With the release of Progress Chef Infra Server 15.10.12, a thoughtful consideration has been given to our supported solutions and the product’s security posture. A deliberate effort is being made to commercially support only non-end-of-life platforms and they’re structurally void of any critical vulnerability due to any major software component or service. This has resulted in two worthwhile improvements:
- End of support for RHEL 7
- Replacement of Redis with KeyDB
End of Support for RHEL 7
IBM announced the end of life of Red Hat Enterprise Linux 7 (RHEL 7) platform on June 30, 2024. Considering that improved variants of Red Hat Enterprise Linux platforms like RHEL 8 and RHEL 9 are available, Progress Chef did not execute an extended support contract with IBM for RHEL 7. Hence, we have come to a stage wherein no Chef Infra Server builds can be done for RHEL 7 platform. We are officially ending our support for RHEL 7 with the release of Chef Infra Server 15.10.12.
If your organization is using RHEL platform for Chef Infra Server, we encourage you to upgrade your operating system (OS) to RHEL 8 or RHEL 9 before upgrading Chef Infra Server to 15.10 or above. It’s imperative to be on RHEL 8 or RHEL 9 before upgrading to Chef Infra Server 15.10.12.
Replacement of Redis with KeyDB
Redis has adopted a dual source license model. This has impacted the way Redis is used in Chef Infra Server. After mindful consideration on usage of Redis in Chef Infra Server, we’ve decided to move away from Redis in favor of KeyDB - the faster Redis alternative! KeyDB has been built for scale and meets the use cases for which Redis was being used in Chef Infra Server.
What is the change?
From Chef Infra Server 15.10.12, the product will get rid of Redis package. KeyDB services will replace the functionality for which Redis was being used in Chef Infra Server.
No change is being made to the service name and Redis parameters mentioned in config.rb for redis_lb.
Why the change?
The current package of Redis being used in Chef Infra Server was having critical and high Common Vulnerability Scoring System (CVSS) scored Common Vulnerabilities and Exposures (CVEs). With the change in licensing model at Redis, we couldn’t upgrade to a Redis version which can help fix CVEs. Hence, to provide a long-term alternative KeyDB will replace Redis in Infra Server.
Migration and upgrade
One important thing that users need to keep in mind is the upgrade process for Chef Infra Server doesn’t any data related to Redis. Similarly, with the transition to KeyDB, we’ll maintain this practice—any data associated with Redis from previous versions of Chef Infra Server will not be preserved in the upgraded version.
We are confident that updating our supportability matrix to prioritize fixing critical CVEs in dependent software components will benefit all users, customers and partners. For any clarifications, please reach out to kallol.roy@progress.com or ankur.mundhra@progress.com.