Meeting Notes for January 27, 2022

ktolliver · January 27, 2022, 8:16pm

Below are the meeting notes for this week's Community Meeting, a text-based meeting held weekly in #community-meetings on our community slack, which you can join: https://community-slack.chef.io/

DevRel/Community

Kiah Tolliver shared

Good morning/afternoon/evening guys and gals. Thanks for joining me for another community meeting!

Let’s kick things off with some updates from DevRel:

In case you missed it, we just wrapped up one of my favorite streams to date. Dan and I had the pleasure of discussing laziness with Jess Rose. Check out the replay on YouTube.

Upcoming Webinars:
Jan 27th - Chef InSpec Security Profile Basics
Feb 23rd - Gain Control & Visibility into Linux Laptops
Feb 24th - AWS Marketplace
March 30th - Are Scripts Slowing Down System Admins?

Next week’s live streams:
Feb 1st - Digging into Compliance Phase
Feb 3rd - Interview with Hackathon winner Dhruv Kanojia
As always, tune in on YouTube & Twitch

This week’s releases

Chef Automate

Kiah Tolliver shared

Automate 2 version 20220121191356 Released! This release contains security updates as well as a few product and service version upgrades.

Other releases

tas50 shared

Updates

Chef Automate

Ankur Mundhra shared

Hello community

This week the team:

Upgraded ElasticSearch to 6.8.23 (Fixed CVE-2021-44832)
Worked on dev branch to complete Chef Org migration from Chef Server backup dump
Improved SAML documentation
Corrected documentation for SSH command connection

Team Automate

Chef Infra Client

tas50 shared

Hey folks!

We made some changes to Omnibus to better contain library access to the packages and alert us if something is trying to reach out to the system
Work started on building Ruby 3.1
Work started on RHEL 9 builders / testers
We just about wrapped up reading the client.pem contents from the Windows certificate store. The team is investigating how to go about rekeying the system now so we can migrate from the old client.pem to a new key with a cert pair in the cert store. The goal is to make this something you can do with a config option or via CLI flag
We're still digging into libarchive failures that broke the archive_file resource. This has been a hard one to track down. We hoped the omnibus changes would get us a solution, but that turned out to not be the problem

Chef Infra Server

Marc Paradise shared

Hello folks! We are getting very close to getting a couple of releases out on the server team:

Chef Backend 3.0.0 - That will include the update to es 6.8.23.
Chef Infra Server 14.12.x - This includes multiple CVE fixes and bug fixes

knife-ec-backup - This release will include the fix for if nodes or
clients are deleted between backup runs when running knife ec backup
with the --purge option, the client and node objects and the associated
ACLs will be removed from the backup directory on the next run. (This
fix will be available in the 14.12.x release of server shat goes out
shortly)

Continuing to work on supporting opensearch in Chef Infra Server -

Continuing on improving the dev environment -

github.com/chef/chef-server

Automate mundane configuration/setup in dev vm and/or vagrant

opened 04:13PM - 03 Dec 21 UTC

lbakerchef

Developers normally need to do many mundane tasks in configuration/setup by hand… in order to troubleshoot or debug an issue or start an investigation using a dev vm or vagrant box, and these tasks are time-consuming and repetitive. Examples of this are adding users, adding nodes, setting up knife or other clients, setting up and moving around security certificates, setting up `chef-server.rb`, etc. We should automate as much of this as possible or practicable. This 'mundane tasks' issue is not only present on the dev vm, but also on terraform boxes used for umbrella testing. An excerpt from a `standalone-fresh-install` terraform box is depicted below, illustrating typical pain encountered: ``` root@ip-10-0-7-19:~# sudo chef-server-ctl user-create janedoe Jane Doe janed@example.com 'abc123' --filename ~/.chef/janedoe.pem ERROR: Conflict Response: Username or email address already in use. root@ip-10-0-7-19:~# /opt/opscode/bin/knife node list WARNING: No knife configuration file found. See https://docs.chef.io/config_rb/ for details. WARN: Failed to read the private key /etc/chef/client.pem: #<Errno::ENOENT: No such file or directory @ rb_sysopen - /etc/chef/client.pem> ERROR: Your private key could not be loaded from /etc/chef/client.pem Check your configuration file and ensure that your private key is readable root@ip-10-0-7-19:~# mkdir -p .chef root@ip-10-0-7-19:~# cp /home/ubuntu/janedoe.pem .chef root@ip-10-0-7-19:~# /opt/opscode/bin/knife ssl fetch WARNING: Certificates from api.chef-server.dev will be fetched and placed in your trusted_cert directory (/root/.chef/trusted_certs). Knife has no means to verify these are the correct certificates. You should verify the authenticity of these certificates after downloading. ERROR: Network Error: getaddrinfo: Name or service not known Check your knife configuration and network settings ``` It may be possible to do this as an epic, and have the tasks in phases or iterations. E.g. to start, we could simply write up common tasks in a document and include the document it the appropriate place (`dev-docs` or `chef-server/dev`). The next iteration could be to write a bash or other script for each common task. The third iteration could be.... First iteration acceptance criteria: A few copy/paste scripts or snippets to help automate a variety of mundane development chores. - [x] Copy/paste script to automate knife configuration on dev vm. - [x] Copy/paste script to automate knife configuration on terraform umbrella scenario. - [ ] More to come...

We have added a scenario for testing chef-backend upgrade to our integration testing pipelines.

Chef Inspec

cwolfe shared

The Chef InSpec team has been working on:

Continued work on expanding support for more containerization systems on the virtualization resource - PR now open for kubernetes and podman support
Adding support for SSL authentication with WinRM
Began work designing a streaming interface for reporters, to allow real-time custom output

Sous Chefs

ramereth shared

Hello from the Sous Chefs!

Here's the list of new releases in the past week:

elixir - 3.0.0
Bump to require Chef Infra Client >= 15.3
Cookstyle fixes
github - 1.1.0: Add :extract action to github_asset resource
java - 10.2.0: Remove tap_full option as this is no longer supported and there is no replacement
mysql - 11.0.2
Cookstyle fixes
Stop specifying the Fedora version, so we default to latest
nrpe - 4.0.2: Cookstyle fixes
openssh - 2.10.0: Improved sorting of Match objects in sshd_config
ruby_rbenv - 5.0.0
Add resource partials for git and common (users and root path helper)
Bump Chef version to 16 for partials
yum - 7.3.1
Add testing for Alma Linux and Rocky Linux
Remove testing for CentOS 8 (prefer Stream instead)
yum-epel - 4.4.0
Add testing for Alma Linux and Rocky Linux
Remove testing for CentOS 8 (prefer Stream instead)

I have other PRs in flight that's adding Alma/Rocky Linux, removing CentOS 8 and switching it to CentOS Stream 8

I believe we're also working on resolving the duplicate cookstyle PRs by disabling one of the bots. Hopefully that will reduce some confusion

That new action in the github cookbook is pretty dope and simplifies being able to download AND extract github assets easily

Cinc Updates

ramereth shared

Hello from the Cinc Project!

Cinc Client

New build environment for Windows has been deployed
Please test this MSI using this environment to ensure the problem has been fixed
The problem stemmed from using an mysy2 gcc toolchain that was too new and didn't match what upstream uses
Pulled the msys2 environment from omnibus-toolchain 1.1.109 (last version to include it)
Will work on rebuilding all affected MSI's if this fix is confirmed
Working on prepping build environment for Chef 18/17 with new branches
Chef 17 is now in a chef-17 branch and we need to update our pipelines to match that.

So far it seems the MSI listed above is working for folks... I'll be pushing that out to the mirrors once I have some additional confirmation.

Cinc Workstation

Looking into resolving issues with running cinc -v before releasing 22.1.745
Believe I have a fix and will work on getting this released soon. Seems to be a conflict with using the wrong type of constant in the upstream repo. Expect an upstream PR to resolve this soon.

Cinc Server

@Alexey Hariton has been making lots of progress on fixing wordmark/path issues via an upstream PR
Merged/Released upstream wordmark PR in chef_backup gem
Dealing with an issue where the chef-utils gem is installed with four different versions (upstream issue). This is causing issues for us using the proper dist constants

PSA: Update polkit on all your Linux systems ASAP

Other updates

tas50 shared

New fauxhai and cookstyle releases are up

Fauxhai has some new platforms: Rocky Linux 8, AlmaLinux 8, and macOS 12. It also deprecated a few others

Cookstyle has new cops to detect bad notifications, old fauxhai data in chefspec tests, cookbooks with periods in the name, cookbooks using the delivery CLI, etc. Also @jaymzh dug in and figured out how to make it so you can disable a whole department of cops so you can disable Chef/Style if you would like in a .rubocop.yml file now.

Both of those changes go out with the next Chef Workstation

benny Vasquez shared

One more thing to add: I uploaded re-branded chef-centric emoji for slack reactions and such.

See you next week!

system · January 30, 2022, 8:16pm

This topic was automatically closed after 3 days. New replies are no longer allowed.

Topic		Replies	Views
Meeting Notes for January 13, 2022 Community Meetings	1	515	January 16, 2022
Meeting Notes for February 3, 2022 Community Meetings	1	429	February 6, 2022
Meeting Notes for Oct 20th, 2022 Community Meetings	1	509	November 12, 2022
Meeting Notes for Dec 15th, 2022 Community Meetings	1	437	January 13, 2023
Meeting Notes for Dec 8th, 2022 Community Meetings	1	472	January 13, 2023

Meeting Notes for January 27, 2022

This week’s releases

Updates

See you next week!

Related Topics