Let’s kick things off with some updates from DevRel:
In case you missed it, Dan talked about Policyfile basics earlier today on the live stream! Check out the replay on YouTube
Mar 9th - Infra BP Tags
Mar 16th - InSpec Best Practices, Container Security
March 30th - Desktop Codify Your Fleet Instead!
Next week’s live streams:
Mar 8th: InSpec Best Practices
Mar 9th: Habitat Office Hours
Mar 10th: Appsembler Learning Platform with Kimball Johnson
Tune in on YT or Twitch
Automate 2 version 20220223121207 Released! This release improved telemetry coverage for Chef Infra Server Roles under Infrastructure.
Chef Infra Server
Chef Infra Server 14.13.42 Released! This release contains a few small bugs/improvements as well as an OpenJDK update.
Ankur Mundhra shared
This week the team worked on:
- New opt-in telemetry events have been released for Roles tab in Infra Server views
- Integration test improvements for Infra Server views
- Evaluation of deploying Automate HA on 5 node cluster is complete
- Security improvement to ensure that sensitive information is not part URL
- Testing Elasticsearch upgrade use case of earlier HA installation
- Blog on upcoming change in Automate versioning and release numbering
- A milestone release is around the corner
Hello from Habitat!
This week's updates:
- Making progress on next core-plans refresh
- Working on auto bumping core plan versions
- Investigating build order of core plan refresh
- Investigating rolling deployment bug when demoting package from a tracking channel while a rolling update is in progress
- Working to resolve docker studio supervisor on M1 platform
- Working to add backoff/retry for run and init hooks
- Working to add better validation of "hab sup run" args whrn not including a package to run
Chef Infra Client
We have a few items for everyone this week
- Onboarding our new team member and finally documenting how everything in the Infra Client works so this becomes easier next time
- Adding Ruby 3.1 testing to all our dependencies and getting CI in order
- Wrestling with some remaining CI failures after bumping to 18.x
- Investigating high priority Windows issues to hand off to our Desktop team
- Updated libffi, libarchive, and nokogiri to the latest versions
- Resolved 2 yum regressions introduced in 17.9.18 (expect a patch release for this)
- Added train-rest as a dependency as the start of our remote device management work. Thanks @theinen
- Added support for parsing mutlipath routing in Ohai
Chef Infra Server
- Released Chef Infra Server 14.13.42:
- Support for Multiple DNS Names
- Updated the nginx configuration for Chef Infra Server to support scenarios where the Infra Server has multiple DNS names that clients are configured to use.
- Resolved an error running chef-server-ctl user-create with the –prompt-for-password flag.
- Sentry APM Removal
- Removed support for Sentry application performance monitoring in oc-id.
- Habitat packages of Chef Infra Server are now built against the latest core-plans update, updating many of the dependencies used by Infra Server.
- Updated Ruby on Rails to 184.108.40.206 (resolve CVE-2021-22904).
- OpenJDK updated from 11.0.13 to 11.0.14 to resolve the following CVEs:
CVE-2022-21248: Enhance cross VM serialization
CVE-2022-21283: Better String matching
CVE-2022-21291: Better verification of scan methods
CVE-2022-21293: Improve String constructions
CVE-2022-21294: Enhance construction of Identity maps
CVE-2022-21282: Better resolution of URIs
CVE-2022-21296: Improve SAX Parser configuration management
CVE-2022-21299: Improved scanning of XML entities
CVE-2022-21277: Improve TIFF file handling
CVE-2022-21305: Better array indexing
CVE-2022-21340: Verify Jar Verification
CVE-2022-21341: Improve serial forms for transport
CVE-2022-21360: Enhance BMP image support
CVE-2022-21365: Enhanced BMP processing
- Current Work:
- Upgrading to Erlang 24.2.2.
- Adding support for migrating the internal Elasticsearch users to Opensearch.
- Adding preflight checks to make sure Elasticsearch is not in readonly mode (bug fix).
- Upgrading from AWS sigv2 authentication to sigv4.
- Server-side secrets implementation.
The Chef InSpec Team has been working on:
- Continuing work on loading gem dependencies from a profile
- New ipnat resource
- Planning for Q2
- Fixing the
inspec automate versioncommandStarting work on a resource code generator (
inspec init resource)
Vikram Karve shared
Hi All! Here is what Workstation & Community Tools are working on
Released build 22.2.807 with changes below
- Address regression introduced in ChefSpecAddress an issue with cached cookbooks
Ready for release (but there is a release blocker specific to macos m1 that we are resolving)
- Introduced network interface addition support in kitchen-vcenterAddress regression in cookbook caching- thanks @karmix!
- Moving knife supermarket to chef supermarketUpdating test-kitchen and plugins to Ruby 3.1(Shelved for now) Wrapping up implementation of chef env in Golang.Adding telemetry support in chef CLI execution on WorkstationFix to knife user create issue being reviewed
Hello from the Sous Chefs!
Here's the list of new releases in the past week:
openvpn - 6.1.0: Add certificate properties to user resource
rsyslog - 9.1.0
gnutlsfor TLS support on CentOS 7
Update tested platforms
Switch to reusable CI workflow
Hello from the Cinc Project!
- Released 22.2.807
Working on resolving run-time issues with 14.13.42 before releasing
We're making more progress on the upstream word mark replacement (new!) pull request
We'll be making a 14.13.42 release via the
currentchannel including fixes from this PR as a way for people to test it
I've also started looking at adding native Cinc support (using dist constants) in test-kitchen instead of relying on making changes to yml files