Below are the meeting notes for this week's Community Meeting, a text-based meeting held weekly in #community-meetings on our community slack, which you can join: https://community-slack.chef.io/
DevRel/Community
benny Vasquez shared
Well, the biggest piece of news this week is something that I’m sure you’ve all heard: this week we announced that we’ve agreed to be acquired by Progress , a boston-based company. There are lots of questions, I’m sure, and I’m here to get answers to those questions in the coming weeks. Most of the questions I’ve seen are around Progress’ open source feelings, because we are an open source company. There’s a beginning of an answer to that in #acquisition_questions , and I’m hoping to get a chance to chat with them next week to see if there’s any more detail that they can provide.
As always, I’m here to help however I can. If you’ve got questions or want to jump on a zoom/google hangout/whatever, I’m more than willing.
This week’s releases
Chef Automate
tas50 shared
The Automate team also released Automate 20200908235050 which improves portions of the UI shown based on permissions and removed some placeholder data in the desktop dashboard https://discourse.chef.io/t/automate-2-version-20200908235050-released/17649
Chef Workstation
tas50 shared
We had a nice release with Chef Workstation 2.9.136. This updates Cookstyle, InSpec, multiple Kitchen Drivers and provides macOS 11 packages for the first time. Also if you're doing any word with the US federal government you'll be happy to know that all Ruby components are now FIPS enabled for that sweet sweet md5-less operation. https://discourse.chef.io/t/chef-workstation-20-9-136-released/17625
Other releases
tas50 shared
Test Kitchen 2.7 is out this week with a new feature that lets plugins toggle if they can be run concurrently or not. it turns out many could not actually run with -c > 1 and that would cause issues with the Kitchen runs failing.
You'll see a new kitchen-inspec release for the Workstation release which turns off concurrency for the verifier and we're also looking at turning off concurrency for the legacy chef driver (not zero)
We also released kitchen-azurerm 1.3.0 which uses Ruby's autoload to load the Azure SDK only when necessary. This massively speeds up some operations, especially on Windows nodes. You'll see 2-3x improvements in many Kitchen commands once we get this into Workstation
Updates
Chef Automate
Alex Pop shared
from the Automate team!
- We merged a lot of documentation improvements this past week.
- We stopped vendoring go dependencies in the repo.
- We updated te compliance profiles that ship with Automate.
- Corrected UI guards for the Add Condition, Create/Save Role buttons based on the
iam:projects:updatepermissions -
We removed
components/automate-chef-iowith documentation being now delivered via doc.chef.io- our docs are now here: https://docs.chef.io/automate/
- Added integration tests for data-feed service.
- Made improvements for the installation and operation of the Automate services.
- UI work is now in progress for the last 24h compliance reporting improvements.
Chef Infra Server
prajakta shared
Hello folks! This week we have been working on the following:
- Wrapping up the documentation for Chef Infra Server 14.
- Reviewing and integrating the update for supporting sig_v4.
- Removing rabbitmq from erchef and omnibus cookbooks
- Chef-Backend 2.2.0 is shipped. It has some minor improvements.
That is all for us
Chef Infra Client
tas50 shared
On the Chef Infra Client front we've got some great work done / in progress this last week
- Merged some massive performance improvements to chef-client and knife commands. @mwrockx has done some great digging to see how excessive requires were hurting us and you're doing to see 2x improvements in startup times for all platforms in 16.5
- We're continuing misc code cleanup through the project. Lots of spec tweaks and code shuffling to keep things fresh and maintainable
- @lamont continues to work on making remote Ohai a reality so we can have a first class remote Chef Infra experience
- Wrapping up work on the chef_config resource. This probably won't make it into 16.5 so expect that for 16.6
- chef_client_launch has been merged and tweaked to fully support client restarts when the config changes, which seems basic, but is actually hard on macOS
- The Ohai packages plugin now gathers data on macOS hosts as well
- We're prepping Chef Infra Client 16.5 for next week: https://github.com/chef/chef/blob/4301e5fac016cac58784b4218a76268b4b796ead/RELEASE_NOTES.md
Chef Inspec
schwad shared
Hello from InSpec!
We were hoping to have this release out the doors this week, but due to some unexpected workflow additions we’re now aiming to have 4.23.4 out for you on monday!
Here’s what you can expect in that release:
- There’s a new mechanism to mark inputs as sensitive: true , replacing their values with “*”
- A CLI option --no-diff to suppress Diff output for textual tests
- A CLI option --sort_results_by=none|control|file|random to control order of controls in output (not execution order)
- Disable caching of inputs with cache_inputs: true
- postgres_session now allows custom ports with postgres_session('username', 'password', 'host', 'port') (the default is 5432 )
- On some linux systems the output of ps could be truncated. This may happen when output widths are undefined. This truncation edge-case has been fixed.
Chef Workstation
tball shared
Clinton has been working to improve the concurrency issues with Test Kitchen, and that work is ongoing. Otherwise it has been bug fixes and improvement PR merging that will go out in the bi-weekly release next week.
Sous Chefs
ramereth shared
Hello from Sous Chefs!
nagios 9.0.0 has been released:
- Use multipackage installs to speed up installs
- Pin the Apache2 requirement at < 7.0 since 7.0+ is not compatible with this cookbook
- Remove some legacy and broken attribute gating that would prevent all attributes from being set on RHEL systems
- Remove the check for the legacy Pagerduty attribute at node['nagios']['pagerduty_key'] . This needs to be set at node['nagios']['pagerduty']['key' now
- Use node['nagios']['server']['dependencies'] attribute to set the packages to be installed in the source recipe
- Add support for Debian 10
- Create helpers library to better manage platform configuration
- Remove support for Debian 9 and Amazon Linux 2
- Update source build to nagios-4.4.6
- Ensure we install the cgis when building from source
- Remove allowed-ips suite as that should be tested with ChefSpec
- Switch to using php cookbook and fix nginx cookbook version
- Set sensitive for debconf-set-selections execute resource
- Remove support for Apache 2.2 (resolves #556)
Note, this release still uses the older apache2/nginx cookbooks but it at least gets us closer to getting it ready for that.
apache2 8.4.0 has been released:
- resolved cookstyle error: test/cookbooks/test/recipes/php.rb:1:1 refactor: ChefCorrectness/IncorrectLibraryInjection
- Allow override of package name and version in install resource
- Add tests for package name override
java 8.4.0 has been released: (thanks @freakinhippie )
- Add starttls property to java_certificate resource to allow fetching certificates from non HTTPS endpoints
In progress:
- keepalived: Chef 16 add provides to resources #119
- postgresql: Removes quotes around user in DROP ROLE IF EXISTS #661
- tomcat: tomcat_install refactoring #355
- redisio: Pull the disable_os_default recipe from the default one #430
Also, special thanks to @Robert Detjens for doing a major cleanup on selinux_policy ( https://github.com/chef-cookbooks/selinux_policy/pull/144 )
Cinc Updates
ramereth shared
Cinc Client:
- Awaiting review on PR to move dist implementation into chef-utils ( https://github.com/chef/chef/pull/9834 )
- Better inspec profile ( merged ) thanks @Tensibai !
Cinc Auditor:
Cinc Workstation:
- 20.9.136 has been released
- Continue working on updating/fixing our Windows builder so that we can finally have a build
Cinc Server:
- Current blocker: Unable to run cinc-server-ctl smoke tests inside Docker container ( issue )
- Use Virtualbox+Vagrant for testing ( MR )
Other updates:
- Deployed a Minio S3 instance and configured our gitlab-runners to use it for caching.
- This should speed up and improve our ability to build new releases eventually