Meeting notes for Feb 6, 2020

Below are notes from this week’s text-based meeting on slack.

DevRel/Community

bennyvasquez shared

  • We've updated the Try Habitat LCR module to use Habitat 1.5 (which was released last week), and cleaned up some obsolete windows code to make things current. https://learn.chef.io/modules/try-habitat
  • ChefConf registration is open, and we have a limited number of passes even less than the early bird price that I can provide to our core contributors or other influential community members. Email ( benny@chef.io ) or slack me for more info. https://blog.chef.io/chefconf-2020-registration-is-now-open/
  • We’ve finalized our initial list of DevOpsDays that we’ll be sponsoring (though we might add a few more). If you’ll be around, definitely plan to say Hi!
    • New York City - March 3-4
      Seattle - April 14-15
      Toronto - April 16-17
      Atlanta - April 21-22
      Boise - May 15
      Amsterdam - June 17-19
      Minneapolis - August 4-5
      Dallas - August 26-27
      Chicago - September 1-2
      London - September 24-25
      Boston - September 28-29
      Washington, DC - Dates TBA
      Copenhagen - Dates TBA
      Edinburgh - Dates TBA
  • Oh! Also, Kimball from our team gave a talk at Config Management Camp 2020 in Ghent, and here are his slides: https://www.slideshare.net/KimballJohnson1/inspec-one-tool-to-rule-them-all

This week’s releases

tas50 shared

If you’re not a developer you might not be familiar with some of Apple’s new security requirements that started on Monday. We’ve always signed our package, but we’re now notarizing / deep signing the binaries in our applications so we can enable Apple’s hardened runtime. Workstation 0.15 was the first release to perform these addition steps and this caused Berkshelf and Policyfiles failures which we’ve since worked around. There are some potential issues you should be aware with these new security requirements and @Jon Morrow covers them in this lengthy post. https://discourse.chef.io/t/chef-software-on-macos-catalina/16626

Chef Infra Client 15.8 will ship with this same notarization as well the upcoming release of DK

Automate

tas50 shared

we had another big week from the Automate 2 team with the release of 20200127203438. With this release the Identity and Access Management v2 is now GA. It’s really great to see this work all come together and go GA. I know the Automate team has been working on this for quite some time. https://discourse.chef.io/t/automate-2-version-20200127203438-released/16620

Chef Workstation

tas50 shared

We also released an update to Workstation to fix an issue with how we sign the packages for macOS Catalina https://discourse.chef.io/t/chef-workstation-0-15-18-released/16627 . This release also fixes deprecation warnings from win32-service and FFI on Windows systems

Other Community releases

Other updates

Automate

Alex Pop shared

After the GA releases last week, the main focus for the team was on bug fixing and improvements for installation, Compliance, Data Feed service, and Apps page. The automated testing has been improved as well with more data and tests.

Habitat

sdmacfarlane shared

Hi from the Habitat team! This week I come with pictures (in thread)

  • Improving shutdown of the supervisor and launcher in Windows
  • Added Invoke-AfterSuccess and Invoke-AfterFailure for build phase parity between plan-build on Linux and Windows
  • All usage of reqwest( http-client library) has been converted to async
  • Added configurable cache expiration for private packages to Builder
  • Investigating possible build-group creation differences between Github Push notifications and cli/ui build requests
  • Continuing k8s investigations, and looking for community input https://discourse.chef.io/t/soliciting-ideas-for-a-revived-habitat-kubernetes-operator/1289

The following is an affinity graph of all packages in the core origin:

Screen Shot 2020-02-04 at 09.18.28

Relationship graphs in svg are still a little too large to upload. Who would have guessed that 700+ nodes with > 10k edges would be hard to visualize.

And I should say a big thanks to @mark for generating the images

Workstation

tball shared

Howdy! First off, @afiune finished the work on a pattern for distributable Golang binaries and applied the pattern to the Chef Analyze repo so that the OSS community can release that package with the Chef trademarks removed. The team also completed work to enable the Chef Workstation App to run at system boot on Windows and MacOS. If you get the current channel version of Chef Workstation you should see a new option in the installer to enable this and ensure you get notifications for future releases. Lastly we fixed a MacOS entitlements issue along with a few bugs and released a new version of Chef Workstation as Tim mentioned.

Chef Infra (client and server)

tas50 shared

We forked off Chef Infra Client 15 to the chef-15 branch and we’re prepping the upcoming 15.8 release. That release will include 40+ new DSL helpers, many of which came from chef-sugar. It should make writing cookbooks a lot easier without having to dig into ohai data all the time. This release also includes some nice fixes to the mac_user resource on Catalina and it’ll use the hardened runtime there as well. Here’s the WIP version of those release notes https://github.com/chef/chef/blob/284cca7393833f5af6bd423d586235769e639fd7/RELEASE_NOTES.md

If you’re using the vscode Chef extension then some of those helpers have already shown up on your system and you’ll notice the snippets now tell you what version of Chef they support. This is all driven with the yard data right in the chef-utils gem so we’ll be able to auto update those snippets from time to time

prajakta shared

We are continuing to add tests to the integration pipeline and making some progress on the v4 signing for s3 requests. The next release for Chef-Infra-Server might not have elastic-search replacing solr. But will include the move from Oracle JDK to Adopt Open JDK. That is it for this week.

Chef Sugar

lamont shared

deprecation for chef-sugar is quite obviously going to happen some point soon. probably going to do something like make a major release that throws spammy log warnings out, then later make a major release which just raises hard and breaks everything. users will need to explicitly pin to get around them. but that comes sometime after the final code is shipped.

Sous Chefs

tas50 shared

We did a release of the grafana cookbook as well as the consul cookbook this week

I’m looking at what it would take to remove poise from consul and hashicorp-vault which seems like it can be done in a 99% backwards compatible way now that the world is on systemd

if that’s something that interests you come chat in our meeting after this

Other Community releases

ramereth shared

We've started working on a Cinc Workstation build. Still at the very early stages but hopefully we'll have something folks can play with in a few weeks. The Linux builds seem to be going well, MacOS/Windows been running into some issues. We'll also likely need to look into the new changes in Catalina and how that impacts us

BobChaos shared

<-- still working on bootstrap templates, code's written but I'm feeling extra paranoid, so I'm cooking up kitchen-terraform based integration tests for bootstrap processes. Hopefully it can also be of use in the context of Update bootstrap to use mixlib-install · Issue #8468 · chef/chef · GitHub

ramereth shared

Right now the build is covering most of the patched ruby gems we need, including packaging our version of mixlib-install that points to our infra. Next steps is working on the golang deps which I think @BobChaos has been mostly doing that. My first step is to try the chef-analyze changes that were made

We keep learning new and better ways to manage our patched versions of things, which I hope to backport to client/auditor eventually

Right now I'm testing using a packagecloud rubygem repo where we can put our stuff and just update Gemfile to point to those which seems to work well

See you in next week!

This topic was automatically closed after 30 days. New replies are no longer allowed.