We have a HUGE new ChefDK release for you all today. There's something in it for everyone with new component across the board.
Chef Infra Client 15.1
Chef Infra Client has been updated to 15.1 with new and improved resources, improvements to target mode, bootstrap bug fixes, new Ohai detection on VirtualBox hosts, and more. See the Chef Infra Client 15.1 Release Notes for a complete list of new and improved functionality.
Chef InSpec 4.6.9
Chef InSpec has been updated from 4.3.2 to 4.6.9 with the following changes:
Attributeshave now been renamed to
Inputsto avoid confusion with Chef Infra attributes.
- A new InSpec plugin type of
Inputhas been added for defining new input types. See the InSpec Plugins documentation for more information on writing these plugins.
- InSpec no longer prints errors to the stdout when passing
- When fetching profiles from GitHub, the URL can now include periods.
- The performance of InSpec startup has been improved.
Cookstyle has been updated to 5.0.0 with a large number of bugfixes and major improvements that lay the groundwork for future autocorrecting of cookobook style and deprecation warnings.
The RuboCop engine that powers Cookstyle has been updated from 0.62 to 0.72, which includes several hundred bugfixes to the codebase. When using Cookstyle 5.0, you may experience existing cookbooks now failing, due to some of these bugfixes. Additionally, some cops have had their names changed and the Rubocop Performance cops have been removed. If you disabled individual cops in your .rubocop.yml file, this may require you update your confg.
This new release also merges in code from the
rubocop-chef project, providing new alerting and autocorrecting capabilities specific to Chef Infra Cookbooks. Thank you @coderanger for your work in the rubocop-chef project and @chrishenry for helping with new cops.
Foodcritic has been updated from 16.0.0 to 16.1.1 with new rules and support for the latest Chef:
- Updated Chef Infra Client metadata for 15.1 to include the new
chocolatey_featureresources, as well as new properties in the
- Added new rule to detect large files shipped in a cookbook:
FC123: Content of a cookbook file is larger than 1MB. Thanks @mattray
- Allowed configuring the size of the AST cache with a new
--ast-cache-sizecommand line option. Thanks @Babar
ChefSpec has been updated to 7.4 with better support stubbing commands, and a new
policyfile_path configuration option for specifying the path to the PolicyFile.
kitchen-dokken has been updated to 2.7.0 with new options for controlling how containers are setup and pulled. You can now disable user namespace mode when running privileged containers with a new
userns_host config option. There is also a new option
pull_chef_image (true/false) to control force-pulling the chef image on each run to check for newer images. This option now defaults to
true so that testing on latest and current always actually mean latest and current. See the kitchen-digitalocean readme for
kitchen.yml config examples.
kitchen-digitalocean has been updated to 0.10.4 with support for new distros and additional configuration options for instance setup. You can now control the default DigitalOcean region systems that are spun up by using a new
DIGITALOCEAN_REGION env var. You can still modify the region in the driver section of your
kitchen.yml file if you'd like, and the default region of
nyc1 has not changed. This release also adds slug support for
ubuntu-19. Finally, if you'd like to monitor your test instances, the new
monitoring configuration option in the
kitchen.yml driver section allows enabling DigitalOcean's instance monitoring. See the kitchen-dokken readme for
kitchen.yml config examples.
knife-vsphere has been updated to 3.0. This new version adds support for specifying the
bootstrap_template when creating new VMs. This release also improves how the plugin finds VM hosts, in order to support hosts in nested directories.
knife-ec2 has received a near-complete rewrite with this release of ChefDK. The new knife-ec2 release switches the underlying library used to communicate with AWS from
fog-aws to Amazon's own
aws-sdk. The official AWS SDK has greatly improved support for the many AWS authentication methods available to users. It also has support for all of the latest AWS regions and instance types. As part of this switch to the new SDK we did have to remove the
knife ec2 flavor list command as this used hard coded values from fog-aws and not AWS API calls. The good news is we were able to add several new commands to the plugin, which make provisioning systems in AWS even easier:
knife ec2 vpc list
This command lists all VPCs in your environment including the ID which you need when provisioning new systems into a specific VPC.
$ knife ec2 vpc list ID State CIDR Block Instance Tenancy DHCP Options ID Default VPC? vpc-b1bc8d9d available 10.0.0.0/16 default dopt-1d78412a No vpc-daafd931 available 18.104.22.168/16 default dopt-1d78412a Yes
knife ec2 eni list
This command lists all ENIs in your environment including the ID which you need when adding the ENI to a newly provisioned instance.
$ knife ec2 eni list ID Status AZ Public IP Private IPs IPv6 IPs Subnet ID VPC ID eni-0123f25ae7805b651 in-use us-west-2a 22.214.171.124 10.0.0.204 subnet-4ef3b123 vpc-b1bc8d9d eni-2451c913 in-use us-west-2a 126.96.36.199 10.0.0.245 subnet-4ef3b123 vpc-b1bc8d9d
knife ec2 securitygroup list
This command lists all security groups in your environment including the ID which you need when assigning a newly provisioned instance a group.
$knife ec2 securitygroup list ID Name VPC ID sg-12332d875a4a123d6 not-today-hackers vpc-dbbf59a2 sg-123708ab12388cac5 open-to-the-world vpc-dbbf59a2
knife ec2 subnet list
This command lists all subnets in your environment including the ID which you need when placing a newly provisioned instance in a subnet.
$ knife ec2 subnet list ID State CIDR Block AZ Available IPs AZ Default? Maps Public IP? VPC ID subnet-bd2333a9 available 172.31.0.0/20 us-west-2b 4091 Yes Yes vpc-b1bc8d9d subnet-ba1135c9 available 172.31.16.0/20 us-west-2a 4091 Yes Yes vpc-b1bc8d9d
End of Ubuntu 14.04 support
Ubuntu 14.04 entered the end-of-life phase April 30, 2019. Since this version of Ubuntu is now end-of-life, we have stopped building packages for Ubuntu 14.04. If you rely on Ubuntu 14.04 in your environment, we highly recommend upgrading your host to Ubuntu 16.04 or 18.04.
- CVE-2019-5435: Integer overflows in curl_url_set
- CVE-2019-5436: tftp: use the current blksize for recvfrom()
- CVE-2018-16890: NTLM type-2 out-of-bounds buffer read
- CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow
- CVE-2019-3823: SMTP end-of-response out-of-bounds read
- CVE-2019-5443: Windows OpenSSL engine code injection
cacerts 5-11-2019 release
cacertbundle has been updated to the 5-11-2019 bundle, which adds four additional CAs.