Skip to content

Latest commit

 

History

History
150 lines (101 loc) · 6.29 KB

RELEASE_NOTES.md

File metadata and controls

150 lines (101 loc) · 6.29 KB
Raw

This file holds "in progress" release notes for the current release under development and is intended for consumption by the Chef Documentation team. Please see https://docs.chef.io/release_notes.html for the official Chef release notes.

Chef Client Release Notes 12.19:

Highlighted enhancements for this release:

  • Systemd unit files are now verified before being installed.
  • Added support for windows alternate user identity in execute resources.
  • Added ed25519 key support for for ssh connections.

Windows alternate user identity execute support

The execute resource and similar resources such as script, batch, and powershell_script now support the specification of credentials on Windows so that the resulting process is created with the security identity that corresponds to those credentials.

Note: When Chef is running as a service, this feature requires that the user that Chef runs as has 'SeAssignPrimaryTokenPrivilege' (aka 'SE_ASSIGNPRIMARYTOKEN_NAME') user right. By default only LocalSystem and NetworkService have this right when running as a service. This is necessary even if the user is an Administrator.

This right bacn be added and checked in a recipe using this example:

# Add 'SeAssignPrimaryTokenPrivilege' for the user
Chef::ReservedNames::Win32::Security.add_account_right('<user>', 'SeAssignPrimaryTokenPrivilege')

# Check if the user has 'SeAssignPrimaryTokenPrivilege' rights
Chef::ReservedNames::Win32::Security.get_account_right('<user>').include?('SeAssignPrimaryTokenPrivilege')

Properties

The following properties are new or updated for the execute, script, batch, and powershell_script resources and any resources derived from them:

  • user
    Ruby types: String
    The user name of the user identity with which to launch the new process. Default value: nil. The user name may optionally be specified with a domain, i.e. domain\user or [email protected] via Universal Principal Name (UPN) format. It can also be specified without a domain simply as user if the domain is instead specified using the domain attribute. On Windows only, if this property is specified, the password property must be specified.

  • password
    Ruby types String
    Windows only: The password of the user specified by the user property. Default value: nil. This property is mandatory if user is specified on Windows and may only be specified if user is specified. The sensitive property for this resource will automatically be set to true if password is specified.

  • domain
    Ruby types String
    Windows only: The domain of the user user specified by the user property. Default value: nil. If not specified, the user name and password specified by the user and password properties will be used to resolve that user against the domain in which the system running Chef client is joined, or if that system is not joined to a domain it will resolve the user as a local account on that system. An alternative way to specify the domain is to leave this property unspecified and specify the domain as part of the user property.

Usage

The following examples explain how alternate user identity properties can be used in the execute resources:

powershell_script 'create powershell-test file' do
  code <<-EOH
  $stream = [System.IO.StreamWriter] "#{Chef::Config[:file_cache_path]}/powershell-test.txt"
  $stream.WriteLine("In #{Chef::Config[:file_cache_path]}...word.")
  $stream.close()
  EOH
  user 'username'
  password 'password'
end

execute 'mkdir test_dir' do
  cwd Chef::Config[:file_cache_path]
  domain "domain-name"
  user "user"
  password "password"
end

script 'create test_dir' do
  interpreter "bash"
  code  "mkdir test_dir"
  cwd Chef::Config[:file_cache_path]
  user "domain-name\\username"
  password "password"
end

batch 'create test_dir' do
  code "mkdir test_dir"
  cwd Chef::Config[:file_cache_path]
  user "username@domain-name"
  password "password"
end

Highlighted bug fixes for this release:

  • Ensure that the Windows Administrator group can access the chef-solo nodes directory
  • When loading a cookbook in Chef Solo, use metadata.json in preference to metadata.rb

Deprecation Notice

  • As of version 12.19, chef client will no longer be build or tested on the Cisco NX-OS and IOS XR platforms.

Ohai Release Notes 8.23:

Cumulus Linux Platform

Cumulus Linux will now be detected as platform cumulus instead of debian and the platform_version will be properly set to the Cumulus Linux release.

Virtualization Detection

Windows / Linux / BSD guests running on the Veertu hypervisors will now be detected

Windows guests running on Xen and Hyper-V hypervisors will now be detected

New Sysconf Plugin

A new plugin parses the output of the sysconf command to provide information on the underlying system.

AWS Account ID

The EC2 plugin now fetches the AWS Account ID in addition to previous instance metadata

GCC Detection

GCC detection has been improved to collect additional information, and to not prompt for the installation of Xcode on macOS systems

New deprecations introduced in this release:

Ohai::Config removed

sigar gem based plugins removed

run_command and popen4 helper methods removed

libvirt plugin attributes moved

Windows CPU plugin attribute changes

DigitalOcean plugin attribute changes