We’ve got a candidate package of the ChefDK version 0.10.0 ready that we would love for people to use and give feedback on. You can see the full changelog in the pull request but I’ve copied it below for friendliness.
To install this build of the ChefDK you will need to download it from our
current channel by following these instructions. The build will still have a version of
0.9.0 because the PR containing the version change hasn’t been merged yet, but it contains all the code changes for
Release notes (from RELEASE_NOTES.md):
ChefDK 0.10.0 Release notes
- knife-windows - updated to 1.1.1 (see below)
- chef-provisioning - updated to 1.5.0
- chef-provisioning-aws - updated to 1.6.0
This release of the ChefDK ships with Knife-Windows 1.1.1 and marks the first v1 release to be bundled with ChefDK. Full details of features included in both 1.0.0 and 1.1.0 can be found in the release notes here:
For those who make use of Knife-Windows in your day to day Chef development workflow, here are the breaking changes and highlights:
Negotiateis the default authentication protocol - Prior to this release, the default authentication protocol depended on the format of the
basicauthentication protocol would be assumed unless that option had the format
domain\user. To revert to the behavior of previous releases or otherwise force knife-windows to use a specific authentication protocol such as
basic, use the
- Default WinRM port depends on the transport - The default port is still 5985 for non-ssl connections, but now defaults to 5986 if you’re using ssl.
- Kerberos Keytab short option is now
-Tto fix a conflict with the
Making it easier to setup WinRM over SSL
Setting up WinRM communication over SSL can be far from straight forward. Certificates need to be configured on both ends, firewall rules must be added and a WinRM listener has to be created. This Knife-Windows release adds some new
knife commands to help automate these tasks:
knife windows cert generategenerates a certificate and related public key file for use in configuring a WinRM listener and validating communication
knife windows cert installinstalls a certificate such as one generated by the
cert generatesubcommand into the Windows certificate store
knife windows listener createcreates a WinRM SSL listener on a Windows system
Validating WinRM Configuration
A new subcommand:
knife wsman test verifies winrm functionality on a remote system.
New Bootstrap Options
--hintcreates Ohai hints on bootstrap
--bootstrap-install-commandallows an alternate command to be used to install Chef Client
--install-as-servicewill have Chef Client be installed as a Windows service on bootstrap
--msi_urlprovides an alternate URL to the Chef Client installation package
Look mom, no validator! Thats right - as seen in the core chef client first, this is now possible in
knife windows bootstrap as well.
Proxy support for WinRM
knife winrm and
knife bootstrap windows winrm subcommands now honor the proxy server configured via the
http_proxy setting in knife.rb for WinRM traffic.
chef generate commands now default to using Berksfile instead of Policyfile
In ChefDK 0.9.0, we changed the defaults for
chef generate cookbook to create Policyfiles instead of Berksfiles. Our training materials and tutorials were not updated to account for this change, so we’ve changed the behavior back. You can still generate cookbooks with Policyfiles by passing the
-P option to
chef generate cookbook.
Additionally, you can generate a Chef repo with appropriate directories for Policyfiles by running
chef generate repo -P.