-- via my feedly.com reader
Hola Chefs! ChefDK 0.7.0 is now out and ready for consumption at our downloads page. We have numerous features, updates and bug fixes for all of you. To highlight, we have:
- a new environment variable
CHEFDK_HOMEthat points to cookbook and gem caches.
- the latest patched SSL CA certificate bundle.
show-policy, a new command to describe the state of your Policyfiles on the server.
- multiple default sources in Policyfile.
- an option to
chef exportpolicy data into a tar-ball and
- Powershell wrappers to ameliorate double/triple quoting issues.
- signed ChefDK MSIs on windows for added safety.
- updated dependencies:
Delightful First-use Experience
We have made a number of updates that allow you to install ChefDK and start cheffing right away.
CHEFDK_HOME environment variable
All ChefDK commands that cache cookbooks, gems and other items now look for them in this location. By default, this is in
%LOCALAPPDATA%\chefdk on Windows and
~/.chefdkotherwise. On Windows, you can also request the MSI installer to fix your environment for you by exporting a default
%HOME% environment variable when launching commands. Both these changes ameliorate bad side-effects from using network mounted home drives that may not always exist.
SSL CA certificate bundle update
We now use Mozilla's root certificates from 2015-04-22. We manually allow one older RSA 1024 bit key for Verisign that is still being used in the trust chain for a number of websites including Amazon S3 – so you can still access those locations through various chef tools.
List Policies on a Chef Server
chef show-policy command describes the state of Policyfiles on your Chef Server. With no arguments, it shows all policies, like this:
</p> <h1>aar</h1> <ul> <li>dev: 95040c1993</li> <li>production: 95040c1993</li> <li>staging: 37f9b658cd</li> </ul> <h1>jenkins</h1> <ul> <li>dev: fcb73eccac</li> <li>production: <em>NOT APPLIED</em></li> <li>staging: <em>NOT APPLIED</em>
chef show-policy aar. Adding a policy group will show the current revision of the policy applied to that policy group – for example
chef show-policy aar production.
Multiple Default Sources in Policyfiles
You can now have multiple default sources in your Policyfiles, so long as none of the cookbooks in those sources conflict with each other. This allows you to specify both supermarket and your local Chef Repo as sources, and Chef will automatically pull cookbooks from both as needed. For example, in my demo project I have:
name &quot;jenkins&quot; default<em>source :supermarket default</em>source :chef<em>repo, &quot;cookbooks&quot; run</em>list &quot;apt&quot;, &quot;java&quot;, &quot;jenkins::master&quot;, &quot;recipe[policyfile_demo]&quot;
policyfile_democookbook is sourced from the cookbook repo, while the
jenkinscookbooks (and their dependencies) are sourced from the supermarket.
Exporting Packaged Policies
ChefDK now makes it easier to use Policyfiles in secure environments with restricted networks by packaging an entire policy and later uploading the packaged policy to a Chef Server in the secured environment.
To create a packaged policy, simply add the
-a flag to
chef export – e.g.,
chef export -a .. This will package up all the cookbooks and policy data into a tarball, which you can then move into the secured environment. From there, you can run the new
chef push-archive command to upload the policy to your Chef Server.
There is now an optional feature in the msi that you can enable during the installation of ChefDK that deploys a Powershell module alongside the rest of your installation (usually at
C:\opscode\chefdk\modules\). This location will also be appended to your
PSModulePath environment variable. You may activate it by running the following from any Powershell session
The module exports a number of cmdlets that have the same name as the Chef command line utilities that you already use – such as
chef-apply. What they provide is the ability to cleanly pass quoted argument strings from your Powershell command line without the need for excessive double-quoting. See chef#3026 or chef#1687for an examples.
Previously you would have needed
knife exec -E 'puts ARGV' """&s0meth1ng""" knife node run_list set test-node '''role[ssssssomething]'''
knife exec -E 'puts ARGV' '&s0meth1ng' knife node run_list set test-node 'role[ssssssomething]'
ChefDK MSIs are now signed using a code-signing cert. This should allow for simpler and faster installation of ChefDK in a secure manner. (Note: the SmartScreen filter on Windows, and other similar filters, may still initially report a warning message about the file not being commonly downloaded – this is normal, and does not mean that the package is unsecure. It takes time for the reputation algorithm to gain confidence in our cert).