Meeting Notes below, but first... This one wasn’t mentioned during the meeting, but I wanted to point to it anyway: tecRacer is hosting its first Chef meetup in Frankfurt, Germany. If you’re close, definitely stop next Tuesday.
Long story short
- Location: WeWork Frankfurt, Neue Rothofstrasse 13-19
- When: 4 February 2020, 6:30 pm (18:30)
- Tech-Talk: Delivering high quality cookbooks with test-kitchen
- Discussion and networking
- Searching for other hosts
Full details on the blog: https://blog.chef.io/upcoming-first-chef-usergroup-germany/
The date is fast approaching (TOMORROW!) so if you have an idea for a talk get the proposal in, otherwise I’ll be taking your speaking slot in London.
And if you’re thinking “I really don’t have anything special to talk about” you should check out @lnxchk ’s series on topics. There’s some excellent advice there that might inspire you. https://blog.chef.io/tag/chefconf/
benny vasquez shared
Registration is also open for ChefConf!
This week’s releases
First off Automate 2 20200123225613 shipped. With this release the Applications Dashboard is now generally available. This is some pretty cool work for shifting how you display and manage your infra so definitely take a look. The release also has some pretty significant improvements to the IAVv2 beta, which is rapidly approaching its GA date as well. Lot’s of fancy new stuff in Automate. https://discourse.chef.io/t/automate-2-version-20200123225613-released/16581
We released Chef Infra Client 15.7.30 (then 31, then 32) with a pile of resource fixes and improvements and new cookbook helpers for checking if a system is a windows server, windows server core, or windows desktop. https://discourse.chef.io/t/chef-infra-client-15-7-30-released/16573
The .31 and .32 releases were to fixup warnings that were showing when using knife in the Chef Infra Package. If you don’t run knife via the Chef Infra package then you’re fine with staying on .30
Cookstyle 5.20 also shipped with a single new cop for cleaning up old ChefSpecs and improvements to detection / autocorrection in a few existing cops: https://discourse.chef.io/t/cookstyle-5-20-0-released/16576
Next up in Chef Workstation 0.15 which includes updated Chef Infra Client, Berkshelf, and InSpec. This is also the first version of Workstation that we’re building for Debian so if you were holding onto DK for the Debian support, it’s time to upgrade now. We’re also fully notarizing the Mac builds with signing of each binary. This is a requirement of Apple’s starting early Feb and it provides addition package security.
ChefDK 4.7 shipped after a bit of time off. We shipped three Chef Workstation releases during the time between 4.6 and 4.7 so this is pretty big one. As always I’d highly recommend using Workstation instead as it’s DK + more. This release comes with updates to tools like Chef Infra Client, Chef InSpec, Cookstyle (7 releases newer), berkshelf, and various knife/kitchen plugins. https://discourse.chef.io/t/chefdk-4-7-73-released/16592
And last, but not least the Habitat team had a major milestone this week with the release of Habitat 1.5: https://blog.chef.io/product-announcement-chef-habitat-1-5-now-available/ .
Alex Pop shared
- We moved IAMv2 to General Availability!
- We moved the Apps page to General Availability!
- Bug fixes and improvements to the EAS Dashboard.
- InSpec Waivers almost complete in the backend.
- New and updated compliance profiles have been merged.
- Improvements to documentation and release notes
- Continuing with the refactoring and cleanup
- Making improvements to the Data Feed service
On the Chef side of things we forked for Chef 16 so you’ll notice some breaking changes getting merged. We’ve officially removed support for RHEL 5, SLES 11, and Windows 2008 R2 from our codebase. There were a good number of if/else statements that can go away now. Faster code that’s easier to read. We also added new Windows helpers: windows_nt_version and powershell_version. These return version objects so you can compare them without the need for .to_i or .to_f.
Well if last week was a quiet week, we sure made up for it this week.
The InSpec Team is up to:
- Merged PR enabling the archive subcommand to work better in airgapped environements
- Fixed 4 skipped Windows functional tests
- Working on telemetry opt-in, continued
- Adding first telemetry instrumentation: invocation (duration, platform, installation type, command used)
- Adoption of a long-awaited PR to update the schema used to validate the JSON emitted by InSpec
- Corrected platform support declarations on several resources (e.g. not just linux, all of unix, in several cases)
- shell command - add
- -inspect option allowing you to get debugging information when you stringify a resource
- Detect how InSpec is installed by looking at its install path and a few other hints
- Refactor the crontab resource parsing code
- Prep for MacOS package notarization
Overall, a great week; we're overdue for a release as we now have several features and bugfixes on master.
A number of the team has been heads down on some emergent work, but it's still been a pretty big week for us:
- Released 1.5!
- Improving service updates in the supervisor
- Improving safety of origin deletion
- Research spike into running bldr in K8s ( what are the rough edges?)
- Adding additional end-to-end tests for the supervisor
- Investigating db call performance
- Continuing investigations into visualizing the package graph
The Workstation Team have moved forward with the proposal to create distributable Go binaries, we will be done with this task today! We have also replaced
logify inside the stove gem in favor of mixlib-log, as Tim would say, one less dependency into the package! We are also working on some bug fixes and making the Chef Workstation App to run at boot time. Finally, the team has been working on two main proposals for the upcoming work for this year:
- Upgrade suggestions (Data Analysis)
- Chef CLI Catalog (v2.0)
Please, feel free to read and leave comments. Thanks to everyone contributing in the community!
Chef Infra Server
- For chef-infra server we continue to add more scenarios to the release testing infrastructure. We also have a pipeline now that can run all of these scenarios on a more regular basis.
- The work in migrating to internal elasticsearch currently in review and testing phase.
- We have started looking into v4 signing for requests to amazon s3.
We are also seeing some community contributions for the Chef-Server repo, which is awesome and we are very thankful!
I also have some Chef / Workstation cross cutting work on tracking down knife performance bottlenecks. It looks like most of our issues were from the way knife cloud plugins were loading their SDKs. This resulted in the SDKs getting loaded when you ran ANY knife command. For example running knife node list would load the Azure SDK, vmware sdk, and rvbmomi for vmware. Obviously this is pretty slow and not something we want to do. I’ve pushed up new versions of these plugins and the results so far are pretty amazing. On my Mac knife commands went from 12 seconds to just over a second and on my Windows system they went from 2 minutes to 9 seconds. I’m waiting on a build right now, which hopefully lowers that number a bit more. If you’d like to give this a try then grab the current build of Chef Workstation here: https://downloads.chef.io/chef-workstation/current
we especially need folks to test using knife-google, knife-azure, and knife-vcenter to make sure we didn’t break any dependency loading.
Tim got bored this week and released a few things:
gpg 1.0.1 released
selinux_policy 2.3.6 released
consul 3.2.0 released
control_groups 0.2.0 released
fail2ban 6.2.0 released
hashicorp-vault 4.0 released
consul 3.3.0 released
We are starting to look into managing our dns with cloudflare and work continues in the background on our release pipeline which we will hopefully have something to demo in a couple of weeks.
Join us in #sous-chefs for our meeting
On Cinc side, We've got releases for Client 15.7.32 (stable channel) and Auditor 4.18.66 (unstable channel). We've put more work into Cinc.sh , including a new blog post and some under-the-hood improvements.
We're also in the process of reworking the pipelines to integrate cinc-zero and Auditor into Client, which will hopefully result in a methodology we can later apply to Workstation. The bootstrap issues we have on 3rd party distros are being actively worked on, we can expect a PR by next week.
Finally, a big thanks to the workstation team who's worked on the go dist-generator, now merged, which will allow distros to easily generate a compliant build of all Chef's Golang project, using a standardized methodology.
I'm excited about this refactor on how we patch Cinc as it should simplify things quite a bit. If you want a preview of what we're working on you can check it out here: https://gitlab.com/cinc-project/client/-/merge_requests/28
This should allow us to match versions locked and then use our patches no matter which version. Also catch any issues since the git merges should fail if that's the case