DEVOPSdigest

Chef announced the release of Chef 14, the fastest and easiest to use Chef version yet.

Expanded out-of-the-box support for both Windows and macOS eliminates the need for external cookbooks to manage these operating systems.

And finally, Chef 14 benefits from the performance enhancements in Ruby 2.5, running up to 10% faster than previous versions.

A major objective over the last few years has been to include more resources, or configuration items, in core Chef. When Chef was first released back in 2009, it provided a declarative automation framework for performing basic systems tasks like installing packages or managing files. Higher-order operations, like managing software repositories, tuning kernel parameters, or managing operating system subscriptions were only available through external cookbooks. While developing those cookbooks allowed Chef to iterate on these tasks independent of the Chef Client release cadence, once the code matured, it was time to add it back to core Chef.

In Chef 14, the company added nearly thirty resources to core Chef with the goal of allowing you to do nearly any basic systems management function without the need for an external cookbook. The resources fall into the following areas:

- Windows support: There is no longer any need to use a separate windows cookbook in order to get access to Windows management resources. This has been a multi-year project and required Chef to modernize and rewrite much of the logic in these resources, but the payoff is worth it. For example, you can now join Chef-managed Windows servers to an Active Directory domain, install packages from DISM or PowerShell, set up AutoRun items, install printers, and many more tasks, all with just a few lines of Chef code and no external dependencies.

- macOS management: Many companies, including Facebook’s Client Platform Engineering team, are now managing their desktop macOS fleets using Chef. Tasks like installing packages from DMG images or Homebrew casks and taps, and management of macOS user profiles are possible without a dependency on the macos cookbook. Speaking of that cookbook, it is now maintained by our partners at Microsoft and replaces the old mac_os_x cookbook. Microsoft will be speaking at ChefConf 2018 on this topic.

- RedHat Enterprise Linux subscription management: It’s now possible to manage your Red Hat Systems Manager (RHSM) subscription and entitlements using core Chef, as well as ensuring that specific errata are installed on a server. This helps with patch management use cases, particularly for remediating fleetwide vulnerabilities like Meltdown or Spectre.

- Utility functions: Resources that previously existed in cookbooks to perform tasks like managing swap files, kernel tuning (sysctl), setting the system hostname, generating OpenSSL keys, or managing sudo configuration are all in core Chef.

Finally, there is the usual plethora of minor changes and bugfixes that accompany a major release like this. A few that are worth calling out:

- The yum and DNF resources have been completely overhauled to be more performant.

- Chef disabled Ohai’s passwd plugin by default to avoid enumerating users’ entire directories on AD or LDAP-connected systems.

- node[“name”] and node[“chef_environment”] are now top-level attributes to avoid confusion when writing recipes. (You can still use the old method syntax but the attribute format is now recommended.)

- Ohai now reports on Windows system’s product and system type (e.g. “Datacenter”) by default.