This week’s releases
The Automate team released Automate 20201127104018 with some great improvements for the 24 hour view especially if you're west of PST. https://discourse.chef.io/t/automate-2-version-20201127104018-released/18003
Habitat shipped 1.6.175 and 1.6.181. This resolve a regression that prevented non-root containers, improved TLS support, added a new
HAB_FALLBACK_CHANNEL config in plans, and included several dozen PRs to improve documentation and docs auatomation. https://discourse.chef.io/t/habitat-1-6-175-1-6-181-released/17895
The InSpec team shipped InSpec 4.24. This adds ed25519 SSH key support in the omnibus package, updated Ruby from 2.6 -> 2.7, removes some unused dependencies, and allows specifying more than one platform in your profiles. https://discourse.chef.io/t/chef-inspec-4-24-8-released/18010
The MITRE team will be pushing some PRs to improve the postgres_session resource to make it actually work on windows platform runners
Chef Infra Server
- While testing for the rails update to 6 we have hit some blockers in a Chef server upgrade scenario, so we will be investigating that.
- We did some refactor for the aws_sig_v4 changes in bookshelf to fit into our current code structure and fixed some unit tests in that process.
We are currently working on getting the change for aws sig_v4 in Automate.
That is all for us!
Chef Infra Client
Merged a fix for hostname resource on macOS when the OS has no hostname
- Solaris builds have returned
- Unit tests on Windows are now 6-15 minutes faster with the removal of systemd unit tests on Windows
- DNF/YUM work is nearly complete. This may ship in 16.8 or a bugfix release shortly after
- Once 16.8 goes out we're going to fork master to the chef-16 branch and start prepping Chef Infra Client 17
Hello InSpec friends!
Our big news of the week is a hot-off-the-presses InSpec release! I dropped this just a few hours ago. There’s a bunch of updates so be sure to check the full run-down here: https://discourse.chef.io/t/chef-inspec-4-24-8-released/18010
- Ruby 2.4 is no longer supported
- A dependency issue that was causing Ruby 2.5 to break has been fixed!
- On the JSON reporter, you now can access the resource_class (or name) of the resource used in the result as well as the params that were passed to that resource. This will give you a lot more backend information and also will help support projects like Automate in reporting by cloud resources.
- Ruby builds bumped to latest Ruby 2.7 (Until Christmas of course when Ruby 3 drops! )
- You can specify more than one platform in profiles with a supported wildcard
- As always, miscellaneous but helpful bugfixes
We’ve continued to have great community interaction and growth with this project, and it really means a lot.Finally - I’m working on a super-secret PR to really boost our performance and speed on InSpec runs that heavily rely on waiver files. I’m looking to test this against real-world setups- if you have examples that I can use please drop a note here or a DM: https://chefcommunity.slack.com/archives/C1XB6U6MN/p1607524180332500
That’s it for now, have a great weekend folks until next time!
It's been a quiet week in Workstation as we continue onboarding new team members and trying to get our backlog in a semblance of order. (Clarification: just bringing old issues up to date, we found a bunch that fell through the cracks.)
Hello from Sous Chefs! Here's the list of new releases in the past week:
- docker 7.4.0 - Support local option for the log_driver properties of docker_service and docker_container resources
- etcd 6.2.0 - Update permissions to 0700 on data_dir
- etcd 6.3.0 - Add configuration flag listen-metrics-urls
- fail2ban 6.3.1 - Fixes jail resource to support priority property in delete action
- java 8.5.0 - Fix installation issues with openjdk_install resource
- line 2.9.2 - Cookstyle fixes
- line 2.9.3 - Add a type to the EOL property of the filter_lines resource
- nginx 11.1.0 - Add repo_train property to nginx_install to select stable/mainline when installing from the nginx repo, and packages_versions property to nginx_install to specify specific package versions.
- nginx 11.1.1 - Fix site containing directory creation when nginx_config is not used
- postgresql 8.1.0 - Fix potential password exposure in logs
- rsyslog 7.6.0 - Bring default configuration for SmartOS inline with current distribution from pkgsrc
- rsyslog 8.0.0 - Variety of fixes related to imfile and rsyslog_file_input
I've also been working on improving the openldap cookbook along with finishing up cleaning up the jenkins cookbook in the past week. I on-boarded @nuclearsandwich earlier this week on the status of that Jenkins PR.
Here's a https://github.com/pulls?q=is%3Aopen+is%3Apr+org%3Asous-chefs+archived%3Afalse+sort%3Aupdated-desc currently open pull requests that have been recently updated that need some reviews.
Hello from the Cinc Project!
- 4.24.8 is currently building and will be released later today
- Created MacOS Big Sur (11.0) VM to assist with builds. Still needs to be finished being setup but I hope to finish that in the next week or so.
- The OSUOSL ordered a beefier x86 MacMini along with an M1 MacMini which Cinc will be able to use for builds moving forward.
Note: Those MacMini's will be available for other FOSS projects to use as well as an alternative to MacStadium. Cinc will be the first users of these!
As a team of volunteers, we're still very busy with our actual jobs however we're still trying to find time to make progress on the following items:
- Windows Cinc Workstation build
- MacOS BigSur (11.0) builds for Client, Auditor and Workstation
- Additional stabilization of Cinc Server and Cinc Workstation
yum-centos 5.0.0 was released which removed support for EL6 and updated vault versions
I have an open PR for yum-epel which also removes testing/support for EL6 and older Amazon Linux. Also adds modular and playground repos for EL8 (disabled by default) https://github.com/chef-cookbooks/yum-epel/pull/62 .
Expect RHEL 6 to be removed from cookbooks everywhere. no timeline yet on when the builds will stop in the client. but if you're on RHEL 6 it's time to get off