benny Vasquez shared
We sent out acceptances and declines this week for :chefconf-excited:. If you submitted and haven’t yet heard from us, feel free to ping me or ask about it in #chefconf . If you submitted and DID hear from us but didn’t yet read your email, please do.
The devrel team has been doing much more live-streaming on twitch , and we’re settling into a Tuesday/Thursday 9am eastern US time/6:30p IST cadence. If you have feedback and/or ideas, let us know, but definitely subscribe. The streams have been super informative, and I’m glad to see the team getting their feet wet.
We’re also finally coming back to see our friends at some DevOps Days events. Next week we’ll be (virtually) at DevOps Days Minneapolis , and we’re planning to join Boston and maybe Nashville, too.
If you’re gonna be at any of those, definitely let me know, and say hi when you’re there!
Ankur Mundhra shared
Updates on Automate are as follows:
- Improved readMe content of some components and services like event-feed
- Improved documentation on deep filtering of compliance reports
- Restore telemetry preference from local storage and in-app messaging around it
- Ability to delete policy file from policy file list in Infra Server views
- Added search capability for policy files in Infra Server views
- Bunch of security improvements in load balancer around cross-site scripting, strict and secure transport security header, content sniffing and more
- Compliance profiles: RHEL 7 V2.2.0, Tomcat 8 V1.1.0, Windows 2012 R2 Domain Controller v3.1.0
- Code cleanup on chef-client management, chef_baseline, binary dependency.
- Improved documentation of setting up Windows nodes including clarity on ports, firewall and WinRM settings for proper setup and scanning
Lot more to come in the upcoming weeks!
This week we have been working on:
- Builder Notifications
- Core-plans team onboarding
- Continued work on core-plans refresh
- Investigating options around core-plans version bump automation
- Working on bumping builder cargo deps
Chef Infra Client
Since last week we merged in our experimental support for secrets managers. This adds a new
secrets helper to the Chef Infra language along with support for AWS Secrets Manager. We have work in progress to also add Azure Keyvault support. Once those two engines are complete we will ship 17.3 so you can give it a try. We've purposefully kept this new helper very basic so we can chat with people about how they'd like to fetch secrets in the client. If you're using AWS Secrets Manager or Azure Key Vault shoot us an e-mail at email@example.com so we can chat.
We merged 6 new habitat resources from the habitat cookbook into the client this week. This will let you install habitat, install packages, manage configs, manage services, and manage supervisors. This PR also added new Infra Language helpers for converting Ruby mashes to JSON/YAML/TOML strings so you can write out config files without using terrible erb templates. The docs for the new resource are up today at docs.chef.io with the helper docs coming soon. Super big shout out to @El Jeffe who did the heavy lifting to get this all into the client between customer engagements.
We added a new deprecation for running the client with
policy_document_native_api set to false aka running in policyfile compat mode. This was put in place to allow policyfiles to work with Chef Infra Server < 12.1, so it's quite ancient and it will go away in Infra Client 18.0. Docs for that are in the works.
We updated addressable to 2.8.0 to resolve a CVE so the 17.3 release will include 4 CVE fixes.
@lamont also rage coded more Policyfiles improvements. This time around using Policyfiles with runlists outside of the override scenario we announced last week. Checkout https://github.com/chef/chef/pull/11803 for all the details
Chef Infra Server
We are preparing a release (14.6) for Chef Infra Server that will contain:
- Rails upgrade 4.2 to 18.104.22.168
- Adds a ctl command to put chef-serverr in maintenance mode
- Ruby upgrade from 2.6.7 2.7.4
- Infra Client 16 upgrade
We are currently also testing the postgresql upgrade from 9.6 to 13.2 along with the dependency updates and some documentation updates.
The Chef InSpec team is working on:
- Investigating an issue with SSH connections when PrintLastLog is enabled
- Fixing an issue with FilterTable and using ranges
- Fixing an issue with the HTTP fetcher when using self-signed SSL
- Adding the ability to filter controls by tag
Nikhil Gupta shared
Workstation team updates for this week:
Ready for release
- updated ruby to 3.0.2 in workstation
- Update deprecated schema in the chocolatey package
- Updated chef-cli to 5.3.1
- Update docker-api
- Updated curl to resolve CVEs
- Issue with Docker image from 21.4.414+
- forbidden error from knife supermarket unshare is now misleading
- Working on the unit test cases of the cobra library implementation in the workstation.
Hello from Sous Chefs!
Here's the list of new releases in the past week:
apache2 - 8.13.0:
- Add default_charset , server_signature , server_tokens , and trace_enable to install resource
- Add install_override test suite
certificate - 2.0.1:
- Fix encrypted data bags
firewall - 3.0.1:
- Restart netfilter service in iptables mode after updating firewall rules
golang - 5.3.0:
- Fix unified_mode declaration
- Bump ark dependency to one with unified_mode set
yum-epel - 4.1.3:
- Remove deprecated failoverprorioty setting
On the Cinc Server side, now that Chef Server is updated to use Chef Infra Client 16, I will resume on wordmark replacements (using the new dist constants) in this PR