We are quite excited about getting this version of Chef released and into your hands. This release contains over seventy-five resolved issues from over thirty community members and some big new features from Opscode.
This version includes a new feature that we’ve talked about for a long time
called “why-run.” This feature allows you to run chef on a system without the providers modifying the system. A key part of why-run is that it tells you why it makes the decision that it did, so you can reason about the current and proposed
state of your system, hence the name.
The no-operation or no-op concept is initially simple to reason about: decide what you’re going to do, but don’t actually do it. However, in configuration management the resources (the things you manage) that you are managing have interdependencies. If you do not account for this in the system, the proposed changes will differ wildly from the actual changes as the system grows in complexity. It is easy to build a system that doesn’t account for this truth, but from our experience building large infrastructure we knew we needed to engineer a proper solution that would scale.
For example, it is easy to model what happens when you use the service resource to start a service. If the action is start and the service is not running, you would start the service. If the service is already running, there would be no need to start it.
But what about when we need to start a service that is installed from a package? We can’t check to see if a service is running without installing the package first. A simple no-op mode would tell us that it would install the package but couldn’t tell us about the service because it could not determine its state.
This example is intentionally easy to reason about; you know that the service would be started after the package is installed. But service actions usually trigger notifications on other resources so it is important to get this right to produce a useful no-op mode.
Given the use cases for a no-op mode, Opscode’s engineering team came back with a design that allowed for certain assumptions to be made in each resource. If the service resource cannot find the appropriate command to check the status of the service, Chef’s why-run mode will assume that the command would have been installed by a previous resource and the service would not be running. This of course isn’t guaranteed to be the case, but we believe this will greatly increase the usefulness of why-run over other possible designs.
Another area of concern is what to do with not\_if and only\_if attributes. Chef assumes these are commands or blocks that are safe to run in why-run mode. These conditionals are not designed to be used to change the state of the system, but rather to help facilitate idempotency for the resource itself. However, it is possible that you may be using them in a way that modifies the system state, so be aware of this.
The closer the current state of the system is to the desired state, the more useful why-run mode is going to be to you. Running a full run-list against a fresh system in why-run mode is not only unlikely to be completely correct, it is going to produce significant output which is probably less useful to you. Chef’s why-run mode is not a replacement for running your cookbooks in a test environment that mirrors production as closely as possible. Opscode uses test-kitchen on developer systems, an internal Openstack cloud and external cloud providers to do so.
# Short output with a single character per resource,
# followed by a summary
chef-client -Fminimal -lfatal
# A verbose human readable format like rspec
chef-client -Fdoc -lfatal
We’re planning on making the ‘doc’ output formatter the default client output in Chef 11, so please let us know what you think on the chef mailing list.
We’ve also got a new feature that captures specific errors from Chef and tells you why it believes the error occurred. For example an error raised while compiling a recipe is going to present a formatted output that shows you the line in the recipe that Chef believes is responsible.
We now have Omnibus packaging for Solaris 9, 10 and 11 on sparc, as well as Solaris 10 and 11 on x86.
__Xabier de Zuazo__ has been making some epic contributions. More than once he has set out to fix a small bug and ended up doing a significant code refactor for the project. It’s great to see a community contributor doing such essential work. Congratulations Xabier, you’re this release’s MVP!
* Fixes a minor security bug that allowed you to get the list of environments from the WebUI without credentials.
* Supports long host names and user names by trying the new mixlib-authentication protocol against the server and falling back to the
old one.
* Omnibus builds now include ruby-shadow when applicable.
* Subscribes now support the newer notification syntax.
* __Chris Roberts__ made the daemonized server run garbage collection before sleeping and added the ability for the chef-client to fork for each run.
* __Phil Dibowitz__ refactored ‘knife cookbook upload -a’ to support batch uploading
and added support for knife cookbook site install to use the current branch.
* __Mitsuru Yoshida__ fixed some of the unit tests on FreeBSD and improved the FreeBSD service provider.
* __Ken-ichi TANABE__ improved the FreeBSD service provider
when the RC var doesn’t match the service name.
* __KC Braunschweig__ provided a patch to add a config value for a list of directories for knife exec to search.
* __Jason J. W. Williams__ supplied a base IPS package provider for Solaris
and friends.
* __Ben Lindsey__ updated the deploy provider to allow specifying the number of releases to keep.
* __Will Maier__ added the ability to pass arguments to the execute resource’s command attribute as an array.
* __Brandon
Adams__ provided a patch for downloading all cookbook segments at the start of the run.
* __Sean Escriva__ fixed the user resource when changing a user’s home directory.
* __Hui Hu__ added a return code for knife ssh when it fails.
* __Anna Gabutero__ fixed a bug in the mdadm provider related to inactive arrays.
* __Takeshi Kondo__ patched knife ssh to use cloud attributes if available by default.
* __Martha Greenberg__ improved the solaris group provider to work
on newer versions.
* __Michael D. Ivey__ added support for manipulating environments in shef and made it so all clients could delete themselves.
* __Mike Conigliaro__ provided a patch to the debian packaging to fix a logrotate bug.
*
__Nathen Harvey__ improved the initial skeleton cookbook that knife creates.
* __David Amian__ fixed a bug that was preventing nodes from being deleted in the WebUI using firefox.
* __Xabier de Zuazo__ added support for month and day names
to the cron provider and fixed permissions on failed-run-data.json.
* __Justin Schumacher__ fixed a bug that was preventing the OS X user resource from setting the gid.
* __Matthew Kent__ refactored knife client create to return the correct
exit code on failure.
* __Tim Potter__ made the ‘knife node tag delete’ output consistent with ‘knife node tag create’ and added tags to the ‘knife node show’ output.
* __Raf Geens__ fixed the –json-attributes
flag when using the ubuntu12.04-gems bootstrap template.
* __Juanje Ojeda__ and __Avishai Ish-Shalom__ made it so the deploy provider can create directories if they do not exist.
* __Mathieu Sauve-Frankel__ fixed knife ssh cssh to run on
additional platforms.
* __Max Horbul__ added support for loading a data bag by symbol.
* __Deepak Kannan__ added an option to set the default knife verbosity in the config file.
* __Dan Crosta__ configured NetBSD to use the FreeBSD
service provider and provided a NetBSD group provider.
* __Sriram Devadas__ improved the ordering of objects in the WebUI.
* __Mark Roddy__ fixed a bug where knife bootstrap was failing when not provided ohai hints.
* __Gardner Bickford__
cleaned up some unfriendly language in the unit tests.
* __Chris Parsons__ provided a workaround for a Net::SSH bug when passing unicode data.
* __Arthur Gautier__ made it so you can search for values that contain the @ symbol and fixed
a bug in the webui when it tries to display special files.
* __Miguel Cabeça__ fixed a bug in the apt provider to allow installing packages from a different release.
* __Josiah Kiehl__ improved parts of knife to use its internal ui
object more consistently.
* __Wes Morgan__ solved an issue where Chef::Knife::Ssh was being used before it was require’d.
* __Daniel Condomitti__ added options to knife status for filtering and reverse sorting.
Special thanks to __Justin Witrick__ for why-run testing.