----
Chef Server 12.0.4 Released
// Chef Blog
Today we released Chef Server 12.0.4. This release includes cookbook caching, continued development of the key rotation feature, and some LDAP improvements.
Cookbook Caching
Cookbook caching lets you serve up cookbook resources to Chef clients faster by keeping those resources cached by more efficient servers. This feature is off by default, but can be enabled. See this blog post for the full low-down on cookbook caching.
Continued Key Rotation Work
Key rotation is a feature that is still under development. With the last Chef Server release, we implemented basic key rotation support via chef-server-ctl
with the promise that API support was coming soon. We have implemented the first endpoint of the API in this release, with more to come in releases scheduled for the near future.
GET Me Some Keys
A GET
to the Chef Server endpoints, /organizations/ORGNAME/clients/CLIENTNAME/keys
or /users/USERNAME/keys
, will return a list of keys for a client or user, respectively.
If you haven't used the key rotation chef-server-ctl
commands, for now, this will simply return the default
key for a client or user. The same key is still returned via GET
to the users and clients endpoints.
Key Rotation Is Still A Feature In Progress
While we are finishing up the rest of the API, we recommend you continue to manage your keys via the users and clients endpoints as is done traditionally. However, if you can't wait to get started with rotating, we recommend you do not delete the default
key for now.
See the docs for additional information on key rotation.
LDAP Improvements
Brian Felton added support for filtering LDAP users by group membership. To restrict Chef logins to members of a particular group, use the ldap['group_dn']
configuration option in /etc/opscode/chef-server.rb
to specify the DN of the group. This feature filters based on the memberOf
attribute and only works with LDAP servers that provide such an attribute.
A number of other LDAP bugs have also been fixed. Check the release notes for details.
----
Shared via my feedly reader
Sent from my iPhone
No comments:
Post a Comment