Ohai Chefs!
We’re excited to announce the release Chef Server 12.15. Full release
notes [1] and changelog [2] are available as usual. The package is now
available for download from the Chef Downloads page [3].
Release Highlights
Server Enforced recipes
Add required_recipe endpoint as described in Chef RFC 89 [4]
This adds the ability to serve a required recipe file to chef-clients.
ACLs and groups
The server-admins group is useful, but it breaks roundtripping when it
appears in an organizations ACLs and groups. This was particularly
painful when using the API for backups.
We add a new syntax for referring to global objects from org local
context. ORGNAME::name and for global objects ::name. This can, and is
omitted whereever the context is clear. So if the server-admins
appears in an organizations ACL, you will see the name ::server-admins
to disambiguate it.
User customization of LDAP field mapping
Attributes from a user’s LDAP record are used during account-linking
to populate the erchef user record when it is created. Previously, the
mapping between LDAP attributes and chef user attributes were
fixed. Now, they are configurable.
For example, if the user’s LDAP record stores their email address in a
field named ‘address’ instead of ‘mail’, then you could set the
following in private-chef.rb:
ldap[‘email_attribute’] = “address”
Upgrade Notes
Follow the normal upgrade instructions for your Chef server topology.
[1] https://github.com/chef/chef-server/blob/12.15.0/RELEASE_NOTES.md
[2] https://github.com/chef/chef-server/blob/12.15.0/CHANGELOG.md
[3] https://downloads.chef.io/chef-server/stable/12.15.0
[4] https://github.com/chef/chef-rfc/blob/master/rfc089-server-enforced-recipe.md