Sunday, February 22, 2015

Chef Server 12.0.4 Released [feedly]

Chef Server 12.0.4 Released
// Chef Blog

Today we released Chef Server 12.0.4. This release includes cookbook caching, continued development of the key rotation feature, and some LDAP improvements.

Cookbook Caching

Cookbook caching lets you serve up cookbook resources to Chef clients faster by keeping those resources cached by more efficient servers. This feature is off by default, but can be enabled. See this blog post for the full low-down on cookbook caching.

Continued Key Rotation Work

Key rotation is a feature that is still under development. With the last Chef Server release, we implemented basic key rotation support via chef-server-ctl with the promise that API support was coming soon. We have implemented the first endpoint of the API in this release, with more to come in releases scheduled for the near future.

GET Me Some Keys

A GET to the Chef Server endpoints, /organizations/ORGNAME/clients/CLIENTNAME/keys or /users/USERNAME/keys, will return a list of keys for a client or user, respectively.

If you haven't used the key rotation chef-server-ctl commands, for now, this will simply return the default key for a client or user. The same key is still returned via GET to the users and clients endpoints.

Key Rotation Is Still A Feature In Progress

While we are finishing up the rest of the API, we recommend you continue to manage your keys via the users and clients endpoints as is done traditionally. However, if you can't wait to get started with rotating, we recommend you do not delete the default key for now.

See the docs for additional information on key rotation.

LDAP Improvements

Brian Felton added support for filtering LDAP users by group membership. To restrict Chef logins to members of a particular group, use the ldap['group_dn'] configuration option in /etc/opscode/chef-server.rb to specify the DN of the group. This feature filters based on the memberOf attribute and only works with LDAP servers that provide such an attribute.

A number of other LDAP bugs have also been fixed. Check the release notes for details.


Shared via my feedly reader

Sent from my iPhone

No comments:

Post a Comment