Chef Infra Server 14.11.15 Released!

Hello Folks!

We are delighted to announce the availability of version 14.11.15 of Chef Infra Server.

This release includes:

Bug Fixes

  • Resolved log rotation failures introduced in Chef Infra Server 14.10.

Improvements

chef-server-ctl MTLS Support

We improved the chef-server-ctl command to support communication with the underlying Chef Infra Server API when MTLS is enabled.

Limiting Maximum Requests to the opscode-authz Service

You can now limit the maximum number of requests per connection in the opscode-authz service with the new chef-server.rb attribute oc_chef_authz['max_connection_request_limit']. This value defaults to 100.

ibrowse Logging in the opscode_erchef Service

You can now enable ibrowse logging in the opscode_erchef service with the with the new chef-server.rb attribute opscode_erchef['enable_ibrowse_traces']. This value defaults to false.

Performance

cookbook_versions API caching

You can now enable optional caching in the cookbook_versions API endpoint used during each non-Policyfile Chef Infra Client check-in to assemble the cookbooks to be run by the node. Enabling this new caching can greatly improve the performance of Chef Infra Servers with a large number of nodes performing frequent check-ins. In artificial benchmarking we have observed up to a 10x reduction in system load when enabling this caching. As always, we highly recommend Policyfiles for users running a large number of Chef Infra Client nodes on their server, as this entirely removes the need to depsolve on the Chef Infra Server.

To enable this new caching layer, set opscode_erchef['cbv_cache_enabled'] = true in your chef-server.rb config file and run chef-server-ctl reconfigure.

chef-server-ctl reconfigure

We improved the chef-server-ctl reconfigure command to execute faster by skipping unnecessary upgrade steps.

Security

Ruby 2.7.5

Ruby has been updated from 2.7.4 to 2.7.5 to resolve the following CVEs:

  • CVE-2021-41817
  • CVE-2021-41816
  • CVE-2021-41819

You can find the release here.