Chef Infra, a powerful automation platform that transforms infrastructure into code automating how infrastructure is configured, deployed and managed across any environment, at any scale
Chef Infra Client now includes a new notify_group
feature that can be used to extract multiple common notifies out of individual resources to reduce duplicate code in your cookbooks and custom resources. Previously cookbook authors would often use a log
resource to achieve a similar outcome, but using the log resource results in unnecessary Chef Infra Client log output. The notify_group
method produces no additional logging, but fires all defined notifications when the :run
action is set.
Example notify_group that stops, sleeps, and then starts service when a service config is updated:
service "crude" do
action [ :enable, :start ]
end
chef_sleep "60" do
action :nothing
end
notify_group "crude_stop_and_start" do
notifies :stop, "service[crude]", :immediately
notifies :sleep, "chef_sleep[60]", :immediately
notifies :start, "service[crude]", :immediately
end
template "/etc/crude/crude.conf" do
source "crude.conf.erb"
variables node["crude"]
notifies :run, "notify_group[crude_stop_and_start]", :immediately
end
Chef InSpec has been updated from 4.18.39 to 4.18.85. This release includes a large number of bug fixes in addition to some great resource enhancements:
New helpers have been added to make writing cookbooks easier.
New helpers for checking platform versions have been added. These helpers return parsed version strings so there's no need to convert the returned values to Integers or Floats before comparing them. Additionally, comparisons with version objects properly understand the order of versions so 5.11
will compare as larger than 5.9
, whereas converting those values to Floats would result in 5.9
being larger than 5.11
.
windows_nt_version
returns the NT kernel version which often differs from Microsoft's marketing versions. This helper offers a good way to find desktop and server releases that are based on the same codebase. For example, NT 6.3 is both Windows 8.1 and Windows 2012 R2.powershell_version
returns the version of PowerShell installed on the system.platform_version
returns the value of node['platform_version'].Example comparison using windows_nt_version:
if windows_nt_version >= 10
some_modern_windows_things
end
The cloud helpers from chef-sugar have been ported to Chef Infra Client:
cloud?
- if the node is running in any cloud, including internal cloudsec2?
- if the node is running in ec2gce?
- if the node is running in gcerackspace?
- if the node is running in rackspaceeucalyptus?
- if the node is running under eucalyptuslinode?
- if the node is running in linodeopenstack?
- if the node is running under openstackazure?
- if the node is running in azuredigital_ocean?
- if the node is running in digital oceansoftlayer?
- if the node is running in softlayerThe virtualization helpers from chef-sugar have been ported to Chef Infra Client and extended with helpers to detect hypervisor hosts, physical, and guest systems.
kvm?
- if the node is a kvm guestkvm_host?
- if the node is a kvm hostlxc?
- if the node is an lxc guestlxc_host?
- if the node is an lxc hostparallels?
- if the node is a parallels guestparallels_host?
- if the node is a parallels hostvbox?
- if the node is a virtualbox guestvbox_host?
- if the node is a virtualbox hostvmware?
- if the node is a vmware guestvmware_host?
- if the node is a vmware hostopenvz?
- if the node is an openvz guestopenvz_host?
- if the node is an openvz hostguest?
- if the node is detected as any kind of guesthypervisor?
- if the node is detected as being any kind of hypervisorphysical?
- the node is not running as a guest (may be a hypervisor or may be bare-metal)vagrant?
- attempts to identify the node as a vagrant guest (this check may be error-prone)chef-sugar's include_recipe?
has been added to Chef Infra Client providing a simple way to see if a recipe has been included on a node already.
Example usage in a not_if conditional:
execute 'install my_app'
command '/tmp/my_app_install.sh'
not_if { include_recipe?('my_app::install') }
end
The ifconfig
resource now supports the newer ifconfig
release that ships in Debian 10.
The mac_user
resource, used when creating a user on Mac systems, has been improved to work better with macOS Catalina (10.15). The resource now properly looks up the numeric GID when creating a user, once again supports the system
property, and includes a new hidden
property which prevents the user from showing on the login screen. Thanks @chilcote for these fixes and improvements.
The sysctl
resource has been updated to allow the inclusion of descriptive comments. Comments may be passed as an array or as a string. Any comments provided are prefixed with '#' signs and precede the sysctl
setting in generated files.
An example:
sysctl 'vm.swappiness' do
value 10
comment [
"define how aggressively the kernel will swap memory pages.",
"Higher values will increase aggressiveness",
"lower values decrease the amount of swap.",
"A value of 0 instructs the kernel not to initiate swap",
"until the amount of free and file-backed pages is less",
"than the high water mark in a zone.",
"The default value is 60."
]
end
which results in /etc/sysctl.d/99-chef-vm.swappiness.conf
as follows:
# define how aggressively the kernel will swap memory pages.
# Higher values will increase aggressiveness
# lower values decrease the amount of swap.
# A value of 0 instructs the kernel not to initiate swap
# until the amount of free and file-backed pages is less
# than the high water mark in a zone.
# The default value is 60.
vm.swappiness = 10
Each binary in the macOS Chef Infra Client installation is now signed to improve the integrity of the installation and ensure compatibility with macOS Catalina security requirements.
The chocolatey_feature
resource allows you to enable and disable Chocolatey features. See the chocolatey_feature documentation for full usage information. Thanks @gep13 for this new resource.
The chocolatey_source
resource has been updated with new enable
and disable
actions, as well as admin_only
and allow_self_service
properties. Thanks @gep13 for this enhancement.
The launchd
resource has been updated with a new launch_events
property, which allows you to specify higher-level event types to be used as launch-on-demand event sources. Thanks @chilcote for this enhancement.
The yum_package
resource's helper for interacting with the yum subsystem has been updated to always close out the rpmdb lock, even during failures. This may prevent the rpmdb becoming locked in some rare conditions. Thanks for reporting this issue, @lytao.
The template
resource now provides additional information on failures, which is especially useful in ChefSpec tests. Thanks @brodock for this enhancement.
Our experimental Target Mode received a large number of updates in Chef Infra Client 15.1. Target Mode now reuses the connection to the remote system, which greatly speeds up the remote Chef Infra run. There is also now support for Target Mode in the systemd_unit
, log
, ruby_block
, and breakpoint
resources. Keep in mind that when using ruby_block
with Target Mode that the Ruby code in the block will execute locally as there is not necessarily a Ruby runtime on the remote host.
Ohai has been updated to 15.1 with the following changes:
Shard
plugin properly uses the machine's machinename
, serial
, and uuid
attributes to generate the shard value. The plugin also no longer throws an exception on macOS hosts. Thanks @michel-slm for these fixes.Virtualbox
plugin has been enhanced to gather information on running guests, storage, and networks when VirtualBox is installed on a node. Thanks @freakinhippie for this new capability.Chef InSpec has been updated from 4.3.2 to 4.6.4 with the following changes:
Attributes
have now been renamed to Inputs
to avoid confusion with Chef Infra attributes.Input
has been added for defining new input types. See the InSpec Plugins documentation for more information on writing these plugins.--format json
.Update to release CVE-2015-1793