diff options
author | Lamont Granquist <lamont@scriptkiddie.org> | 2017-02-24 17:04:22 -0800 |
---|---|---|
committer | Lamont Granquist <lamont@scriptkiddie.org> | 2017-02-28 11:19:48 -0800 |
commit | 83ea603889231310af768b0689a677f56d1dd448 (patch) | |
tree | a3dc95806feb2380a779720ac8313f05e219bd20 | |
parent | 81db0e0cfc218169a70a8178f83c567b467d2e6c (diff) | |
download | chef-83ea603889231310af768b0689a677f56d1dd448.tar.gz |
start Chef-13 RELEASE_NOTES
Signed-off-by: Lamont Granquist <lamont@scriptkiddie.org>
-rw-r--r-- | RELEASE_NOTES.md | 150 |
1 files changed, 8 insertions, 142 deletions
diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md index 7d990d9fe7..057068bcca 100644 --- a/RELEASE_NOTES.md +++ b/RELEASE_NOTES.md @@ -1,150 +1,16 @@ _This file holds "in progress" release notes for the current release under development and is intended for consumption by the Chef Documentation team. Please see <https://docs.chef.io/release_notes.html> for the official Chef release notes._ -# Chef Client Release Notes 12.19: +# Chef Client Release Notes 13.0: -## Highlighted enhancements for this release: +## Back Compat Breaks -- Systemd unit files are now verified before being installed. -- Added support for windows alternate user identity in execute resources. -- Added ed25519 key support for for ssh connections. +### The path property of the execute resource has been removed -### Windows alternate user identity execute support +It was never implemented in the provider, so it was always a no-op to use it, the remediation is +to simply delete it. -The `execute` resource and similar resources such as `script`, `batch`, and `powershell_script` now support the specification of credentials on Windows so that the resulting process is created with the security identity that corresponds to those credentials. +### Using the command property on the script resource (and bash and all other resources that inherit from script) is now a hard error -**Note**: When Chef is running as a service, this feature requires that the user that Chef runs as has 'SeAssignPrimaryTokenPrivilege' (aka 'SE_ASSIGNPRIMARYTOKEN_NAME') user right. By default only LocalSystem and NetworkService have this right when running as a service. This is necessary even if the user is an Administrator. +This was always a usage mistake. The command property was used internally by the script resource and was not intended to be exposed +to users. Users should use the code property instead (or use the command property on an execute resource to execute a single command). -This right bacn be added and checked in a recipe using this example: - -```ruby -# Add 'SeAssignPrimaryTokenPrivilege' for the user -Chef::ReservedNames::Win32::Security.add_account_right('<user>', 'SeAssignPrimaryTokenPrivilege') - -# Check if the user has 'SeAssignPrimaryTokenPrivilege' rights -Chef::ReservedNames::Win32::Security.get_account_right('<user>').include?('SeAssignPrimaryTokenPrivilege') -``` - -#### Properties - -The following properties are new or updated for the `execute`, `script`, `batch`, and `powershell_script` resources and any resources derived from them: - -- `user`<br> - **Ruby types:** String<br> - The user name of the user identity with which to launch the new process. Default value: `nil`. The user name may optionally be specified with a domain, i.e. `domain\user` or `user@my.dns.domain.com` via Universal Principal Name (UPN) format. It can also be specified without a domain simply as `user` if the domain is instead specified using the `domain` attribute. On Windows only, if this property is specified, the `password` property **must** be specified. - -- `password`<br> - **Ruby types** String<br> - _Windows only:_ The password of the user specified by the `user` property. Default value: `nil`. This property is mandatory if `user` is specified on Windows and may only be specified if `user` is specified. The `sensitive` property for this resource will automatically be set to `true` if `password` is specified. - -- `domain`<br> - **Ruby types** String<br> - _Windows only:_ The domain of the user user specified by the `user` property. Default value: `nil`. If not specified, the user name and password specified by the `user` and `password` properties will be used to resolve that user against the domain in which the system running Chef client is joined, or if that system is not joined to a domain it will resolve the user as a local account on that system. An alternative way to specify the domain is to leave this property unspecified and specify the domain as part of the `user` property. - -#### Usage - -The following examples explain how alternate user identity properties can be used in the execute resources: - -```ruby -powershell_script 'create powershell-test file' do - code <<-EOH - $stream = [System.IO.StreamWriter] "#{Chef::Config[:file_cache_path]}/powershell-test.txt" - $stream.WriteLine("In #{Chef::Config[:file_cache_path]}...word.") - $stream.close() - EOH - user 'username' - password 'password' -end - -execute 'mkdir test_dir' do - cwd Chef::Config[:file_cache_path] - domain "domain-name" - user "user" - password "password" -end - -script 'create test_dir' do - interpreter "bash" - code "mkdir test_dir" - cwd Chef::Config[:file_cache_path] - user "domain-name\\username" - password "password" -end - -batch 'create test_dir' do - code "mkdir test_dir" - cwd Chef::Config[:file_cache_path] - user "username@domain-name" - password "password" -end -``` - -## Highlighted bug fixes for this release: - -- Ensure that the Windows Administrator group can access the chef-solo nodes directory -- When loading a cookbook in Chef Solo, use `metadata.json` in preference to `metadata.rb` - -## Deprecation Notice - -- As of version 12.19, chef client will no longer be build or tested on the Cisco NX-OS and IOS XR platforms. - -# Ohai Release Notes 8.23: - -## Cumulus Linux Platform - -Cumulus Linux will now be detected as platform `cumulus` instead of `debian` and the `platform_version` will be properly set to the Cumulus Linux release. - -## Virtualization Detection - -Windows / Linux / BSD guests running on the Veertu hypervisors will now be detected - -Windows guests running on Xen and Hyper-V hypervisors will now be detected - -## New Sysconf Plugin - -A new plugin parses the output of the sysconf command to provide information on the underlying system. - -## AWS Account ID - -The EC2 plugin now fetches the AWS Account ID in addition to previous instance metadata - -## GCC Detection - -GCC detection has been improved to collect additional information, and to not prompt for the installation of Xcode on macOS systems - -## New deprecations introduced in this release: - -### Ohai::Config removed - -- **Deprecation ID**: OHAI-1 -- **Remediation Docs**: <https://docs.chef.io/deprecations_ohai_legacy_config.html> -- **Expected Removal**: Ohai 13 (April 2017) - -### sigar gem based plugins removed - -- **Deprecation ID**: OHAI-2 -- **Remediation Docs**: <https://docs.chef.io/deprecations_ohai_sigar_plugins.html> -- **Expected Removal**: Ohai 13 (April 2017) - -### run_command and popen4 helper methods removed - -- **Deprecation ID**: OHAI-3 -- **Remediation Docs**: <https://docs.chef.io/deprecations_ohai_run_command_helpers.html> -- **Expected Removal**: Ohai 13 (April 2017) - -### libvirt plugin attributes moved - -- **Deprecation ID**: OHAI-4 -- **Remediation Docs**: <https://docs.chef.io/deprecations_ohai_libvirt_plugin.html> -- **Expected Removal**: Ohai 13 (April 2017) - -### Windows CPU plugin attribute changes - -- **Deprecation ID**: OHAI-5 -- **Remediation Docs**: <https://docs.chef.io/deprecations_ohai_windows_cpu.html> -- **Expected Removal**: Ohai 13 (April 2017) - -### DigitalOcean plugin attribute changes - -- **Deprecation ID**: OHAI-6 -- **Remediation Docs**: <https://docs.chef.io/deprecations_ohai_digitalocean.html> -- **Expected Removal**: Ohai 13 (April 2017) |