## Security release of RubyGems Chef Infra Client 13.4 includes RubyGems 2.6.13 to fix the following CVEs: - [CVE-2017-0899](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0899) - [CVE-2017-0900](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0900) - [CVE-2017-0901](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0901) - [CVE-2017-0902](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0902) ## Ifconfig provider on Red Hat now supports additional properties It is now possible to set `ETHTOOL_OPTS`, `BONDING_OPTS`, `MASTER` and `SLAVE` properties on interfaces on Red Hat compatible systems. See for further information ### Properties - `ethtool_opts`
**Ruby types:** String
**Platforms:*- Fedora, RHEL, Amazon Linux A string containing arguments to ethtool. The string will be wrapped in double quotes, so ensure that any needed quotes in the property are surrounded by single quotes - `bonding_opts`
**Ruby types:** String
**Platforms:*- Fedora, RHEL, Amazon Linux A string containing configuration parameters for the bonding device. - `master`
**Ruby types:** String
**Platforms:*- Fedora, RHEL, Amazon Linux The channel bonding interface that this interface is linked to. - `slave`
**Ruby types:** String
**Platforms:*- Fedora, RHEL, Amazon Linux Whether the interface is controlled by the channel bonding interface defined by `master`, above. ## Chef Vault is now included Chef Infra Client 13.4 now includes the `chef-vault` gem, making it easier for users of chef-vault to use their encrypted items. ## Windows `remote_file` resource with alternate credentials The `remote_file` resource now supports the use of credentials on Windows when accessing a remote UNC path on Windows such as `\\myserver\myshare\mydirectory\myfile.txt`. This allows access to the file at that path location even if the Chef client process identity does not have permission to access the file. The new properties `remote_user`, `remote_domain`, and `remote_password` may be used to specify credentials with access to the remote file so that it may be read. **Note**: This feature is mainly used for accessing files between two nodes in different domains and having different user accounts. In case the two nodes are in same domain, `remote_file` resource does not need `remote_user` and `remote_password` specified because the user has the same access on both systems through the domain. ### Properties The following properties are new for the `remote_file` resource: - `remote_user`
**Ruby types:** String
_Windows only:_ The user name of a user with access to the remote file specified by the `source` property. Default value: `nil`. The user name may optionally be specified with a domain, i.e. `domain\user` or `user@my.dns.domain.com` via Universal Principal Name (UPN) format. It can also be specified without a domain simply as `user` if the domain is instead specified using the `remote_domain` attribute. Note that this property is ignored if `source` is not a UNC path. If this property is specified, the `remote_password` property **must*- be specified. - `remote_password`
**Ruby types*- String
_Windows only:_ The password of the user specified by the `remote_user` property. Default value: `nil`. This property is mandatory if `remote_user` is specified and may only be specified if `remote_user` is specified. The `sensitive` property for this resource will automatically be set to `true` if `remote_password` is specified. - `remote_domain`
**Ruby types*- String
_Windows only:_ The domain of the user user specified by the `remote_user` property. Default value: `nil`. If not specified, the user and password properties specified by the `remote_user` and `remote_password` properties will be used to authenticate that user against the domain in which the system hosting the UNC path specified via `source` is joined, or if that system is not joined to a domain it will authenticate the user as a local account on that system. An alternative way to specify the domain is to leave this property unspecified and specify the domain as part of the `remote_user` property. ### Examples Accessing file from a (different) domain account ```ruby remote_file "E://domain_test.txt" do source "\\\\myserver\\myshare\\mydirectory\\myfile.txt" remote_domain "domain" remote_user "username" remote_password "password" end ``` OR ```ruby remote_file "E://domain_test.txt" do source "\\\\myserver\\myshare\\mydirectory\\myfile.txt" remote_user "domain\\username" remote_password "password" end ``` Accessing file using a local account on the remote machine ```ruby remote_file "E://domain_test.txt" do source "\\\\myserver\\myshare\\mydirectory\\myfile.txt" remote_domain "." remote_user "username" remote_password "password" end ``` OR ```ruby remote_file "E://domain_test.txt" do source "\\\\myserver\\myshare\\mydirectory\\myfile.txt" remote_user ".\\username" remote_password "password" end ``` ## windows_path resource `windows_path` resource has been moved to core chef from windows cookbook. Use the `windows_path` resource to manage the path environment variable on Microsoft Windows. ### Actions - `:add` - Add an item to the system path - `:remove` - Remove an item from the system path ### Properties - `path` - Name attribute. The name of the value to add to the system path ### Examples Add Sysinternals to the system path ```ruby windows_path 'C:\Sysinternals' do action :add end ``` Remove 7-Zip from the system path ```ruby windows_path 'C:\7-Zip' do action :remove end ``` ## Ohai 13.4 ### Windows EC2 Detection Detection of nodes running in EC2 has been greatly improved and should now detect nodes 100% of the time including nodes that have been migrated to EC2 or were built with custom AMIs. ### Azure Metadata Endpoint Detection Ohai now polls the new Azure metadata endpoint, giving us additional configuration details on nodes running in Azure Sample data now available under azure: ```javascript { "metadata": { "compute": { "location": "westus", "name": "timtest", "offer": "UbuntuServer", "osType": "Linux", "platformFaultDomain": "0", "platformUpdateDomain": "0", "publisher": "Canonical", "sku": "17.04", "version": "17.04.201706191", "vmId": "8d523242-71cf-4dff-94c3-1bf660878743", "vmSize": "Standard_DS1_v2" }, "network": { "interfaces": { "000D3A33AF03": { "mac": "000D3A33AF03", "public_ipv6": [ ], "public_ipv4": [ "52.160.95.99", "23.99.10.211" ], "local_ipv6": [ ], "local_ipv4": [ "10.0.1.5", "10.0.1.4", "10.0.1.7" ] } }, "public_ipv4": [ "52.160.95.99", "23.99.10.211" ], "local_ipv4": [ "10.0.1.5", "10.0.1.4", "10.0.1.7" ], "public_ipv6": [ ], "local_ipv6": [ ] } } } ``` ### Package Plugin Supports Arch Linux The Packages plugin has been updated to include package information on Arch Linux systems.