPS support will not be available in the initial GA (18.0) version for Windows (all versions). We have prioritized the remediation for this issue and FIPS support will be released in the next minor version of Chef Infra Client 18.1. The date of issuance for Chef Infra Client 18.1 with FIPS support is under review and will be updated on all major communicates channels when established.

New Resources

selinux_boolean

Use the selinux_boolean resource to set SELinux boolean values. See the selinux_boolean resource documentation for additional information.

selinux_fcontext

Use the selinux_fcontext resource to set the SELinux context of files. See the selinux_fcontext resource documentation for additional information.

selinux_install

Use the selinux_install resource to encapsulate the set of SELinux packages to install in order to manage SELinux. See the selinux_install resource documentation for additional information.

selinux_module

Use the selinux_module module resource to create an SELinux policy module from a cookbook file or content provided as a string. See the selinux_module resource documentation for additional information.

selinux_permissive

Use the selinux_permissive resource to allow some domains to misbehave without stopping them. See the selinux_permissive resource documentation for additional information.

selinux_port

Use the selinux_port resource to assign a network port to a specific SELinux context. See the selinux_port resource documentation for additional information.

selinux_state

Use the selinux_state resource to manage the SELinux state on a system. See the selinux_state resource documentation for additional information.

Resource Updates

chef_client_config

The :create action will now create directories defined in the resource properties if they are defined but don't exist. (#12416)

Added a rubygems_url property that allows users to specify URI as a source for Ruby gems. This could be an internal mirror of rubygems for airgapped environments. (#12724) Thanks (DecoyJoe)!

chef_client_launchd

The chef_client_launchd resource now runs at load instead instead of requiring a system restart before running. (#12706)

rhsm_register

The rhsm_register resource now flushes the internal package cache after registering with Red Hat Satellite. (#12828) Thanks for fixing this @jasonwbarnett!

user

The user resource now has expire_date and inactive properties on Linux systems that specify the date a user account will be disabled and the number days after a password expires before an account is permanently disabled.

Secrets Manager Integration

The Secrets Management Integration helper is now a fully supported feature. The Secrets Management Integration helper allows you to fetch secrets from the following secrets management systems within your Infra recipes or resources:

  • AWS Secrets Manager
  • Akeyless Vault
  • Azure Key Vault
  • HashiCorp Vault

Platform Support Updates

AIX 7.3

Chef Infra Client packages are now produced for AIX 7.3.

AlmaLinux 8

Chef Infra Client packages are now produced for AlmaLinux 8.

Amazon 2022

Chef Infra Client packages are now produced for Amazon Linux 2022.

CentOS 8

CentOS 8 became end-of-life on December 2021. Chef Infra Client packages are no longer produced for CentOS 8, which is being replaced by AlmaLinux 8.

Windows 8

Chef Infra Client packages are no longer produced for Windows 8.

32-bit Windows

Chef Infra Client packages are no longer produced for 32-bit versions of Windows.

Security

Sensitive Properties in Custom Resources

Fixed an issue in custom resources where Chef Infra Client was logging data of properties with sensitive: true and desired_state: false. (#13014)

Migrate PEM Storage to Certificate Store for Windows

Use migrate_key_to_keystore true in the Chef Infra Client config.rb to migrate certificates to the Windows certificate store on Windows nodes.
This creates a PFX certificate, extracts a public key from the certificate and sends it to the Chef Infra Server, and then stores the certificate in the local certificate store.

Certificates have a 90-day lifespan. If a certificate is expiring, Infra Client will automatically generate a new one and store it in the local certificate store, and then generate and replace the older public key on the Infra Server. (#12910) (#12640) (#12426) (#12518)

Updated Components

  • license_scout 1.0 -> 1.3 (#12992)
  • ncurses 5.9 -> 6.3 (#12953)
  • libxml2 2.9.10 -> 2.9.13 (#12752)
  • libxslt 1.1.14 -> 1.1.15 (#12752)
  • win32-api 1.5.3 -> 1.5 to allow for the latest releases (#12614)
  • diff-lcs to not 1.4.0 and < 1.6.0 (#12534)
  • Windows versions are now built on Universal CRT (#12959)
  • Use new msys2-based development kit for Windows (#13097)
  • inspec 4.23 -> 5.18.14 (#13144)

Bug Fixes

  • Fixed the chef_client_config resource to properly return the datacollector parameters. (#12732)
  • Fixed the zypper-package resource so it correctly handles packages specified in the source property. (#12182)
  • Fixed the plist resource so it will correctly generate a new file using the file resource. (#12680). Thanks (jazaval)!
  • Fixed the mount resource so it can handle spaces in a file path. (#11626)
  • Fixed the crod_d resource so it will accept a space in the name of the resource block. (#12377)
  • Fixed the locale resource regenerated all installed locales on every Chef Infra run. (#12833)
  • Fixed an issue when specifying a package version when using the yum_package resource. (#12657)
  • Fixed missing X-Vault-AWS-IAM-Server-ID header in the Secrets Management Integration helper when using AWS IAM to fetch secrets from HashiCorp Vault. (#12956)
  • Improved error message when using knife upload to upload a file with a syntax error to chef-zero. (#11678)
  • Fixed bug where ChefSpec fails to load Compliance Profiles in Compliance Phase that contain an InSpec profile. (#12830)
  • Fixed a performance issue when reading attributes from nodes. (#12742)
  • Fixed an issue where a PEM file was not generated when a new user is created with knife user create. (#12619)
  • Resolved failures when running the audit-enforcer reporter. (#12595)
  • Introduced a new compliance-enforcer reporter as an alias to the audit-enforcer. This forces the Infra Client run to fail if the Compliance Phase fails. (#12595)
  • The subscribes property in a resource will now validate an incorrectly formatted resource call. (#12525)
  • Fixes bug in compare_user on linux systems.(13223) - Shoutout to fretb from the community!
  • Fixes missing require and small error in REST implementation(13066) - Shoutout to tecracer-theinen from the community!

Get the Build

As always, you can download binaries directly from chef.io/downloads or by using the mixlib-install command-line utility:

$ mixlib-install download chef -v 18.0.169

Alternatively, you can install Chef Infra Client using one of the following command options:

# In Shell
$ curl https://omnitruck.chef.io/install.sh | sudo bash -s -- -P chef -v 18.0.169
# In Windows Powershell
. { iwr -useb https://omnitruck.chef.io/install.ps1 } | iex