Chef Server 12.0.4 Released
// Chef Blog
Today we released Chef Server 12.0.4. This release includes cookbook caching, continued development of the key rotation feature, and some LDAP improvements.
Cookbook caching lets you serve up cookbook resources to Chef clients faster by keeping those resources cached by more efficient servers. This feature is off by default, but can be enabled. See this blog post for the full low-down on cookbook caching.
Continued Key Rotation Work
Key rotation is a feature that is still under development. With the last Chef Server release, we implemented basic key rotation support via
chef-server-ctl with the promise that API support was coming soon. We have implemented the first endpoint of the API in this release, with more to come in releases scheduled for the near future.
GET Me Some Keys
GET to the Chef Server endpoints,
/users/USERNAME/keys, will return a list of keys for a client or user, respectively.
If you haven't used the key rotation
chef-server-ctl commands, for now, this will simply return the
default key for a client or user. The same key is still returned via
GET to the users and clients endpoints.
Key Rotation Is Still A Feature In Progress
While we are finishing up the rest of the API, we recommend you continue to manage your keys via the users and clients endpoints as is done traditionally. However, if you can't wait to get started with rotating, we recommend you do not delete the
default key for now.
See the docs for additional information on key rotation.
Brian Felton added support for filtering LDAP users by group membership. To restrict Chef logins to members of a particular group, use the
ldap['group_dn'] configuration option in
/etc/opscode/chef-server.rb to specify the DN of the group. This feature filters based on the
memberOf attribute and only works with LDAP servers that provide such an attribute.
A number of other LDAP bugs have also been fixed. Check the release notes for details.
Shared via my feedly reader
Sent from my iPhone
Post a Comment