Release: Enterprise Chef 11.2.0 and Chef Analytics 1.0.1

We are pleased to announce the release of the Enterprise Chef 11.2.0 server and Chef Analytics 1.0.1.

Enterprise Chef 11.2.0

What’s New

  • oc-id Adds the Chef Identity Service. This enables Supermaket and Analytics authentication against the Enterprise Chef Server.
  • Analytics Support
    • dark\_launch['actions'] defaults to true. You no longer need to manually set this in the private-chef.rb
    • Reconfigure will copy /etc/opscode/webui\_priv.pem into /etc/opscode-analytics if actions is enabled
    • This change adds a new ‘oc-id’ key to the private-chef-secrets.json.
  • private-chef-ctl Add a gather-logs command to create a tarball of important logs and system information.
  • orgmapper Bump orgmapper to a new minor revision. This enables support for the bifrost/authz API and fixes several bugs.
    • Add bifrost\_sql\_database uri to orgmapper.conf
    • Upgrade to rel-0.5.1

Bug Fixes:

The following items are the set of bug fixes that have been applied since Enterprise Chef 11.1.8:

  • [OC-11297] tweak partybus migration-level subscribes for a more reliable workaround
  • [OC-11585] Allow ['lb']['upstream'] to have a custom setting
  • [OC-11459] Allow opscode-manage to easily be moved off of 443
  • [OC-11540] Fix invalid opscode-account config when forcing SSL
  • [OC-11575] Don’t start services by default on the standby backend node in HA topology
  • [OC-11601] Fix a race condition that sometimes caused redis\_lb to attempt to reconfigure itself before it was restarted.
    • This change causes redis\_lb to restart during every reconfigure. This restart can cause a short period of 500 errors on the on the FE nodes.
  • [OC-11668] enable ipv6 in standalone mode
  • [OC-11672] Upgrade PostgreSQL to 9.2.9
  • [OC-11673] Tune PostgreSQL keepalive timeouts
  • [OC-11702] Fix bug that prevents ACL and group expansion when containing group that no longer exists
  • [OC-11708] Fix user association bug when last updater of users group is no longer associated
  • [OC-11710] Fix couchdb compaction log rotation

Security Fixes:

The following items are the set of security fixes that have been applied since Enterprise Chef 11.1.8:

  • OpenSSL 1.0.1i addresses CVE-2014-3512, CVE-2014-3511, CVE-2014-3510, CVE-2014-3507, CVE-2014-3506, CVE-2014-3505, CVE-2014-3509, CVE-2014-5139, and CVE-2014-3508.
  • PostgreSQL 9.2.9 addresses CVE-2014-0060, CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064, CVE-2014-0065, CVE-2014-0066, CVE-2014-0067

Download

Contact your sales representative for a link to download the patched version of Enterprise Chef.

Upgrade Instructions

Follow the upgrade instructions on the Chef Documentation site:

Chef Analytics 1.0.1

Improvements

  • feature(profile): Remove profile URL from web frontend pending redesign of profile page
  • feature(omnibus): Use latest omnibus-ctl 0.1.0
  • feature(dateRangePicker): Implemented date range picker
  • features(tagging) Update consumer to add Chef Manage on actions from UI
  • feature(actionDetails): Clicking on the remote request id in the details adds a filter for that id.
  • feature(tooltips): Added tooltips to toggle icons in the search area.

Bug fixes

  • fix(upgrade): Always start postgres and rabbitmq during upgrade process
  • fix(cursor): fix inconsistent cursor use
  • fix(actions): Added support for organizations named “login”
  • fix(login): Login page shows ‘Signed in as’ when you have an active session
  • fix(export): Can now supply a base filename to exports before downloading
  • fix(savedSearched): Selecting a saved search now populates the date pickers.
  • fix(e2e): Protractor E2E tests should pass reliably.
  • fix(search): Improve fuzzy search
  • fix(saved search): updating existing search throws 500

Security updates

  • Update openssl to 1.0.1i
  • Update rails to 4.1.5

Upgrading Chef Analytics

To upgrade to Chef analytics 1.0.1 you do not need to stop your Enterprise Chef . You do need to stop your running Chef analytics 1.0.0 instance.

  1. Stop Chef analytics
    opscode-analytics-ctl stop
  2. Install the new package, e.g.:
    rpm -Uvh opscode-analytics-1.0.1-1.el6.x86\_64.rpm
  3. You can re-run the preflight-check at this point to check if your Enterprise Chef is configured correctly
        opscode-analytics-ctl preflight-check
        Preflight check successful!
  4. Reconfigure Chef Analytics
    opscode-analytics-ctl reconfigure
  5. Start Chef Analytics
    opscode-analytics-ctl start
  6. Check it is running
    # opscode-analytics-ctl test 
    OK: Chef Actions running at 'https://analytics.example.com/'
    

Compatability

Chef analytics 1.0.1 is compatible with both Enterprise Chef 11.1.8 and 11.2.0.

Author Irving Popovetsky

Irving leads the Customer Engineering team at Chef