Release: Chef Client 11.8.0 & Ohai 6.20.0

Hey Chefs,

Today is an exciting day. We are announcing Chef Client 11.8.0 & Ohai 6.20.0. Here are the biggest highlights of these releases:

Chef Client Local Mode

Chef Client now has a local mode in which it can run 100% locally using a chef repository. With local mode you now have a 3 step process while getting started with Chef:

  • Download and install Chef package from here.
  • Write a recipe.
  • Converge that recipe locally using `chef-client –local-mode -o cookbook_name`

You can read more about local mode from our own John Keiser here.

New SSL Verification Settings

In order to improve security of Chef client/server communication, we are working towards enabling SSL verification by default in Chef. In this release we have laid down the groundwork for implementing this goal.

Chef now has a new configuration setting :verify_api_cert which turns on SSL verification when communicating with Chef Server. Also, Chef now manages a directory on the client for SSL certificates of your Chef servers.

You can check out here to see Dan DeLeo talking about this new feature in detail and our plans of enabling SSL verification by default in Chef.

Check out 11.8.0 Release Notes to see if any of the changes are impacting your environment.


Eric Saxby has been adding crucial SmartOS improvements to Chef and Ohai, and for that he is this release’s MVP. Congratulations Eric…


  • KAWAHARA Masashi added non\_unique support to groupadd provider.
  • Ben Holley fixed a typo in chef-solo config.
  • Yukihiko Sawanobori made sure backup file names are unique when the same file is updated more than once.
  • JJ Asghar fixed the extension of the temp files created during edits with knife.
  • Marco Betti made sure the http proxy is set while downloading the Chef omnibus installer.
  • Eric Saxby improved the package name matching in SmartOS package provider.
  • Eugene Wood made user resource omnipotent when kid is specified as a string.
  • Jeff Blaine gave the Solaris package provider the ability to install from Jumpstart Install Server’s NFS share.
  • Tim Smith made mdadm provider to pass chunk size only if the drives are being striped.
  • Xabier de Zuazo [Onddo Labs]made knife cookbook sire share to work with Ruby 2.
  • Randi Thomas make to do a POST instead of PUT
  • David Miller made FreeBSD package provider to work when package name contains ‘+’.
  • Andrew Sozonnyk helped us implement the ability to assign a validator property to client.
  • Adam DePue added the ability to escape passwords with ‘ ‘.
  • Jack Foy exposed the timeout attribute on scm resource.
  • Mike Fiedler fixed the incorrect punctuation in knife status
  • Jeff Blaine helped us fix chef-full bootstrap on Solaris 10.
  • Jesse Hu fixed the proxy parameter interference with client.rb & knife.rb
  • Nathan Brown made :role\_path to allow an array of paths.
  • Ricardo Sanchez gave the Debian service provider to modify the service priorities.

Fixed issues in Chef Client 11.8.0

  • [CHEF-1559] – Debian service provider does not modify the priorities of service
  • [CHEF-3159] – Do not silently exit when the daemon isn’t executable in init scripts on Debian
  • [CHEF-3798] – user provider on Windows tries to set the password even if not provided
  • [CHEF-3881] – exit 1, not 0, if $DAEMON (chef-client) is not executable
  • [CHEF-3982] – wget/curl dep in chef-full knife bootstrap script fails on Solaris 10
  • [CHEF-4014] – Group provider does not respect group\_name on Windows
  • [CHEF-4084] – knife status -r adds incorrect punctuation
  • [CHEF-4155] – remove the chef-apply symlink in postinst/postrm
  • [CHEF-4196] – chef-shell & chef-apply aren’t deleted by postinst & postrm scripts
  • [CHEF-4197] – Chef::Provider::Mount device\_mount\_regex fails to populate capture groups when device is symlink (Ubuntu 12)
  • [CHEF-4200] – When uid is sent into user provider as a string, chef should not update user on each chef run
  • [CHEF-4271] – “–sudo-use-password” option for knife-bootstrap should escape passwords with ‘ ‘ to allow for special characters to be passed in via command line
  • [CHEF-4335] – Knife ssh adds annoying extra newlines to output
  • [CHEF-4344] – Fix typo in spec
  • [CHEF-4353] – No way to assign validator property to client.
  • [CHEF-4371] – FreeBSD Package Provider fails when package name contains +’s.
  • [CHEF-4375] – chef-service-manager –version shows “version unknown”
  • [CHEF-4394] – Add an equivalent for –fork on Windows
  • [CHEF-4399] – Line endings for templates are based on the platform the template was written on not on the node platform
  • [CHEF-4406] – response\_file fails trying to load preseed templates and falls back to cookbook files.
  • [CHEF-4411] – Fix –copyright and –email typos in knife cookbook create docs
  • [CHEF-4422] – remote\_file fails when source becomes too long
  • [CHEF-4426] – knife cookbook upload doesn’t work on windows when working with :versioned\_cookbooks
  • [CHEF-4435] – does a PUT getting a 405 from the chef server
  • [CHEF-4456] – Knife cookbook site share fails with Ruby 2
  • [CHEF-4457] – Diffs fail when there are spaces in the path
  • [CHEF-4470] – Running chef-client fails when chef is running as a service on windows.
  • [CHEF-4482] – user resource allows defining uid as a string but results in re-applying the change with each run
  • [CHEF-4493] – Merge unmerged knife-essentials code into chef
  • [CHEF-4499] – knife upload subcommand does not support any options
  • [CHEF-4507] – smartos package provider matches package names too loosely in candidate\_version
  • [CHEF-4509] – After CHEF-4011 – Double encryption problem
  • [CHEF-4513] – HTTPS proxy not set (wget only) using HTTPS to download the Omnibus installer
  • [CHEF-4515] – Wrong puzzling/confusing message “Unsupported `json\_class` type ‘Chef::WebUIUser’ (JSON::ParserError)” while users upload
  • [CHEF-4526] – knife environment edit still is .js temp files
  • [CHEF-4534] – Upstart provider’s restart\_service if..else has a syntax bug
  • [CHEF-4554] – Typo in chef solo config file option default
  • [CHEF-4556] – chef-client service starts at every run of chef-client::service recipe
  • [CHEF-4561] – :write is not a valid action for log resource
  • [CHEF-4567] – SmartOSPackage class expands to the wrong DSL method
  • [CHEF-4592] – “knife delete” subcommand options not showing on the command line
  • [CHEF-4602] – Errno::ETXTBSY Text file busy
  • [CHEF-4610] – Chef on Windows prints “deprecated” warning for every operation
  • [CHEF-4614] – ResourceReporter should check that before/after state for a resource are hashes
  • [CHEF-4615] – –chef-repo-path doesn’t work for knife deps, download, etc
  • [CHEF-4625] – Remote\_file local file copy on Windows fails with EACCESS, requires atomic\_update false workaround
  • [CHEF-4649] – Auto configure ssl\_ca\_file on windows when running in omnibus
  • [CHEF-4662] – knife edit creates temporary files with insecure permissions
  • [CHEF-4671] – Remote file cache control handling needs to be updated for HTTP library refactor
  • [CHEF-4674] – 11.6.2 windows MSI does not include Erubis executable
  • [CHEF-3609] – when bootstrapping, should generate no\_proxy in /etc/chef/client.rb if no\_proxy is configured in knife.rb
  • [CHEF-4248] – Expose timeout attribute on scm resource and associated providers
  • [CHEF-4343] – Only test certain branches on Travis
  • [CHEF-4458] – add chef\_ca\_cert resource
  • [CHEF-4465] – mdadm provider shouldn’t pass chunk size for mirrors
  • [CHEF-4469] – Allow Solaris package install from Jumpstart install server’s NFS share of packages
  • [CHEF-4471] – Add Windows 8.1/2012 R2 to Chef Windows Helper
  • [CHEF-4477] – fix typographical errors in autogenerated
  • [CHEF-4488] – Support chef\_server\_url ‘local’ running chef-zero
  • [CHEF-4497] – tag method should be moved into the Node object
  • [CHEF-4529] – A Timestamp of backup_filename is too short.
  • [CHEF-4568] – Normalize whitespace
  • [CHEF-4571] – GET ‘/cookbooks/foo/\_latest’ returns duplicate JSON keys in recipes
  • [CHEF-4578] – groupadd add non\_unique support (-o)
  • [CHEF-4585] – chef/mixin/shell\_out should require mixlib/shellout and document why it requires chef/shell\_out
  • [CHEF-4603] – Refactor Chef::REST so behavior is swappable
  • [CHEF-4648] – Add Pry as a runtime dep
  • [CHEF-2928] – Chef solo’s role\_path should allow for an array of paths
  • [CHEF-4356] – Add Platform Support for “opensuse”

Fixed Issues in Ohai 6.20.0

  • [OHAI-507] – GCE Ohai plugin update for GCE v1beta1 compatibility
  • [OHAI-515] – Command line parameters for ohai are not listed in the online docs
  • [OHAI-519] – AIX platform support for Ohai

Serdar Sutay