diff options
Diffstat (limited to 'RELEASE_NOTES.md')
-rw-r--r-- | RELEASE_NOTES.md | 153 |
1 files changed, 27 insertions, 126 deletions
diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md index 7d990d9fe7..f58c2f0950 100644 --- a/RELEASE_NOTES.md +++ b/RELEASE_NOTES.md @@ -1,150 +1,51 @@ _This file holds "in progress" release notes for the current release under development and is intended for consumption by the Chef Documentation team. Please see <https://docs.chef.io/release_notes.html> for the official Chef release notes._ -# Chef Client Release Notes 12.19: +# Chef Client Release Notes 13.0: -## Highlighted enhancements for this release: +## Back Compat Breaks -- Systemd unit files are now verified before being installed. -- Added support for windows alternate user identity in execute resources. -- Added ed25519 key support for for ssh connections. +### The path property of the execute resource has been removed -### Windows alternate user identity execute support +It was never implemented in the provider, so it was always a no-op to use it, the remediation is +to simply delete it. -The `execute` resource and similar resources such as `script`, `batch`, and `powershell_script` now support the specification of credentials on Windows so that the resulting process is created with the security identity that corresponds to those credentials. +### Using the command property on any script resource (including bash, etc) is now a hard error -**Note**: When Chef is running as a service, this feature requires that the user that Chef runs as has 'SeAssignPrimaryTokenPrivilege' (aka 'SE_ASSIGNPRIMARYTOKEN_NAME') user right. By default only LocalSystem and NetworkService have this right when running as a service. This is necessary even if the user is an Administrator. +This was always a usage mistake. The command property was used internally by the script resource and was not intended to be exposed +to users. Users should use the code property instead (or use the command property on an execute resource to execute a single command). -This right bacn be added and checked in a recipe using this example: +### Omitting the code property on any script resource (including bash, etc) is now a hard error -```ruby -# Add 'SeAssignPrimaryTokenPrivilege' for the user -Chef::ReservedNames::Win32::Security.add_account_right('<user>', 'SeAssignPrimaryTokenPrivilege') +It is possible that this was being used as a no-op resource, but the log resource is a better choice for that until we get a null +resource added. Omitting the code property or mixing up the code property with the command property are also common usage mistakes +that we need to catch and error on. -# Check if the user has 'SeAssignPrimaryTokenPrivilege' rights -Chef::ReservedNames::Win32::Security.get_account_right('<user>').include?('SeAssignPrimaryTokenPrivilege') -``` +### The chef_gem resource defaults to not run at compile time -#### Properties +The `compile_time true` flag may still be used to force compile time. -The following properties are new or updated for the `execute`, `script`, `batch`, and `powershell_script` resources and any resources derived from them: +### The Chef::Config[:chef_gem_compile_time] config option has been removed -- `user`<br> - **Ruby types:** String<br> - The user name of the user identity with which to launch the new process. Default value: `nil`. The user name may optionally be specified with a domain, i.e. `domain\user` or `user@my.dns.domain.com` via Universal Principal Name (UPN) format. It can also be specified without a domain simply as `user` if the domain is instead specified using the `domain` attribute. On Windows only, if this property is specified, the `password` property **must** be specified. +In order to for community cookbooks to behave consistently across all users this optional flag has been removed. -- `password`<br> - **Ruby types** String<br> - _Windows only:_ The password of the user specified by the `user` property. Default value: `nil`. This property is mandatory if `user` is specified on Windows and may only be specified if `user` is specified. The `sensitive` property for this resource will automatically be set to `true` if `password` is specified. +### The `supports[:manage_home]` and `supports[:non_unique]` API has been removed from all user providers -- `domain`<br> - **Ruby types** String<br> - _Windows only:_ The domain of the user user specified by the `user` property. Default value: `nil`. If not specified, the user name and password specified by the `user` and `password` properties will be used to resolve that user against the domain in which the system running Chef client is joined, or if that system is not joined to a domain it will resolve the user as a local account on that system. An alternative way to specify the domain is to leave this property unspecified and specify the domain as part of the `user` property. +The remediation is to set the manage_home and non_unique properties directly. -#### Usage +### Using relative paths in the `creates` property of an execute resource with specifying a `cwd` is now a hard error -The following examples explain how alternate user identity properties can be used in the execute resources: +Without a declared cwd the relative path was (most likely?) relative to wherever chef-client happened to be invoked which is +not deterministic or easy to intuit behavior. -```ruby -powershell_script 'create powershell-test file' do - code <<-EOH - $stream = [System.IO.StreamWriter] "#{Chef::Config[:file_cache_path]}/powershell-test.txt" - $stream.WriteLine("In #{Chef::Config[:file_cache_path]}...word.") - $stream.close() - EOH - user 'username' - password 'password' -end +### Chef::PolicyBuilder::ExpandNodeObject#load_node has been removed -execute 'mkdir test_dir' do - cwd Chef::Config[:file_cache_path] - domain "domain-name" - user "user" - password "password" -end +This change is most likely to only affect internals of tooling like chefspec if it affects anything at all. -script 'create test_dir' do - interpreter "bash" - code "mkdir test_dir" - cwd Chef::Config[:file_cache_path] - user "domain-name\\username" - password "password" -end +### PolicyFile failback to create non-policyfile nodes on Chef Server < 12.3 has been removed -batch 'create test_dir' do - code "mkdir test_dir" - cwd Chef::Config[:file_cache_path] - user "username@domain-name" - password "password" -end -``` +PolicyFile users on Chef-13 should be using Chef Server 12.3 or higher. -## Highlighted bug fixes for this release: +### Cookbooks with self dependencies are no longer allowed -- Ensure that the Windows Administrator group can access the chef-solo nodes directory -- When loading a cookbook in Chef Solo, use `metadata.json` in preference to `metadata.rb` +The remediation is removing the self-dependency `depends` line in the metadata. -## Deprecation Notice - -- As of version 12.19, chef client will no longer be build or tested on the Cisco NX-OS and IOS XR platforms. - -# Ohai Release Notes 8.23: - -## Cumulus Linux Platform - -Cumulus Linux will now be detected as platform `cumulus` instead of `debian` and the `platform_version` will be properly set to the Cumulus Linux release. - -## Virtualization Detection - -Windows / Linux / BSD guests running on the Veertu hypervisors will now be detected - -Windows guests running on Xen and Hyper-V hypervisors will now be detected - -## New Sysconf Plugin - -A new plugin parses the output of the sysconf command to provide information on the underlying system. - -## AWS Account ID - -The EC2 plugin now fetches the AWS Account ID in addition to previous instance metadata - -## GCC Detection - -GCC detection has been improved to collect additional information, and to not prompt for the installation of Xcode on macOS systems - -## New deprecations introduced in this release: - -### Ohai::Config removed - -- **Deprecation ID**: OHAI-1 -- **Remediation Docs**: <https://docs.chef.io/deprecations_ohai_legacy_config.html> -- **Expected Removal**: Ohai 13 (April 2017) - -### sigar gem based plugins removed - -- **Deprecation ID**: OHAI-2 -- **Remediation Docs**: <https://docs.chef.io/deprecations_ohai_sigar_plugins.html> -- **Expected Removal**: Ohai 13 (April 2017) - -### run_command and popen4 helper methods removed - -- **Deprecation ID**: OHAI-3 -- **Remediation Docs**: <https://docs.chef.io/deprecations_ohai_run_command_helpers.html> -- **Expected Removal**: Ohai 13 (April 2017) - -### libvirt plugin attributes moved - -- **Deprecation ID**: OHAI-4 -- **Remediation Docs**: <https://docs.chef.io/deprecations_ohai_libvirt_plugin.html> -- **Expected Removal**: Ohai 13 (April 2017) - -### Windows CPU plugin attribute changes - -- **Deprecation ID**: OHAI-5 -- **Remediation Docs**: <https://docs.chef.io/deprecations_ohai_windows_cpu.html> -- **Expected Removal**: Ohai 13 (April 2017) - -### DigitalOcean plugin attribute changes - -- **Deprecation ID**: OHAI-6 -- **Remediation Docs**: <https://docs.chef.io/deprecations_ohai_digitalocean.html> -- **Expected Removal**: Ohai 13 (April 2017) |