Greetings! We released ChefDK 0.10.0 today and it can be obtained from our downloads page. This release includes the following new/updated dependencies:
- InSpec version 0.9.2
- Kitchen InSpec version 0.9.0
- Knife Windows 1.1.1
- Chef Provisioning 1.5.0
- Chef Provisioning AWS 1.6.0
You can view the full release notes on Github, but I have copied them into here for friendliness.
InSpec
Chef InSpec was released November 3rd. We’re now packaging this tool into the ChefDK. The Github README has an overview of the project and the developers posted an informative blog as well.
The primary means of interfacing with InSpec is through its command line tool inspec
. The most important thing to note about the integration with the ChefDK right now is that the inspec
tool is not added to your PATH by default when installing the ChefDK. To use it you can either:
- EDIT: Someone pointed out to me after we published this post that if you run `chef shell-init` you do not need to prepend the `inspec` executable with `chef exec`. Thanks Adam!
Prepend all yourinspec
invocations withchef exec
. For example, following their guide you would runchef exec inspec exec test.rb
to run local Inspec tests. - Add the executable to your PATH manually. On linux/OSX systems this is located at
/opt/chefdk/embedded/bin
and on Windows it is located atC:\opscode\chefdk\embedded\bin
.
This path change is temporary – we plan to include inspec
in the PATH by default in future ChefDK releases.
Kitchen-InSpec
Kitchen-InSpec is a new Test Kitchen verifier that uses InSpec. This verifier is only compatible with Test Kitchen version 1.4 or greater, and will only work with other Test Kitchen plugins that also use Test Kitchen 1.4. Some examples of drivers which use Test Kitchen 1.4 are the Vagrant plugin and EC2 plugin.
Look at the .kitchen.yml and tests in the InSpec example of what a cookbook using InSpec should look like.
Knife Windows 1.0 Enhancements
This release of the ChefDK ships with Knife-Windows 1.1.1 and marks the first v1 release to be bundled with ChefDK. Full details of features included in both 1.0.0 and 1.1.0 can be found in the release notes here:
For those who make use of Knife-Windows in your day to day Chef development workflow, here are the breaking changes and highlights:
Breaking changes
Negotiate
is the default authentication protocol. Prior to this release, the default authentication protocol depended on the format of the--winrm-user
option. Thebasic
authentication protocol would be assumed unless that option had the formatdomain\user
. To revert to the behavior of previous releases or otherwise force knife-windows to use a specific authentication protocol such asbasic
, use the--winrm-authentication-protocol
option.- Default WinRM port depends on the transport. The default port is still 5985 for non-ssl connections, but now defaults to 5986 if you’re using ssl.
- Kerberos Keytab short option is now
-T
to fix a conflict with the--identity-file
option.
Making it easier to setup WinRM over SSL
Setting up WinRM communication over SSL can be far from straight forward. Certificates need to be configured on both ends, firewall rules must be added and a WinRM listener has to be created. This Knife-Windows release adds some new knife
commands to help automate these tasks:
knife windows cert generate
generates a certificate and related public key file for use in configuring a WinRM listener and validating communicationknife windows cert install
installs a certificate such as one generated by thecert generate
subcommand into the Windows certificate storeknife windows listener create
creates a WinRM SSL listener on a Windows system
Validating WinRM Configuration
A new subcommand: knife wsman test
verifies winrm functionality on a remote system.
New Bootstrap Options
--hint
creates Ohai hints on bootstrap--bootstrap-install-command
allows an alternate command to be used to install Chef Client--install-as-service
will have Chef Client be installed as a Windows service on bootstrap--msi\_url
provides an alternate URL to the Chef Client installation package
Validatorless bootstrapping
Look mom, no validator! Thats right – as seen in the core chef client first, this is now possible in knife windows bootstrap
as well.
Proxy support for WinRM
The knife winrm
and knife bootstrap windows winrm
subcommands now honor the proxy server configured via the http_proxy
setting in knife.rb for WinRM traffic.
chef generate
commands now default to using Berksfile instead of Policyfile
In ChefDK 0.9.0, we changed the default behavior of chef generate cookbook
to create Policyfiles instead of Berksfiles. Our training materials and tutorials were not updated to account for this change, so we’ve changed the behavior back. You can still generate cookbooks with Policyfiles by passing the -P
option to chef generate cookbook
.
Additionally, you can generate a Chef repo with appropriate directories for Policyfiles by running chef generate repo -P
.