We are delighted to announce the availability of version 20.6.62 of Chef Workstation.
Major Version Change
Starting with this release, Chef Workstation is switching to a date-based versioning scheme. The major number represents the year, the minor number represents the month, and the patch number represents the build number. For example, 20.6.111 would refer to the June 2020 release at build number 111.
We decided to switch to a date-based version because Chef Workstation is a collection of tools meant to be used by humans and not machines. Dates are easier to relate and reference, whereas SemVer makes it easier to convey API changes and backward-incompatible changes.
The Chef Workstation team introduced feature flags as a way of introducing new functionality or breaking changes alongside bundled tool updates. The Chef Workstation team will document feature flags in the release notes and Chef Workstation App tool.
This change gives us the ability to change human-centric tools more rapidly than strict adherence to SemVer allowed us to. We will not break major tool flows (except in the scope of a feature flag), but rather we want users to always stay up-to-date on the latest release and consume iterative updates to their tooling.
Breaking Changes
chef-sugar removal
With the introduction of chef-utils in Chef Infra Client 15, we now ship nearly 100 of the most important helpers from chef-sugar directly in Chef Infra Client. Including these helpers is the right thing to do for users and makes them easier to maintain. Now that this functionality is included, users no longer need to install the chef-sugar gem or use the chef-sugar cookbook, so we removed them from Chef Workstation.
Security Updates
OpenSSL
OpenSSL was updated from 1.0.2u to 1.0.2v with the following message:
*) Implemented coordinate blinding for the generic implementations of both
binary and prime elliptic curves to avoid leaking bits of the scalar and,
potentially, bug attacks. A group of security researchers and
cryptographers from academia and industry, listed below, reported a
successful cache timing attack in OpenSSL 1.0.2u against specific prime and
binary curves whose order or field length is close to a word boundary. They
also provided the fix. This attack does not fit the OpenSSL threat model
and so no CVE is assigned, but a fix is implemented nonetheless.
[Diego F. Aranha, Akira Takahashi, Mehdi Tibouchi, Yuval Yarom]
Rake
Rake was updated from 12.3.2 to 13.0.1 to resolve CVE-2020-8130.
Upgrade Lab
Chef Upgrade Lab is a new process guide for upgrading nodes from legacy Chef Infra Client 12 to current Chef Infra Client 16 using a powerful set of new tools.
Upgrade Lab Guide
The Upgrade Lab Guide teaches users how to leverage the new tools in Chef Workstation to upgrade their older Chef Infra installations to the latest version. Users will learn how to query their existing infrastructure to identify a single node to upgrade, capture the state of that node to a local development workstation, iterate locally on cookbook changes to support the latest version of Chef Infra Client, deploy the updated cookbook to a new Chef Infra Server instance, and finally upgrade the installed version of Chef Infra Client on the node.
The new report command
Use the new chef report command to analyze a Chef Infra Server and quickly get insight into which nodes and cookbooks are best suited for upgrading. The chef report nodes command lists all nodes on the server and describes which cookbooks are used by each node. The chef report cookbooks command lists cookbooks and the nodes that consume them, and can even analyse the cookbooks using cookstyle to look for potential upgrade issues in the recipes!
The new capture command
chef capture is a powerful interactive CLI experience that analyzes a single node on the Chef Infra Server, then helps you locate the cookbooks it consumes, downloads the node data, and even creates a local Test Kitchen configuration. This enables you to start upgrading your cookbooks while running Chef Infra Client in a local virtual machine for rapid development.
VSCode Integration
As you iterate on your cookbooks, you can make your changes directly in Visual Studio Code assisted by the Chef Infra Extension. It provides code completion and integration with cookstyle, including auto-correction of recipe code issues.
Updated Components
Chef Infra Client 16
Chef Infra Client has been updated to Chef 16. This release adds tons of new features and improvements, including these highlights:
- Cookbook authors can now write simple recipes in YAML.
- New resources for setting the client to run on an interval using native system schedulers.
- New
windows_security_policyandwindows_user_privlidgeresources. - Resource partials allow you to define reusable portions of code that can be included in multiple custom resources.
- Built-in support for Chef Vault, so no need to depend on the
chef-vaultcookbook or gem. - Improved performance on Windows systems.
See the Chef Infra Client 16 Release Notes for details on all the great new features and improvements, as well as breaking changes.
Chef executables
chef-run and chef have been updated to add support for YAML-based recipes introduced in Chef Infra Client 16. Users can specify a YAML recipe in the same way that they would normally specify a ruby recipe (chef run target chef_repo/recipes/my_recipe.yml, chef install, etc.).
chef generate cookbook has also been updated to use the latest CentOS and Ubuntu releases in Test Kitchen and ChefSpec configuration files.
Cookstyle 6.7
Cookstyle has been updated from 6.3.4 to 6.7.3. This new release includes 8 new Chef Infra cookbook cops as well as an updated RuboCop engine, which includes a large number of autocorrection improvements and bug fixes. It also enables a ChefModernize/FoodcriticComments, encouraging users to migrate off Foodcritic and includes improved Chef Infra Client version documentation for each cop.
Chef InSpec
Chef InSpec has been updated from 4.18.111 to 4.19.0. This new release allows you to develop your own Chef InSpec Reporter plugin and determine how Chef InSpec will report result data. Additionally, the inspec archive command packs your profile into a tar.gz file that includes the profile in JSON form as the inspec.json file. Use this JSON file to programmatically examine the profile without needing to load it into Chef InSpec.
Kitchen Hyper-V
The Kitchen Hyper-V driver has updated from 0.5.3 to 0.5.4, which resolves failures from getting the default VM Switch if there were spaces in the name. Thanks @kdoores for this improvement.
Kitchen DigitalOcean
The Kitchen DigitalOcean driver has updated from 0.10.6 to 0.11.0. This release adds slugs for Ubuntu 20.04 / RHEL 8 / Fedora 31 support, and adds support for VPCs. Thanks @zmaupin, @tolland, and @gregf for these improvements.
Ruby 2.7
Chef Workstation's Ruby installation has been updated from Ruby 2.6 to Ruby 2.7.1, which includes many features available for use in resources and libraries.
See What’s new in Ruby 2.7?. An overview of Ruby 2.7’s newest… | by Guy Maliar | Ruby Inside | Medium for details on many of the new features.
Windows 10
Our Windows 10 Chef Workstation packages now receive an additional layer of testing to ensure that they function as expected.
Updates to Homebrew Cask
We moved Chef Workstation out of our custom tap and into the core Homebrew casks. If you use Homebrew to keep your Chef Workstation version updated, you will need to run the following:
brew update
brew cask reinstall chef-workstation
The reinstall command removes chef-workstation if it was installed from our custom tap (previously installed with brew cask install chef/chef/chef-workstation), and installs it from the list of core Homebrew casks.
Get the Build
If you are running the Chef Workstation toolbar application you can download this version from the menu after the app next update check. You can also download binaries directly from downloads.chef.io.
As always, we welcome your feedback and invite you to contact us directly or share your email. Thanks for using Chef Workstation!