Meeting Notes for January 27, 2022

Below are the meeting notes for this week's Community Meeting, a text-based meeting held weekly in #community-meetings on our community slack, which you can join:


Kiah Tolliver shared

Good morning/afternoon/evening guys and gals. Thanks for joining me for another community meeting!

Let’s kick things off with some updates from DevRel:

In case you missed it, we just wrapped up one of my favorite streams to date. Dan and I had the pleasure of discussing laziness with Jess Rose. Check out the replay on YouTube.

Upcoming Webinars:
Jan 27th - Chef InSpec Security Profile Basics
Feb 23rd - Gain Control & Visibility into Linux Laptops
Feb 24th - AWS Marketplace
March 30th - Are Scripts Slowing Down System Admins?

Next week’s live streams:
Feb 1st - Digging into Compliance Phase
Feb 3rd - Interview with Hackathon winner Dhruv Kanojia
As always, tune in on YouTube & Twitch

This week’s releases

Chef Automate

Kiah Tolliver shared

Automate 2 version 20220121191356 Released! This release contains security updates as well as a few product and service version upgrades.

Other releases

tas50 shared


Chef Automate

Ankur Mundhra shared

Hello community

This week the team:

  • Upgraded ElasticSearch to 6.8.23 (Fixed CVE-2021-44832)
  • Worked on dev branch to complete Chef Org migration from Chef Server backup dump
  • Improved SAML documentation
  • Corrected documentation for SSH command connection

Team Automate

Chef Infra Client

tas50 shared

Hey folks!

  • We made some changes to Omnibus to better contain library access to the packages and alert us if something is trying to reach out to the system
  • Work started on building Ruby 3.1
  • Work started on RHEL 9 builders / testers
  • We just about wrapped up reading the client.pem contents from the Windows certificate store. The team is investigating how to go about rekeying the system now so we can migrate from the old client.pem to a new key with a cert pair in the cert store. The goal is to make this something you can do with a config option or via CLI flag
  • We're still digging into libarchive failures that broke the archive_file resource. This has been a hard one to track down. We hoped the omnibus changes would get us a solution, but that turned out to not be the problem

Chef Infra Server

Marc Paradise shared

Hello folks! We are getting very close to getting a couple of releases out on the server team:

  • Chef Backend 3.0.0 - That will include the update to es 6.8.23.

  • Chef Infra Server 14.12.x - This includes multiple CVE fixes and bug fixes

knife-ec-backup - This release will include the fix for if nodes or
clients are deleted between backup runs when running knife ec backup
with the --purge option, the client and node objects and the associated
ACLs will be removed from the backup directory on the next run. (This
fix will be available in the 14.12.x release of server shat goes out

  • Continuing to work on supporting opensearch in Chef Infra Server -
  • Continuing on improving the dev environment -
  • We have added a scenario for testing chef-backend upgrade to our integration testing pipelines.

Chef Inspec

cwolfe shared

The Chef InSpec team has been working on:

  • Continued work on expanding support for more containerization systems on the virtualization resource - PR now open for kubernetes and podman support
  • Adding support for SSL authentication with WinRM
  • Began work designing a streaming interface for reporters, to allow real-time custom output

Sous Chefs

ramereth shared

Hello from the Sous Chefs!

Here's the list of new releases in the past week:

  • elixir - 3.0.0
  • Bump to require Chef Infra Client >= 15.3
  • Cookstyle fixes
  • github - 1.1.0: Add :extract action to github_asset resource
  • java - 10.2.0: Remove tap_full option as this is no longer supported and there is no replacement
  • mysql - 11.0.2
  • Cookstyle fixes
  • Stop specifying the Fedora version, so we default to latest
  • nrpe - 4.0.2: Cookstyle fixes
  • openssh - 2.10.0: Improved sorting of Match objects in sshd_config
  • ruby_rbenv - 5.0.0
  • Add resource partials for git and common (users and root path helper)
  • Bump Chef version to 16 for partials
  • yum - 7.3.1
  • Add testing for Alma Linux and Rocky Linux
  • Remove testing for CentOS 8 (prefer Stream instead)
  • yum-epel - 4.4.0
  • Add testing for Alma Linux and Rocky Linux
  • Remove testing for CentOS 8 (prefer Stream instead)

I have other PRs in flight that's adding Alma/Rocky Linux, removing CentOS 8 and switching it to CentOS Stream 8

I believe we're also working on resolving the duplicate cookstyle PRs by disabling one of the bots. Hopefully that will reduce some confusion

That new action in the github cookbook is pretty dope and simplifies being able to download AND extract github assets easily

Cinc Updates

ramereth shared

Hello from the Cinc Project!

Cinc Client

  • New build environment for Windows has been deployed
  • Please test this MSI using this environment to ensure the problem has been fixed
  • The problem stemmed from using an mysy2 gcc toolchain that was too new and didn't match what upstream uses
  • Pulled the msys2 environment from omnibus-toolchain 1.1.109 (last version to include it)
  • Will work on rebuilding all affected MSI's if this fix is confirmed
  • Working on prepping build environment for Chef 18/17 with new branches
  • Chef 17 is now in a chef-17 branch and we need to update our pipelines to match that.

So far it seems the MSI listed above is working for folks... I'll be pushing that out to the mirrors once I have some additional confirmation.

Cinc Workstation

  • Looking into resolving issues with running cinc -v before releasing 22.1.745
  • Believe I have a fix and will work on getting this released soon. Seems to be a conflict with using the wrong type of constant in the upstream repo. Expect an upstream PR to resolve this soon.

Cinc Server

PSA: Update polkit on all your Linux systems ASAP

Other updates

tas50 shared

New fauxhai and cookstyle releases are up

Fauxhai has some new platforms: Rocky Linux 8, AlmaLinux 8, and macOS 12. It also deprecated a few others

Cookstyle has new cops to detect bad notifications, old fauxhai data in chefspec tests, cookbooks with periods in the name, cookbooks using the delivery CLI, etc. Also @jaymzh dug in and figured out how to make it so you can disable a whole department of cops so you can disable Chef/Style if you would like in a .rubocop.yml file now.

Both of those changes go out with the next Chef Workstation

benny Vasquez shared

One more thing to add: I uploaded re-branded chef-centric emoji for slack reactions and such.

See you next week!

This topic was automatically closed after 3 days. New replies are no longer allowed.