Release Notes: chef-client 11.10

Chef is a powerful automation platform that transforms infrastructure into code. Whether you’re operating in the cloud, on-premises, or in a hybrid environment, Chef automates how infrastructure is configured, deployed, and managed across your network, no matter its size.

This diagram shows how you develop, test, and deploy your Chef code.

What’s New

The following items are new for chef-client 11.10 and/or are changes from previous versions. The short version:

  • Use a recipe with the chef-client local mode A recipe can now be specified when running the chef-client in local mode
  • New attributes for the group resource Members can be removed from groups (excluded_members) and duplicate group identifiers are allowed (non_unique)
  • New compare subcommand for knife environment Compare cookbook versions for environments
  • New attributes for git resource The checkout_branch and enable_checkout attributes were added to allow greater specificity for branch checkouts

chef-client Options

A recipe can be specified when running the chef-client, typically when running the chef-client in local mode:

The path to a recipe. For example, if a recipe file is in the current directory, use recipe_file.rb. This is typically used with the --local-mode option.

The syntax for using this option is:

$ chef-client [options] [RECIPE_FILE...]

group Attributes

The following attributes have been added to the group resource:

Attribute Description
excluded_members Remove users from a group. May only be used when append is set to true.
non_unique Allow gid duplication. May only be used with the Groupadd provider. Default value: false.

git Attributes

The following attributes have been added to the git resource:

Attribute Description
checkout_branch Do a one-time checkout from git or use when a branch in the upstream repository is named deploy. To prevent the git resource from attempting to check out master from master, set enable_checkout to false when using the checkout_branch property. Default value: deploy.
enable_checkout Check out a repo from master. Set to false when using the checkout_branch attribute to prevent the git resource from attempting to check out master from master. Default value: true.

knife environment compare

Use the compare argument to compare the cookbook version constraints that are set on one (or more) environments.


This argument has the following syntax:

$ knife environment compare [ENVIRONMENT_NAME...] (options)


This argument has the following options:

-a, --all
Upload all environments found at the specified path.
-m, --mismatch
Show only matching versions.


$ knife environment compare development staging

will return something similar to:

            development  staging
apache      2.3.1        1.2.2
windows     4.1.2        1.0.0
postgresql  1.0.0        1.0.0

What’s Fixed

The following bugs were fixed:

  • CHEF-1260 — File Resource shouldn’t checksum large files if checksum is not needed
  • CHEF-1459 — Chef::Provider::Group::Pw doesn’t support append members on FreeBSD
  • CHEF-1699 — Getting group not working right after useradd
  • CHEF-1977 — recipes added via include_recipe are not found via search for recipes:<name>
  • CHEF-2418 — ‘knife ssh’ should prompt for user password
  • CHEF-2688 — group resource fails if group already exists
  • CHEF-3012 — Windows group provider is not idempotent for domain users
  • CHEF-3041 — Group::Aix provider should have specs
  • CHEF-3042 — Group::Suse provider should have specs
  • CHEF-3297 — The groupmod provider should allow you to remove individual users
  • CHEF-3531 — data bags searched by the ‘users’ cookbook can’t have dots in the value for ‘id’
  • CHEF-3539 — inconsistent man page for chef-client
  • CHEF-3582 — whyrun mode fails for user resource lock action
  • CHEF-3651 — group provider on suse Linux adds user multiple times
  • CHEF-3691 — Windows provider for service resource automatically times out after 60 seconds
  • CHEF-3734 — add options to control “git checkout -b deploy”
  • CHEF-3857 — allow convert attributes to ruby hashes for easy modification
  • CHEF-3940 — Chef::Provider::Git with user attribute queries /root/.conf/git/config
  • CHEF-3983 — control-c during chef-client runs leave child processes around
  • CHEF-4093 — knife environment compare
  • CHEF-4110 — ruby_blocks should support why_run
  • CHEF-4347 — Typo in generated cookbook README when using knife
  • CHEF-4358 — Chef client fails when invoked with an empty environment
  • CHEF-4363 — Unable to add event handlers from config file
  • CHEF-4379 — Adding runtime in stdout for Chef 11
  • CHEF-4420 — mailto attribute in Cron resource can not be removed once set
  • CHEF-4421 — Improve “No cookbook found” error message
  • CHEF-4439 — A single character is valid user name in linux/unix (hence valud owner of a file)
  • CHEF-4441 — decrypting an encrypted data bag w/o a key now throws “can’t convert nil into String”
  • CHEF-4498 — doesn’t work on FreeBSD 9.1
  • CHEF-4616 — Chef-client Cannot Handle Bare IPv6 In chef_server_url
  • CHEF-4632 — Loosen JSON dependency to support 1.8.0+
  • CHEF-4633 — deep merge should not re-assign dest var for every key in a source hash
  • CHEF-4639 — writing credentials files with file or template may leak credentials in diffs
  • CHEF-4673 — change doc URL in shell to
  • CHEF-4676 — depend on net-ssh-multi 1.2.0
  • CHEF-4700 — Remove an unused variable in spec/unit/client_spec.rb
  • CHEF-4703 — Refactor handle_command_failures method.
  • CHEF-4709 — knife bootstrap of Solaris fails again
  • CHEF-4725 — Chef 11.8 buffers all output until the end of the run instead of displaying as it runs
  • CHEF-4730 — knife environment compare
  • CHEF-4733 — Directory, template providers: owner validation fails on single-character strings
  • CHEF-4734 — Stop enforcing group/owner regular expressions
  • CHEF-4747 — Allow configuring how many threads will be used for knife cookbook upload
  • CHEF-4748 — Knife data bag accepts different ID validation during “data bag item from file” and “data bag edit” vs the “data bag create”
  • CHEF-4759 — chef-solo on Windows prints out ASCII escape sequences
  • CHEF-4762 — http_request with action :head does not behave correctly in 11.8.0
  • CHEF-4782 — chef service provider action “enable” not idempodent on ubuntu/debian
  • CHEF-4806 — debian service not idempotent and ignoring S runlevel
  • CHEF-4822 — Remove unused instance variable startup_type from service resource
  • CHEF-4825 — Omnitruck and overall rollup ticket
  • CHEF-4842 — User resource comparison fails if comment includes unicode characters
  • CHEF-4845 — Invalid regexp in aix package provider
  • CHEF-4849 — Package resource should implement variables method for use with templates
  • CHEF-4850 — Chef::Util::FileEdit leaks handle
  • CHEF-4852 — Print total resources along with updated resources in doc formatter
  • CHEF-4909 — Add support for loading a static list of plugins to knife
  • CHEF-4910 — Ruby 2.1 compatibility
  • CHEF-4913 — ffi 1.3.1 is too low a version when using Ruby 2.0.0 with Windows
  • CHEF-4914 — integration tests fail when there is another chef-client first in the PATH
  • CHEF-4958 — (Refactor) Extract policy setup code from Chef::Client to a new component
  • CHEF-4963 — Mixlib-shellout library is incorrect for Chef 11.8.2
  • CHEF-4983 — Incompatibility with ChefSpec introduced by CHEF-4958
  • CHEF-4984 — Experimental Support for Policyfile-based node policy