The following items are new for Chef Infra Client 12.4 and/or are changes from previous versions. The short version:
- **Validatorless bootstrap now requires the node name** Use of the
`-N node_name` option with a validatorless bootstrap is now
required.
- **remote_file resource supports Windows UNC paths for source
location** A Microsoft Windows UNC path may be used to specify the
location of a remote file.
- **Run PowerShell commands without excessive quoting** Use the
`Import-Module chef` module to run Windows PowerShell commands
without excessive quotation.
- **Logging may use the Windows Event Logger** Log files may be sent
to the Windows Event Logger. Set the `log_location` setting in the
client.rb file to `Chef::Log::WinEvt.new`.
- **Logging may be configured to use daemon facility available to the
chef-client** Log files may be sent to the syslog available to the
chef-client. Set the `log_location` setting in the client.rb file to
`Chef::Log::Syslog.new("chef-client", ::Syslog::LOG_DAEMON)`.
- **Package locations on the Windows platform may be specified using a
URL** The location of a package may be at URL when using the
**windows_package** resource.
- **Package locations on the Windows platform may be specified by
passing attributes to the remote_file resource** Use the
`remote_file_attributes` attribute to pass a Hash of attributes that
modifies the **remote_file** resource.
- **Public key management for users and clients** The `knife client`
and `knife user` subcommands may now create, delete, edit, list, and
show public keys.
- **knife client create and knife user create options have changed**
With the new key management subcommands, the options for
`knife client create` and `knife user create` have changed.
- **chef-client audit-mode is no longer marked as "experimental"** The
recommended version of audit-mode is chef-client 12.4, where it is
no longer marked as experimental. Chef Infra Client will report audit
failures independently of converge failures.
## UNC paths, **remote_file**
When using the **remote_file** resource, the location of a source file
may be specified using a Microsoft Windows UNC. For example:
```ruby
source "\\\\path\\to\\img\\sketch.png"
```
## Import-Module chef
Chef Infra Client version 12.4 release adds an optional feature to the
Microsoft Installer Package (MSI) for Chef. This feature enables the
ability to pass quoted strings from the Windows PowerShell command line
without the need for triple single quotes (`''' '''`). This feature
installs a Windows PowerShell module (typically in
`C:\opscode\chef\modules`) that is also appended to the `PSModulePath`
environment variable. This feature is not enabled by default. To
activate this feature, run the following command from within Windows
PowerShell:
```bash
Import-Module chef
```
or add `Import-Module chef` to the profile for Windows PowerShell
located at:
```bash
~\Documents\WindowsPowerShell\Microsoft.PowerShell_profile.ps1
```
This module exports cmdlets that have the same name as the command-line
tools---chef-client, knife, chef-apply---that are built into Chef.
For example:
```bash
knife exec -E 'puts ARGV' """&s0meth1ng"""
```
is now:
```bash
knife exec -E 'puts ARGV' '&s0meth1ng'
```
and:
```bash
knife node run_list set test-node '''role[ssssssomething]'''
```
is now:
```bash
knife node run_list set test-node 'role[ssssssomething]'
```
To remove this feature, run the following command from within Windows
PowerShell:
```bash
Remove-Module chef
```
## client.rb Settings
The following settings have changed:
log_location |
The location of the log file. Possible values: /path/to/log_location , STDOUT , STDERR , Chef::Log::WinEvt.new (Windows Event Logger), or Chef::Log::Syslog.new("chef-client", ::Syslog::LOG_DAEMON) (writes to the syslog daemon facility with the originator set as chef-client ). The application log will specify the source as Chef . Default value: STDOUT . |
## **windows_package** Updates
The **windows_package** resource has two new attributes (`checksum` and
`remote_file_attributes`) and the `source` attribute now supports using
a URL:
checksum |
The SHA-256 checksum of the file. Use to prevent a file from being re-downloaded. When the local file matches the checksum, Chef Infra Client does not download it. Use when a URL is specified by the source attribute. |
remote_file_attributes |
A package at a remote location define as a Hash of properties that modifies the properties of the remote_file resource. |
source |
Optional. The path to a package in the local file system. The location of the package may be at a URL. Default value: the name of the resource block. See "Syntax" section above for more information. |
Examples:
**Specify a URL for the source attribute**
```ruby
windows_package '7zip' do
source 'http://www.7-zip.org/a/7z938-x64.msi'
end
```
**Specify path and checksum**
```ruby
windows_package '7zip' do
source 'http://www.7-zip.org/a/7z938-x64.msi'
checksum '7c8e873991c82ad9cfc123415254ea6101e9a645e12977dcd518979e50fdedf3'
end
```
**Modify remote_file resource attributes**
The **windows_package** resource may specify a package at a remote
location using the `remote_file_attributes` property. This uses the
**remote_file** resource to download the contents at the specified URL
and passes in a Hash that modifies the properties of the [remote_file
resource](/resources/remote_file/).
For example:
```ruby
windows_package '7zip' do
source 'http://www.7-zip.org/a/7z938-x64.msi'
remote_file_attributes ({
:path => 'C:\\7zip.msi',
:checksum => '7c8e873991c82ad9cfc123415254ea6101e9a645e12977dcd518979e50fdedf3'
})
end
```
## knife client key
Use the `knife client` subcommand to manage an API client list and their
associated RSA public key-pairs. This allows authentication requests to
be made to the Chef server by any entity that uses the Chef server API,
such as Chef Infra Client and knife.
### key create
Use the `key create` argument to create a public key.
**Syntax**
This argument has the following syntax:
```bash
knife client key create CLIENT_NAME (options)
```
**Options**
This argument has the following options:
`-e DATE`, `--expiration-date DATE`
: The expiration date for the public key, specified as an ISO 8601
formatted string: `YYYY-MM-DDTHH:MM:SSZ`. If this option is not
specified, the public key will not have an expiration date. For
example: `2013-12-24T21:00:00Z`.
`-f FILE`, `--file FILE`
: Save a private key to the specified file name. If the `--public-key`
option is not specified the Chef server will generate a private key.
`-k NAME`, `--key-name NAME`
: The name of the public key.
`-p FILE_NAME`, `--public-key FILE_NAME`
: The path to a file that contains the public key. If this option is
not specified, and only if `--key-name` is specified, the Chef
server will generate a public/private key pair.
### key delete
Use the `key delete` argument to delete a public key.
**Syntax**
This argument has the following syntax:
```bash
knife client key delete CLIENT_NAME KEY_NAME
```
### key edit
Use the `key edit` argument to modify or rename a public key.
**Syntax**
This argument has the following syntax:
```bash
knife client key edit CLIENT_NAME KEY_NAME (options)
```
**Options**
This argument has the following options:
`-c`, `--create-key`
: Generate a new public/private key pair and replace an existing
public key with the newly-generated public key. To replace the
public key with an existing public key, use `--public-key` instead.
`-e DATE`, `--expiration-date DATE`
: The expiration date for the public key, specified as an ISO 8601
formatted string: `YYYY-MM-DDTHH:MM:SSZ`. If this option is not
specified, the public key will not have an expiration date. For
example: `2013-12-24T21:00:00Z`.
`-f FILE`, `--file FILE`
: Save a private key to the specified file name. If the `--public-key`
option is not specified the Chef server will generate a private key.
`-k NAME`, `--key-name NAME`
: The name of the public key.
`-p FILE_NAME`, `--public-key FILE_NAME`
: The path to a file that contains the public key. If this option is
not specified, and only if `--key-name` is specified, the Chef
server will generate a public/private key pair.
### key list
Use the `key list` argument to view a list of public keys for the named
client.
**Syntax**
This argument has the following syntax:
```bash
knife client key list CLIENT_NAME (options)
```
**Options**
This argument has the following options:
`-e`, `--only-expired`
: Show a list of public keys that have expired.
`-n`, `--only-non-expired`
: Show a list of public keys that have not expired.
`-w`, `--with-details`
: Show a list of public keys, including URIs and expiration status.
### key show
Use the `key show` argument to view details for a specific public key.
**Syntax**
This argument has the following syntax:
```bash
knife client key show CLIENT_NAME KEY_NAME
```
## knife user key
Use the `knife user` subcommand to manage the list of users and their
associated RSA public key-pairs.
### key create
Use the `key create` argument to create a public key.
**Syntax**
This argument has the following syntax:
```bash
knife user key create USER_NAME (options)
```
**Options**
This argument has the following options:
`-e DATE`, `--expiration-date DATE`
: The expiration date for the public key, specified as an ISO 8601
formatted string: `YYYY-MM-DDTHH:MM:SSZ`. If this option is not
specified, the public key will not have an expiration date. For
example: `2013-12-24T21:00:00Z`.
`-f FILE`, `--file FILE`
: Save a private key to the specified file name.
`-k NAME`, `--key-name NAME`
: The name of the public key.
`-p FILE_NAME`, `--public-key FILE_NAME`
: The path to a file that contains the public key. If this option is
not specified, and only if `--key-name` is specified, the Chef
server will generate a public/private key pair.
### key delete
Use the `key delete` argument to delete a public key.
**Syntax**
This argument has the following syntax:
```bash
knife user key delete USER_NAME KEY_NAME
```
### key edit
Use the `key edit` argument to modify or rename a public key.
**Syntax**
This argument has the following syntax:
```bash
knife user key edit USER_NAME KEY_NAME (options)
```
**Options**
This argument has the following options:
`-c`, `--create-key`
: Generate a new public/private key pair and replace an existing
public key with the newly-generated public key. To replace the
public key with an existing public key, use `--public-key` instead.
`-e DATE`, `--expiration-date DATE`
: The expiration date for the public key, specified as an ISO 8601
formatted string: `YYYY-MM-DDTHH:MM:SSZ`. If this option is not
specified, the public key will not have an expiration date. For
example: `2013-12-24T21:00:00Z`.
`-f FILE`, `--file FILE`
: Save a private key to the specified file name. If the `--public-key`
option is not specified the Chef server will generate a private key.
`-k NAME`, `--key-name NAME`
: The name of the public key.
`-p FILE_NAME`, `--public-key FILE_NAME`
: The path to a file that contains the public key. If this option is
not specified, and only if `--key-name` is specified, the Chef
server will generate a public/private key pair.
### key list
Use the `key list` argument to view a list of public keys for the named
user.
**Syntax**
This argument has the following syntax:
```bash
knife user key list USER_NAME (options)
```
**Options**
This argument has the following options:
`-e`, `--only-expired`
: Show a list of public keys that have expired.
`-n`, `--only-non-expired`
: Show a list of public keys that have not expired.
`-w`, `--with-details`
: Show a list of public keys, including URIs and expiration status.
### key show
Use the `key show` argument to view details for a specific public key.
**Syntax**
This argument has the following syntax:
```bash
knife user key show USER_NAME KEY_NAME
```
## Updated knife Options
With the new key management subcommands, the options for
`knife client create` and `knife user create` have changed.
### knife client create
This argument has the following options:
`-a`, `--admin`
: Create a client as an admin client.
`-f FILE`, `--file FILE`
: Save a private key to the specified file name.
`-k`, `--prevent-keygen`
: Create a user without a public key. This key may be managed later by
using the `knife user key` subcommands.
Warning
This option is valid only with Chef server API, version 1.0, which
was released with Chef server 12.1. If this option or the
`--user-key` option are not passed in the command, the Chef server
will create a user with a public key named `default` and will return
the private key. For the Chef server versions earlier than 12.1,
this option will not work; a public key is always generated unless
`--user-key` is passed in the command.
`-p FILE`, `--public-key FILE`
: The path to a file that contains the public key. This option may not
be passed in the same command with `--prevent-keygen`. When using
Chef a default key is generated if this option is not passed in the
command. For Chef server version 12.x, see the `--prevent-keygen`
option.
`--validator`
: Create the client as the chef-validator. Default value: `true`.
### knife user create
This argument has the following options:
`-a`, `--admin`
: Create a client as an admin client. This is required for any user to
access Open Source Chef as an administrator. This option only works
when used with the open source Chef server and will have no effect
when used with Enterprise Chef or Chef server 12.x.
`-f FILE_NAME`, `--file FILE_NAME`
: Save a private key to the specified file name.
`-k`, `--prevent-keygen`
: Create a user without a public key. This key may be managed later by
using the `knife user key` subcommands.
Note
This option is valid only with Chef server API, version 1.0, which
was released with Chef server 12.1. If this option or the
`--user-key` option are not passed in the command, the Chef server
will create a user with a public key named `default` and will return
the private key. For the Chef server versions earlier than 12.1,
this option will not work; a public key is always generated unless
`--user-key` is passed in the command.
`-p PASSWORD`, `--password PASSWORD`
: The user password. This option only works when used with the open
source Chef server and will have no effect when used with Enterprise
Chef or Chef server 12.x.
`--user-key FILE_NAME`
: The path to a file that contains the public key. When using Open
Source Chef a default key is generated if this option is not passed
in the command. For Chef server version 12.x, see the
`--prevent-keygen` option.