Ohai Chefs!
I’m happy to announce that Chef Server 12.2.0 is now live on Hosted Chef, and is also available for download on the Chef Downloads Page and via our Apt/RPM repositories. Here are some of this release’s highlights:
- External PostgreSQL: we now support using a PostgreSQL server other than the one shipped with Chef Server, including Amazon RDS.
- Policyfile API enhancements.
- Organization policy changes.
- New
chef-server-ctl
commands and enhancements. - Several bug fixes.
Organization Policy Changes
- An organization’s users can now see the information about other users in the same organization. This access includes name, email address, public key, and organizations that are shared between the user making the request and the user being viewed. Organizations that are not shared will not be visible. This is applicable in Hosted Chef as well as Chef Server. This allows an organization’s users to encrypt data bag items for each other using
knife-vault
without granting these users admin access. - By default, it is no longer permitted to remove the “admins” group’s
grant
ACE from a group’s ACL. This prevents a number of issues in which customers were locked out of updating group permissions. If you have need to do this, it is still possible in your Chef Server 12 installation by authenticating as the superuser. For Hosted Chef, there is no way to do this without contacting support.
External PostgreSQL
It is now possible to configure a new Chef Server with an externally managed PostgreSQL database, including one hosted on Amazon RDS. For more information, see the details here.
Important Note: the reporting and analytics add-ons are not compatible with external PostgreSQL. If you’re using either of these add-ons, please continue to use the managed PostgreSQL that ships with Chef Server until updated add-ons are released.
Editor’s Note (12/16/2015): To clarify the above: Chef analytics uses its own internal PostgreSQL database and does not interact with the Chef server’s PostgreSQL database. It is currently not possible to have Chef analytics make use of an external PostgreSQL database. It is possible to have Chef analytics working as-is in conjunction with Chef server with an externally managed PostgreSQL database. Chef reporting uses the same PostgreSQL database as the Chef server. When this blog post went live, it was not possible to use Chef reporting and use an external PostgreSQL database with the Chef server. However, this was changed with the release of Chef reporting 1.5.5, as detailed here
Policyfile API enhancements
Further additions have been made to the Policyfile endpoints to round out support for them. For more information, reference API Changes and Additions in the release notes. These endpoints will be utilized in further Policyfile support scheduled for the upcoming ChefDK 0.8 release.
chef-server-ctl
chef-server-ctl
has received several additions and enhancements:
- New commands
backup
andrestore
to back up/restore your Chef Server installation’s data from the local file system. Note that you must have rsync installed locally for this, and that by default it will take Chef Server offline to perform the backup to ensure data consistency. - The
reindex
command now supports server-wide reindexing. - Improvements to error output. When errors exist in
chef-server.rb
or we detect errors in an external PostgreSQL configuration, we will now provide a detailed error message and — where appropriate — a link to further documentation. - Additional improvements can be found in the chef-server-ctl section of the release notes.
Further Reading
For further details about this release please reference the Release Notes, and for even more information you can take a look at the ChangeLog.