Chef Workstation 21.5.420 Released!

We are delighted to announce the availability of version 21.5.420 of Chef Workstation.

Breaking Changes

Chef CLI

The chef shell-init CLI command checks for the Chef Workstation PATH variable before adding it, ensuring that it appears only once in your PATH.

We removed two legacy Chef Workflow (Delivery) commands in the chef-cli (Chef Workflow reached end-of-life status in December 2020):

  • chef generate cookbook --workflow now warns that the --workflow flag is no longer supported and generates a Chef cookbook—without the Chef Workflow build-cookbook.
  • chef generate build-cookbook now alerts that build-cookbook generation is no longer supported and exits with an error.

Knife Changes

Renamed knife opc org commands

We've rewritten our knife-opc plugin and merged it into the main knife codebase. As part of this rewrite, the knife opc org commands have been renamed to knife org, and several of the user commands have merged into the existing knife user commands.

Renamed Commands
  • knife opc org create -> knife org create
  • knife opc org delete -> knife org delete
  • knife opc org edit -> knife org edit
  • knife opc org list -> knife org list
  • knife opc org show -> knife org show
  • knife opc org user add -> knife org user add
  • knife opc org user remove -> knife org user remove
User Commands Now in Knife User
  • knife opc user create -> knife user create
  • knife opc user delete -> knife user delete
  • knife opc user edit -> knife user edit
  • knife opc user list -> knife user list
  • knife opc user password -> knife user password
  • knife opc user show -> knife user show

Simplified knife user create syntax

The knife user create command previously required passing the user's display name, first name, last name, e-mail, and password in order as arguments. Only the e-mail and password values are actually required by Chef Infra Server, so we've simplified the syntax to allow passing just the required values. New flags have been introduced for each of the values and only the --email and --password flags are now required. The existing positional argument syntax will continue to work with a warning message, but will be removed in a future release.

Fauxhai updated to 9.0

The Fauxhai engine mocks Ohai data in ChefSpec tests. The 9.0 release removes all the deprecated Fauxhai definitions—the ones that warned you of their impending deprecation every time you used them this past year.

The Fauxhai community team removed platforms that:

  • have reached end-of-life status and are no longer supported.
  • have newer minor release versions available in Fauxhai.

The best practice for referencing platforms in ChefSpec tests is to use a platform's major version or no version at all, which lets Fauxhai automatically pick the latest version. This practice ensures that your specs will continue to run, even as new platforms are released and older ones are removed.

To automatically migrate ChefSpec tests to use newer platforms, use the Chef/Deprecations/DeprecatedChefSpecPlatform Cookstyle cop. This cop will autocorrect many specs. Run it with:

cookstyle -a --only Chef/Deprecations/DeprecatedChefSpecPlatform

Fauxhai Platforms Removed

  • AIX 6.1
  • Amazon Linux 2015.03
  • Amazon Linux 2015.09
  • Amazon Linux 2016.03
  • Amazon Linux 2016.09
  • Amazon Linux 2017.03
  • Amazon Linux 2017.09
  • CentOS 5.11
  • CentOS 6.9
  • CentOS 7.5.1804
  • CentOS 7.6.1810
  • Debian 8.11
  • Debian 9.8
  • Debian 9.9
  • Fedora 29
  • Fedora 30
  • FreeBSD 11.1
  • Linux Mint 18.3
  • macOS 10.13
  • OpenSUSE 15.0
  • OpenSUSE 15.1
  • Oracle Linux 5.11
  • Oracle Linux 6.9
  • Red Hat Linux 5.11
  • Red Hat Linux 6.9
  • Red Hat Linux 7.4
  • Red Hat Linux 7.5
  • Red Hat Linux 7.6
  • Suse Enterprise Linux 12.3
  • Ubuntu 14.04
  • Windows 20008 R2


Chef Infra Client 17

Chef Workstation now includes Chef Infra Client 17 with the new Compliance Phase and many other improvements. For a complete list of what's new, see the Chef Infra Client 17.0 Release Notes and our Chef Infra Client 17 Launch Webinar.

Chef InSpec

Chef InSpec has been updated from 4.29.3 to 4.36.4 with the following improvements and bug fixes:

New Features

  • Added the SELinux resource, which includes support for modules and booleans.
  • Added the pattern input option for DSL and metadata inputs.
  • Added the members_array property for group & groups resources.
  • Train now reads the username and port from the .ssh/config file and will use these values if present.
  • Added the new --reporter-include-source CLI option, which includes the source code of the controls in the output of the CLI reporter.
  • Added ability to pass inputs to InSpec shell using input file and cli.
  • Commands can now be set to timeout using the command resource or the --command timeout option in the CLI. Commands timeout by default after one hour.
  • Added the --docker-url CLI option, which can be used to specify the URI to connect to the Docker Engine.
  • Added support for targeting Linux and Windows containers running on Docker for Windows.

Bug Fixes

  • Fix SSH Timeout PTY allocation. We fixed a bug that caused occasional failures in some command resources that use SSH transport and were mistakenly allocated a pseudoterminal (PTY) when setting a timeout. In some cases, the PTY changed how the resource was interpreted. This fix only uses PTY when explicitly requested.
  • Fixed the group resource when a member does not exist.
  • Hash inputs will now be loaded consistently and accessed as strings or symbols.

Test Kitchen

Digital Ocean Driver Update

The kitchen-digitalocean driver update removes support for legacy platform values that no longer exist on Digital Ocean: CoreOS, Ubuntu17, CentOS6 and it adds support for RancherOS. The Test Kitchen docs have a new Digital Ocean getting started guide.

Amazon AWS Driver Update

The Amazon AWS kitchen-ec2 driver update adds support for GP3 EBS volume types on instances and proper cleanup of EBS volumes on termination on RHEL-based platforms. Thanks for the GP3 fix @bdwyertech!

Cookstyle updated to 7.10.1

This update improves offense detection and autocorrelation in Ruby code.

Platform Support

Ubuntu 16.04 packages will no longer be produced for Chef Workstation as Ubuntu 16.04 became EOL at the end of April 2021.

Security Updates

Ruby updated to 2.7.3

This Ruby version provides a large number of bug fixes and resolves the following CVEs:

git updated to 2.31.1

This update to the embedded git client in Chef Workstation resolves CVE-2021-21300

Get the Build

If you are running the Chef Workstation toolbar application you can download this version from the menu after the app next update check. You can also download binaries directly from

As always, we welcome your feedback and invite you to contact us directly or share your email. Thanks for using Chef Workstation!