Below are the meeting notes for this week's Community Meeting, a text-based meeting held weekly in Community Meetings on our community slack, which you can join: https://community-slack.chef.io/
DevRel/Community
benny Vasquez shared
The illustrious @Jonathan Pereira has finished yet another course for Learn Chef, this time focusing on teaching beginner bash. https://learn.chef.io/courses/course-v1:chef+Bash101+Perpetual/about If you’ve got someone on your team who’s not familiar, it’s a GREAT resource. I’m even going to test it on my 10-year-old nephew this weekend, though he doesn’t know it yet.
@damacus also wrote up a blog post about the importance of Awesome Chef awards, and what you should be doing about it:
(hint: it’s nominating your favorite awesome chefs)
#chefconf is moving right along, and the speakers have all been contacted. If you haven’t yet, please check your email and look for a message from your conference buddy! We’ve got work to do.
This week’s releases
Chef Automate
benny Vasquez shared
First, Automate had a release earlier this week that addressed a bunch of security concerns related to content sniffing, cross-site scripting, strict transport security header, and more. It also added delete and search capability in policy file view in Infra Server views and fixed some bugs around user preferences Details on discourse:
Unfortunately, that release also introduced a bug when logging using SAML which was quickly corrected the next day with another release:
Chef Infra Server
benny Vasquez shared
We also had our Chef Infra Server release this week! TONS of great improvements here to maintenance mode, along with a few other CVE-related updates. This one also includes the much-anticipated Rails engine upgrade (from 4.2 to 6.0.3.2). Testing will be essential when upgrading here! The full notes for that one are here:
Chef Infra Client
benny Vasquez shared
And for the Chef Infra Client release, I’m stealing almost all of @tas50 ’s internal announcement:
Chef Infra Client 17.3 is out. This is a big one. It has more new functionality than probably any minor release we’ve ever done and certainly much more than was included in 17.0. There’s a lot here to be aware of, so please take the time to read the release notes. Here’s the TLDR:
- 6 new resources for installing and managing packages with Habitat on Chef Infra Client managed nodes (thanks @El Jeffe )
- New Windows resources that expand our security and patching capabilities. 2 resources for managing Windows Defender and a Windows Update settings resource that also allows you to setup a system to use WSUS
- New helpers to make working with YAML, JSON, and TOML configs files easier (thanks @El Jeffe )
- Solaris 11.4 packages along with macOS 12 packages for the M1 architecture (Thanks to our release engineering team)
- Significant improvements to Policyfiles that make it easier to bridge the gap between traditional Berks workflows and Policyfiles. If you are struggling with the move from Berks to Policyfiles this may be just what you need.
- A beta of secrets manager integration with support for AWS Secrets Manager and Azure Key Vault. Emphasis on the beta here. We’d love to hear more before we further build out that feature.
Updates
Chef Habitat
mwrockx shared
Hello From Habitat!
This week we have been working on:
- migrating log data from sumologic to datadog
- Core-plans team onboarding
- Continued work on core-plans refresh
- Investigating options around core-plans version bump automation
- Working on bumping builder and habitat cargo deps and eliminating any CVE exposure
- Addressing build pipeline issues
Chef Infra Client
tas50 shared
So obviously we released Chef Infra Client 17.3, which was a massive release for us. Big shout out to the Infra Client team for getting that out the door.
We're circling back to Compliance Phase to work on the next phase (yep I went there) of that feature. This will enable you to ship compliance profiles and waivers directly in cookbooks and then include them just like you would with recipes. That way you can test everything in the same pipeline and easily locally test both infra and compliance code in Test Kitchen.
With the first beta of our secrets manager integration out it's time to deliver more for the next release. We have a few minor improvements planned as well as investigation work for building out HashiCorp Vault and Akeyless Vault support there. Stay tuned and if you have feedback on the feature in general do let us know at secrets_management_beta@progress.com
Work continues on moving the client.pem files to the Windows cert store. The PR to load the data from the cert store by default is complete. Next step is updating knife to bootstrap to the cert store. We're hoping that makes it into next month's release and we'll have some guidance on how to migrate existing pem files for anyone that wants to move off disk. Disk storage will continue to work though so there's user impact here.
Chef Infra Server
prajakta shared
We released Chef Infra Server 14.6 ( https://docs.chef.io/release_notes_server/#whats-new-in-14632 ) in the last week.- We have been updating the gather logs command and getting it better aligned with Automate.
- Updated the omniauth-gem in oc_id ( Update oc-id omniauth gem to latest to resolve CVE-2015-9284 by antima-gupta · Pull Request #2653 · chef/chef-server · GitHub )
- We have been working on testing the postgres upgrade from 9.6 -> 13.3That is the server team for this week!
Chef InSpec
benny Vasquez shared
@cwolfe wasn’t going to make the meeting this week, so I’ve got the InSpec update!
The Chef InSpec team is working on:
- Investigating an issue with SSH connections when PrintLastLog is enabled
- Fixing an issue with apache_conf when ServerRoot is not specified
- Suppressing the usage help output when inspec is invoked without a command but with --chef-license
- Adding support for the IBM DB2 database
- Working on a new release
Chef Workstation
Vikram Karve shared
Hi All! thanks, benny, here are the updates from Workstation team-From last week, these are yet to be released. Planning for a workstation release soon!
- Update ruby version to 3.0.2
- Update deprecated schema in the chocolatey package
- Updated chef-cli to 5.3.1
- Update docker-api
- Updated curl to resolve CVEs
- (this week) Updated error message related to knife cookbook unshare command
Work-in-progress
- Attempting to reproduce an issue with Docker images 21.4.414 & onwards
- Adding further the unit test cases of the cobra library implementation in the workstation
- Dev changes to optimise chef -v are nearly complete, resolving an issue found here in Windows
Sous Chefs
ramereth shared
Hello from Sous Chefs!
Here's the list of new releases in the past week:
- docker - 7.7.3:
- Ensure docker_image :load is idempotent
- jenkins - 9.0.0:
- Remove runit dependency
- Use systemd units instead of runit services
- Breaking Changes / Deprecations
- jenkins_jnlp_slave
- Renamed runit_groups property to service_groups
- New service created -- old Runit service will need manual cleanup
- jenkins::_master_war
- New service created -- old Runit service will need manual cleanup
- jenkins_jnlp_slave
- nrpe - 4.0.0:
- Enable unified_mode for Chef 17 compatibility
- Bump minimum Chef version to 15.3
- pyenv - 3.5.0:
- Add support for setting umask for pip resource
- selinux - 4.0.0:
- Sous Chefs adoption
- Enable unified_mode for Chef 17 compatibility
- Update test platforms
- trusted_certificate - 4.0.2:
- README updates
Special thanks to @Robert Detjens who has been working on various cookbook updates
I'm planning on having him tackle selinux_policy next and then try and merge those resources into selinux (but I need to talk with @tas50 first about that)
Cinc Updates
ramereth shared
Hello from the Cinc Project!
Cinc Server
- Working on resolving runtime issues with 14.6.32 related to chef-utils gem
- Been too busy to look into the fix for this but hope to get it resolve in the next week
Cinc Client
- Working on resolving build issues with 17.3.48 on Windows related to the ruby-shadow gem
- Hope to have that build out later today if I can figure out the build issue
jgitlin shared
Also Cinc Server: have started on new wordmark replacements, further updates next week!