Chef Server 13.0.17 is out and available on the downloads site.
Note: We released 13.0.16 earlier today, but there was a minor error in the habitat package release process and they weren't promoted alongside the omnibus package. This patch release will ensure both habitat packages and chef-server omnibus stable packages have the same version number.
General changes:
Chef Server is now Chef Infra Server
Chef Server has a new name, but don't worry, it's the same Chef Server you've grown used to. You'll notice new branding throughout the application and documentation but the command chef-server-ctl remains the same.
Chef EULA:
Chef Infra Server requires an EULA to be accepted by users before it can be installed. Users can accept the EULA in a variety of ways:
chef-server-ctl reconfigure --chef-license accept
chef-server-ctl reconfigure --chef-license accept-no-persist
CHEF_LICENSE="accept" chef-server-ctl reconfigure
CHEF_LICENSE="accept-no-persist" chef-server-ctl reconfigure
Finally, if users run chef-server-ctl reconfigure without any of these options, they will receive an interactive prompt asking for license acceptance. If the license is accepted, a marker file will be written to the filesystem unless accept-no-persist is specified. Once this marker file is persisted, users no longer need to set any of these flags.
See our Frequently Asked Questions document for more information on the EULA and license acceptance.
Deprecation notices:
- Deprecated PowerPC and s390x platforms
- Deprecated Keepalived/DRBD-based HA
- Deprecated Ubuntu 14.04 support (Ubuntu 14 was EoL'd at the end of April 2019)
Updates and Improvements:
- Updated OpenResty to 1.13.6.2. This fixes two CVEs: CVE-2018-9230 and CVE-2017-7529. This version cannot be built on PowerPC and s390x because those platforms are not supported in mainline luajit.
- Updated Ruby version to 2.5.5
- Updated Chef Infra Client to 14.11.21
- Updated runit cookbook to 5.1.1
- Added some Habitat packaging improvements with parameterized search_server.
- Erchef request size increased from 1,000,000 to 2,000,000 bytes to better support inspec scanning
via the audit cookbook. - Nginx error logs no longer log 404s. In the Chef API, 404s are typically not errors as they are often the expected response about an object that doesn't exist. The logs will continue to show 404s in the request logs.
- Profiles and data-collector upstreams now render correctly if their root_url is configured. If the data_collector token secret is not set, a 401 response code and an error message will be seen instead of 404.