Meeting notes for Aug 27th, 2020

Community Meetings
1

Below are the meeting notes for the August 27th Community Meeting, a text-based meeting held weekly in #community-meetings on our community slack, which you can join: https://community-slack.chef.io/

DevRel/Community

tas50 shared

First up if you're new this week scroll up to last week and take the quick survey .

And second I wanted to remind people that Hacktoberfest is coming up: https://hacktoberfest.digitalocean.com

Various Chef teams will be participating in Hacktoberfest this year so be sure to sign up there for updates from the Hacktoberfest team. It's a great way to get some new swag while making OSS fixes. There's various levels of entry into the various Chef projects from docs to inspec/chef resources and we have OSS code in Typescript, Go, Ruby, Erlang, and Rust. We'll be giving more updates on our tagging of issues we think are perfect for first time contributors as we get closer to October.

This week’s releases

Chef Automate

tas50 shared

The Automate team shipped Automate 20200816214709 which updates the embedded Chef Infra Server to 14.0.22 to resolve sporadic 500 errors some users were seeing. https://discourse.chef.io/t/automate-2-version-20200816214709-released/17589

Chef Habitat

tas50 shared

The Habitat team released Habitat 1.6.139 which includes commands for interacting with the new RBAC functionality in Builder, a new hab sup restart command for restarting just the sup, and the deprecation of several older hab commands. https://discourse.chef.io/t/chef-habitat-1-6-139-released/17591

Chef Inspec

tas50 shared

Just this morning the InSpec folks released 4.22.22, which is not only a great version number, but also has some fancy new updates. This includes new resources for testing Windows Firewall policy/rules, a new junit2 formatter for those that love XML. This release also includes some nice under the hood tweaks like macOS Big Sur testers, Ruby 2.6.6, and a reduced number of dependencies for smaller packages https://discourse.chef.io/t/chef-inspec-4-22-22-released/17595

Other releases

tas50 shared

The chef_client_updater cookbook 3.11.1 was shipped with a fix for license acceptance when updating from legacy releases to Chef Infra Client >= 15.0

The chef-client cookbook shipped with several backported resource updates from Chef Infra Client's codebase including the ability to set the nice level in the chef_client_cron cookbook https://supermarket.chef.io/cookbooks/chef-client#changelog

chef-server cookbook 5.6.0 shipped with the ability to pass options into the chef-ingredient resource: https://supermarket.chef.io/cookbooks/chef-server#changelog

jaymzh shared

I've contributed Windows Target support to Taste Tester ( https://github.com/facebook/taste-tester/ ), Facebook's Chef Testing solution. It can now fully handle testing, untesting, and tunnelling on remote Windows nodes. It does require SSH be running and the default shell be Powershell, but that's how you run your systems anyway, right? :slight_smile: Version 0.0.19 has this new feature, simply use -w to tell Taste-Tester to use powershell on the other end instead of shell.

Updates

Chef Automate

Alex Pop shared

Greetings from the Automate team!

  • We merged a lot of documentation improvements this past week.

  • Enabled proto linting for more API endpoint.

  • Added a new endpoint that allows CSV and JSON download of the event-feed events.

  • Added the chef org and chef server URL to the event feed API.

  • Continued with the compliance reporting improvements for the last 24h

  • The compliance profiles that ship with Automate have been updated

Chef Habitat

sdmacfarlane shared

Greetings from the Habitat team! Short update this week:

  • Overhaul and refactoring of keys
  • Starting implementation work on new job scheduler
  • Adding project settings deletion capability
  • Unpacking lots of good information from RustConf last week

Chef Infra Client

tas50 shared

Here's Chef Infra Client:

  • Updates to the platforms we build Infra Client on: s390x is back and we've added testers for macOS 11.0 (Big Sur)
  • Investigating the use of autoload in ruby speed up our app startup time. The current work has shaved about 30% off the startup time on Windows
  • Ohai is now using chef-utils for finding binaries and shelling out. This gives us a consistent codebase for shelling out and resolves issues finding binaries as well as shelling out on non-English systems
  • Ohai is also moving forward with target mode support so you can use Ohai plugins remotely to gather system information
  • Added a new chef_client_launchd resource with some really nice improvements over the old chef-client::launchd recipe
  • Added the ability to set the nice level for the chef-client process in chef_client_cron
  • Improved the knife config commands with new shorter command names and improved table output on small screens

Chef Inspec

schwad shared

Hello from the InSpec team! We have a new release! Today we officially dropped 4.22.22 (so many 2's!)

Here’s what’s new in this release:

  • We have new windows_firewall and windows_firewall_rule resources!
  • The new junit2 reporter is now available! The junit2 reporter shows the standard JUnit specification in XML format, and is recommended for all new users of JUnit
  • We added a test in preparation for the macOS Big Sur (11.0) beta release
  • We converted the legacy junit reporter into a plugin. Nothing changed about using the junit reporter, but it’s a great example of a plugin if you want to build your own!
  • There’s more more robust Darwin operating system detection
  • There were removed unused dependencies and the inspec gem no longer ships with the readme file- so InSpec is lighter!
  • Omnibus builds now use Ruby 2.6.6 for improved security
  • The mysql_session resource works again with stdout , stderr , and exit_status parameters

Backward Incompatibilities

  • We no longer build packages for Debian 8 as it is considered end-of-life

Much of this work came in during the InSpec “quiet period” - we’re so grateful to folks who contribute to make InSpec better and wanted to do an especial shout-out this week to the one and only @tas50 who worked hard on many of the PRs released this week.

Also a massive thanks to @cwolfe who stepped up and helped out in a massive way while I was gone for much of the last two weeks. You’re awesome!

If you want to peek at InSpec internals or have a crack at OSS we have added more issues with the Good first issue label check it out!

https://github.com/inspec/inspec/issues?q=is%3Aissue+is%3Aopen+label%3A%22Good+first+issue%22

As always be sure to join the 1700+-strong community at the #inspec channel to keep up with the conversation!

Chef Workstation

tball shared

Howdy! This week the Chef Workstation team enabled FIPS builds for the Workstation package. This will work the same as it does for Chef Infra or ChefDK - if you have FIPS enabled in a RHEL/Centos or Windows kernel, the Ruby components of Chef Workstation will run in FIPS mode. The non-Ruby components (Chef Workstation App, the Upgrade Lab) do not currently support FIPS. These packages are available in the current channel and will be released to stable next week. Non-FIPS users should not see any difference. Otherwise we have been heads down fixing bugs, merging PRs, and working on our next feature.

Sous Chefs

ramereth shared

It's been a busy week of releases!

aptly has been released at 2.2.0:

  • Changed the node['aptly']['gpg']['key-tpye'] attribute to node['aptly']['gpg']['key-type'] . WARNING : This change may break existing cookbooks! Please adjust as needed.

percona has been released at 1.1.0:

  • Add devel package attribute to client recipe

ruby_rbenv has been released at 2.5.1:

  • Add placeholder for spec directory to tests run properly
  • Fix InSpec tests
  • Fix Ubuntu 18.04 dependency: libssl-dev

java has been released at 8.3.2:

  • Add aarch64 installation candidate for Corretto

nginx has been released at 10.2.0:

  • Add centos 8 support to cookbook
  • Disable nginx dnf module when installing from repo
  • Added 'provides' to the resources

nginx has been released at 10.3.0:

  • added override_package_name to nginx_install to allow overriding the name of the package requesting to be installed. (thanks @majormoses )

postgresql 8.0.0 has been released:

  • Bumped default version of postgresql to 12
  • Added support for dnf by disabling the postgresql module on repo configuration
  • Add support for the pgdg-common repository
  • Add provides to resources
  • Add tests for currently supported postgresql releases
  • remove need to surround extension names with "" if they contain a '-'
  • resolved cookstyle error: libraries/helpers.rb:43:7 convention: Style/RedundantAssignment
  • resolved cookstyle error: libraries/helpers.rb:46:1 convention: Layout/EmptyLinesAroundMethodBody
  • resolved cookstyle error: libraries/helpers.rb:46:1 convention: Layout/TrailingWhitespace

gpg 1.2.0 has been released:

  • Comment out enforce_idempotency in kitchen.dokken.yml so tests work
  • Update/Remove the platforms we test against
  • Fix support for pinentry_mode on Ubuntu 16.04

aptly 2.3.0 has been released:

  • Ability to edit existing mirror configuration
  • Added missing properties to aptly_mirror resource
  • Changed aptly_mirror resource's property architectures to use node['aptly']['architectures'] rather than an empty list which was needed for idempotent mirror edits

In progress PRs:

  • consul: Only set name if the parameters are not an array
  • mariadb: Fix password issue
  • grafana: Feature/support https and url_path_prefix
  • ruby_rbenv: Namespace the run_state variable

Cinc Updates

ramereth shared

Cinc Client:

Cinc Auditor:

  • 4.22.22 is currently being built and will be released later today (hopefully)

Cinc Workstation:

  • 20.8.125 is having build problems on MacOS and it's release has been delayed
  • We hope to get this resolved soon and a release out as it's also affecting the new auditor build

Cinc Server:

See you Thursday!

2

This topic was automatically closed after 3 days. New replies are no longer allowed.