https://www.chef.io/blog/2015/08/17/chefdk-0-7-0-released/
-- via my feedly.com reader
Hola Chefs! ChefDK 0.7.0 is now out and ready for consumption at our downloads page. We have numerous features, updates and bug fixes for all of you. To highlight, we have:
- a new environment variable
CHEFDK_HOME
that points to cookbook and gem caches. - the latest patched SSL CA certificate bundle.
- chef
show-policy
, a new command to describe the state of your Policyfiles on the server. - multiple default sources in Policyfile.
- an option to
chef export
policy data into a tar-ball andchef push-archive
them. - Powershell wrappers to ameliorate double/triple quoting issues.
- signed ChefDK MSIs on windows for added safety.
- updated dependencies:
chef-12.4.1
ohai-8.5.1
chef-provisioning-1.3.0
chef-provisioning-vagrant-0.9.0
chef-provisioning-aws-1.3.1
cheffish-1.3.1
chefspec-4.3.0
knife-windows-0.8.6
winrm-transport-1.0.2
Delightful First-use Experience
We have made a number of updates that allow you to install ChefDK and start cheffing right away.
CHEFDK_HOME
environment variable
All ChefDK commands that cache cookbooks, gems and other items now look for them in this location. By default, this is in %LOCALAPPDATA%\chefdk
on Windows and ~/.chefdk
otherwise. On Windows, you can also request the MSI installer to fix your environment for you by exporting a default %HOME%
environment variable when launching commands. Both these changes ameliorate bad side-effects from using network mounted home drives that may not always exist.
SSL CA certificate bundle update
We now use Mozilla's root certificates from 2015-04-22. We manually allow one older RSA 1024 bit key for Verisign that is still being used in the trust chain for a number of websites including Amazon S3 – so you can still access those locations through various chef tools.
Policyfile Improvements
List Policies on a Chef Server
The chef show-policy
command describes the state of Policyfiles on your Chef Server. With no arguments, it shows all policies, like this:
</p> <h1>aar</h1> <ul> <li>dev: 95040c1993</li> <li>production: 95040c1993</li> <li>staging: 37f9b658cd</li> </ul> <h1>jenkins</h1> <ul> <li>dev: fcb73eccac</li> <li>production: <em>NOT APPLIED</em></li> <li>staging: <em>NOT APPLIED</em>
chef show-policy aar
. Adding a policy group will show the current revision of the policy applied to that policy group – for example chef show-policy aar production
.Multiple Default Sources in Policyfiles
You can now have multiple default sources in your Policyfiles, so long as none of the cookbooks in those sources conflict with each other. This allows you to specify both supermarket and your local Chef Repo as sources, and Chef will automatically pull cookbooks from both as needed. For example, in my demo project I have:
name &quot;jenkins&quot; default<em>source :supermarket default</em>source :chef<em>repo, &quot;cookbooks&quot; run</em>list &quot;apt&quot;, &quot;java&quot;, &quot;jenkins::master&quot;, &quot;recipe[policyfile_demo]&quot;
policyfile_demo
cookbook is sourced from the cookbook repo, while the apt
, java
, and jenkins
cookbooks (and their dependencies) are sourced from the supermarket.Exporting Packaged Policies
ChefDK now makes it easier to use Policyfiles in secure environments with restricted networks by packaging an entire policy and later uploading the packaged policy to a Chef Server in the secured environment.
To create a packaged policy, simply add the -a
flag to chef export
– e.g., chef export -a .
. This will package up all the cookbooks and policy data into a tarball, which you can then move into the secured environment. From there, you can run the new chef push-archive
command to upload the policy to your Chef Server.
Windows Improvements
Powershell wrappers
There is now an optional feature in the msi that you can enable during the installation of ChefDK that deploys a Powershell module alongside the rest of your installation (usually at C:\opscode\chefdk\modules\
). This location will also be appended to your PSModulePath
environment variable. You may activate it by running the following from any Powershell session
Import-Module chef
~\Documents\WindowsPowerShell\Microsoft.PowerShell_profile.ps1
The module exports a number of cmdlets that have the same name as the Chef command line utilities that you already use – such as chef-client
, knife
and chef-apply
. What they provide is the ability to cleanly pass quoted argument strings from your Powershell command line without the need for excessive double-quoting. See chef#3026 or chef#1687for an examples.
Previously you would have needed
knife exec -E 'puts ARGV' """&s0meth1ng""" knife node run_list set test-node '''role[ssssssomething]'''
knife exec -E 'puts ARGV' '&s0meth1ng' knife node run_list set test-node 'role[ssssssomething]'
Remove-Module chef
Signed MSIs
ChefDK MSIs are now signed using a code-signing cert. This should allow for simpler and faster installation of ChefDK in a secure manner. (Note: the SmartScreen filter on Windows, and other similar filters, may still initially report a warning message about the file not being commonly downloaded – this is normal, and does not mean that the package is unsecure. It takes time for the reputation algorithm to gain confidence in our cert).
No comments:
Post a Comment