diff options
| -rw-r--r-- | CHANGELOG.md | 1 | ||||
| -rw-r--r-- | DOC_CHANGES.md | 12 | ||||
| -rw-r--r-- | RELEASE_NOTES.md | 5 |
3 files changed, 18 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 06c4b606aa..8b7a2f352b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -141,6 +141,7 @@ * Add homebrew provider for package resource, use it by default on OS X (Issue #1709) * Add escape_glob method to PathHelper, update glob operations. * Verify x509 properties of certificates in the :trusted_certs_dir during knife ssl check. +* Disable unforked interval chef-client runs. ## Last Release: 11.14.2 diff --git a/DOC_CHANGES.md b/DOC_CHANGES.md index b79e06b4fc..357e9438c4 100644 --- a/DOC_CHANGES.md +++ b/DOC_CHANGES.md @@ -182,6 +182,18 @@ $ knife search node "platform:ubuntu" --filter-result "c_version:languages.c.gcc $ ``` +## Unforked interval chef-client runs are disabled +It is now explicitly prohibited to run the chef-client and chef-solo applications at intervals without forking. +These commands will fail immediately +```bash +chef-client --daemonize --no-fork +chef-solo --interval 1800 --no-fork +chef-client --daemonize --interval 0 --no-fork +``` +You can provide the `--interval` and `--daemonize` flags in conjunction with `--no-fork` if the `--once` flag +is also given. However `--once` overrides all `--interval` and `--splay` settings to run `chef-client` once +then exits. + # `knife ssl check` will verify X509 properties of your trusted certificates When you run `knife ssl check URL (options)` knife will verify if the certificate files, with extensions `*.crt` and `*.pem` diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md index 12e0351623..e9ce2d93a1 100644 --- a/RELEASE_NOTES.md +++ b/RELEASE_NOTES.md @@ -271,3 +271,8 @@ config setting and always set to VERIFY_NONE. by the given Hash. This works analogously to the partial_search method from the [partial_search cookbook](https://supermarket.getchef.com/cookbooks/partial_search), with `:filter_result` replacing `:keys`. You can also filter `knife search` results by supplying the `--filter-result` or `-f` option and a comma-separated string representation of the filter hash. + +## Unforked chef-client interval runs are disabled. +We no longer allow unforked interval runs of `chef-client`. CLI arguments with flag combinations `--interval SEC --no-fork` or +`--daemonize --no-fork` will fail immediately. You can supply the `--once` flag so that chef-client will execute once +in the current process and exit. |