## Upgrade Journey Chef lets you choose your **upgrade journey** based on your current version of Chef Automate. You can do all the version upgrades manually. | Your Current Version | Upgrade To | | -------------------- | ---------- | | Any version before 20220329091442| 20220329091442| | 20220329091442| 3.0.x| | 3.0.49| 4.x| See the [Chef Automate 4.x upgrade documentation](https://docs.chef.io/automate/major_upgrade_4.x/) for more information. ## New Features - Automate HA eases setting up the cluster by introducing the `chef-automate verify` command, which checks the configurations across the nodes in the cluster before deployment. The same command can be used and verify the cluster configurations after deployment for easy troubleshooting. This will make the deployment and maintenance of Automate HA cluster much easy and transparent. Refer to the detailed documentation here: https://docs.chef.io/automate/ha_verification_check/ - The users in the Chef Server running in Automate can be authorized to log in to Private Supermarket. Refer [Supermarket Integration](https://docs.chef.io/automate/supermarket_integration_with_automate/) to get more details. ([#7909](https://github.com/chef/automate/pull/7909)) - Automate HA eases the creation of the initial configuration file by introducing a user-driven configuration generator. [#7923](https://github.com/chef/automate/pull/7923) ## Improvements - The rotated certificates are now preserved for the addition/deletion/upgrade of nodes after rotating the certificates for individual nodes in Automate HA cluster. ([#7945](https://github.com/chef/automate/pull/7945)) - The status of all the services on all the nodes of an Automate HA cluster can be monitored from Bastion using the `chef-automate status` command. ([#7950](https://github.com/chef/automate/pull/7950)) - An individual service running on frontend nodes of Automate HA cluster can be restarted from Bastion using the `chef-automate restart-services` command. ([#7958](https://github.com/chef/automate/pull/7958)) - The services in a given or all frontend nodes can be stopped from the Bastion host using the `chef-automate stop` command. ([#7966](https://github.com/chef/automate/pull/7966)) - The versions of all the running services for a given or all nodes in Automate HA cluster can be monitored from the Bastion host using the `chef-automate version` command. ([#7970](https://github.com/chef/automate/pull/7970)) - The data related to chef-client runs and chef-server actions in Automate can be managed from the Bastion host using the `chef-automate infrastructure` command ([#7944](https://github.com/chef/automate/pull/7944)) - The es-sidecar service now honors the setting at the global backup configuration. ([#7976](https://github.com/chef/automate/pull/7976)) - Ability to connect to external OpenSearch cluster using proxy SSL server. ([#7984](https://github.com/chef/automate/pull/7984)) - The lag of PG follower nodes concerning the leader node in a PG cluster is now shown in the `chef-automate status` command. ([#8054](https://github.com/chef/automate/pull/8054)) - The gather log command now captures logs from different locations in the PG cluster. ([#8058](https://github.com/chef/automate/pull/8058)) - The AWS deployment of Automate HA now allows you to choose the private subnet. ([#8062](https://github.com/chef/automate/pull/8062)) - Improved documentation for all the configuration for frontend and backend nodes of Automate HA. Refer this section: https://docs.chef.io/automate/ha_config/ ([#8048](https://github.com/chef/automate/pull/8048)) - The benchmark performance numbers are available for reference in Automate document. Refer https://docs.chef.io/automate/ha_performance_benchmarks/ ([#8051](https://github.com/chef/automate/pull/8051)) ## Compliance Profile Updates - Compliance profiles are updated to version 1.0.0/20230414090134, which includes the new and improved profiles for: > CIS Oracle MySQL Community Server 5.7 v2.0.0 (Audit) > CIS IBM AIX 7.1 v2.1.0 (Audits) > CIS RHEL 8 v2.0.0 (Audits) > CIS Ubuntu 22.04 v1.0.0 > CIS Suse Linux Enterprise 12v3.1.0 > STIG Windows 11 v1r2 - This version also fixes bugs for the following profiles: > CIS CentOS Linux 7 Benchmark v3.1.2 : UMASK wrong check issue(Control 5.5.5) > CIS CentOS Linux 8 Benchmark v2.0.0 : handled false positive for sudo access controls > CIS RHEL 8 Benchmark v2.0.0 : handled false positive for sudo access controls > CIS RHEL 7 Benchmark v3.1.1 : handled false positive for sudo access controls > CIS Windows 2019 v1.3.0 Bug fix for controls in 19 series > CIS CentOS Linux 7 Benchmark v3.1.2 control 5.1.4 ## Bug Fixes - Fix the issue that stops syncing the configuration from bootstrap nodes when a new node is added to an Automate HA cluster. ([#7949](https://github.com/chef/automate/pull/7949)) - Fix to display the correct status on running `chef-automate status summary` from Bastion host when Automate services are stopped in frontend nodes. ([#7968](https://github.com/chef/automate/pull/7968)) - Chef Automate can now be provisioned using AMI images that use IMDSv2. ([#7982](https://github.com/chef/automate/pull/7982)) - Update the dex bundle to fix frequent disconnection with the Postgres database. ([#8007](https://github.com/chef/automate/pull/8007)) - Automate HA Bastion host honors the IAM role attached and should not ask for AWS credentials from users. ([#8057](https://github.com/chef/automate/pull/8057)) - Fix to remove nodes without impacting the other nodes in the AWS environment deployed Automate HA cluster. ([#8070](https://github.com/chef/automate/pull/8070)) ## Chef Packaged Product Versions This release uses: - Chef Habitat version: 1.6.521/20220603154827 - Chef Habitat Builder version: 9497/20221221224518 - Chef Infra Server version: 15.4.0/20230105061154 - Chef InSpec version: 4.56.22/20220517052126 ## Service Versions This release uses: - Postgres: 13.5 - OpenSearch: 1.3.7 - Nginx: 1.21.3 - Haproxy: 2.2.29 - Dex: 2.27.0 ## Supported External Chef Products This release supports the following external chef products: - Chef Infra Server version: 14.0.58+ - Chef Inspec version: 4.3.2+ - Chef Infra Client: 17.0.242+ - Chef Habitat: 0.81+ ## Supported Framework Versions This release is built on the following framework versions: - GoLang: 1.19.3 - OpenJDK: 11.0.17+8 - Angular: 11.2.6 View the [package manifest](https://packages.chef.io/manifests/current/automate/latest_semver.json) for the latest release.