Release Notes: chef-client 11.8

Chef is a powerful automation platform that transforms infrastructure into code. Whether you’re operating in the cloud, on-premises, or in a hybrid environment, Chef automates how infrastructure is configured, deployed, and managed across your network, no matter its size.

This diagram shows how you develop, test, and deploy your Chef code.

What’s New

The following items are new for chef-client 11.8 and/or are changes from previous versions. The short version:

  • Local mode for the chef-client The chef-client can now be run in local mode, which allows the chef-client to run against the local chef-repo as if it were running against a Chef server.
  • New configuration settings Three configuration settings have been added to support the use of local mode: chef_zero[:enabled], chef_zero[:port], and local_mode.
  • New man pages for Knife The man pages built into knife, chef-client, chef-shell, chef-solo, and Ohai are now synchronized with the same topics from and are current as of the chef-client 11.8 release.
  • Timeout attribute added for source control management The deploy, git, and subversion resources now support a timeout attribute. When this attribute is specified using the deploy resource, the value is passed to the git and subversion resources.


chef-zero is a very lightweight Chef server that runs in-memory on the local machine. This allows the chef-client to be run against the chef-repo as if it were running against the Chef server. chef-zero was originally a standalone tool; it is enabled from within the chef-client by using the --local-mode option. chef-zero is very useful for quickly testing and validating the behavior of the chef-client, cookbooks, recipes, and run-lists before uploading that data to the actual Chef server.

chef-client Local Mode

The chef-client can be run in local mode using the --local-mode option:

-z, --local-mode
Run the chef-client in local mode. This allows all commands that work against the Chef server to also work against the local chef-repo.

Local mode is a way to run the chef-client against the chef-repo on a local machine as if it were running against the Chef server. Local mode relies on chef-zero, which acts as a very lightweight instance of the Chef server. chef-zero reads and writes to the chef_repo_path, which allows all commands that normally work against the Chef server to be used against the local chef-repo.

Local mode does not require a configuration file, instead it will look for a directory named /cookbooks and will set chef_repo_path to be just above that. (Local mode will honor the settings in a configuration file, if desired.) If the client.rb file is not found and no configuration file is specified, local mode will search for a knife.rb file.

Local mode will store temporary and cache files under the <chef_repo_path>/.cache directory by default. This allows a normal user to run the chef-client in local mode without requiring root access.

Knife Support for chef-zero

New common options have been added:

--chef-zero-port PORT
The port on which chef-zero listens.
-z, --local-mode
Run the chef-client in local mode. This allows all commands that work against the Chef server to also work against the local chef-repo.

New Config Settings

New settings are available for the knife.rb and client.rb configuration files:

Setting Description

Enable chef-zero. This setting requires local_mode to be set to true. Default value: false. For example:

chef_zero.enabled true

The port on which chef-zero is to listen. Default value: 8889. For example:

chef_zero[:port] 8889

Run the chef-client in local mode. This allows all commands that work against the Chef server to also work against the local chef-repo. For example:

local_mode true
verify_api_cert Verify the SSL certificate on the Chef server. When true, the chef-client always verifies the SSL certificate. When false, the chef-client uses the value of ssl_verify_mode to determine if the SSL certificate requires verification. Default value: false.

New Man Pages

The man pages built into knife, chef-client, chef-shell, chef-solo, and Ohai are now synchronized with the same topics from and are current as of the chef-client 11.8 release. The man pages and online topics are published using the same process, which means that the information published to each format is identical. That said, the pages are updated more frequently than man pages will be; changes made to the topics on after this release will be included in future updates of the chef-client.

http_request resource, JSON messages

The approach for using the http_request resource to send a POST request that has a JSON message body has changed. Specifically, the message must be converted to JSON using to_json and the content-type header must be specified within the header.

For releases prior to chef-client 11.8, POST requests with a JSON message body looked like:

http_request "posting data" do
  action :post
  url ""
  message :some => "data"
  headers({"AUTHORIZATION" => "Basic #{Base64.encode64("username:password")}"})

And starting with chef-client 11.8, they should be like:

http_request "posting data" do
  action :post
  url ""
  message ({:some => "data"}.to_json)
  headers({"AUTHORIZATION" => "Basic #{Base64.encode64("username:password")}","Content-Type" => "application/data"})

What’s Fixed

The following bugs were fixed:

  • CHEF-1559 — Debian service provider does not modify the priorities of service
  • CHEF-3159 — Do not silently exit when the daemon isn’t executable in init scripts on Debian
  • CHEF-3798 — user provider on Windows tries to set the password even if not provided
  • CHEF-3881 — exit 1, not 0, if $DAEMON (chef-client) is not executable
  • CHEF-3982 — wget/curl dep in chef-full knife bootstrap script fails on Solaris 10
  • CHEF-4014 — Group provider does not respect group_name on Windows
  • CHEF-4084 — knife status -r adds incorrect punctuation
  • CHEF-4155 — remove the chef-apply symlink in postinst/postrm
  • CHEF-4196 — chef-shell & chef-apply aren’t deleted by postinst & postrm scripts
  • CHEF-4197 — Chef::Provider::Mount device_mount_regex fails to populate capture groups when device is symlink (Ubuntu 12)
  • CHEF-4200 — When uid is sent into user provider as a string, chef should not update user on each chef run
  • CHEF-4271 — “–sudo-use-password” option for knife-bootstrap should escape passwords with ‘ ‘ to allow for special characters to be passed in via command line
  • CHEF-4335 — Knife ssh adds annoying extra newlines to output
  • CHEF-4344 — Fix typo in spec
  • CHEF-4353 — No way to assign validator property to client.
  • CHEF-4371 — FreeBSD Package Provider fails when package name contains +’s.
  • CHEF-4375 — chef-service-manager –version shows “version unknown”
  • CHEF-4394 — Add an equivalent for –fork on Windows
  • CHEF-4399 — Line endings for templates are based on the platform the template was written on not on the node platform
  • CHEF-4406 — response_file fails trying to load preseed templates and falls back to cookbook files.
  • CHEF-4411 — Fix –copyright and –email typos in knife cookbook create docs
  • CHEF-4422 — remote_file fails when source becomes too long
  • CHEF-4426 — knife cookbook upload doesn’t work on windows when working with :versioned_cookbooks
  • CHEF-4435 — does a PUT getting a 405 from the chef server
  • CHEF-4456 — Knife cookbook site share fails with Ruby 2
  • CHEF-4457 — Diffs fail when there are spaces in the path
  • CHEF-4470 — Running chef-client fails when chef is running as a service on windows
  • CHEF-4482 — user resource allows defining uid as a string but results in re-applying the change with each run
  • CHEF-4493 — Merge unmerged knife-essentials code into chef
  • CHEF-4499 — knife upload subcommand does not support any options
  • CHEF-4507 — smartos package provider matches package names too loosely in candidate_version
  • CHEF-4509 — After CHEF-4011 - Double encryption problem
  • CHEF-4513 — HTTPS proxy not set (wget only) using HTTPS to download the Omnibus installer
  • CHEF-4515 — Wrong puzzling/confusing message “Unsupported json_class type ‘Chef::WebUIUser’ (JSON::ParserError)” while users upload
  • CHEF-4526 — knife environment edit still is .js temp files
  • CHEF-4534 — Upstart provider’s restart_service if..else has a syntax bug
  • CHEF-4554 — Typo in chef solo config file option default
  • CHEF-4556 — chef-client service starts at every run of chef-client::service recipe
  • CHEF-4561 — :write is not a valid action for log resource
  • CHEF-4567 — SmartOSPackage class expands to the wrong DSL method
  • CHEF-4592 — “knife delete” subcommand options not showing on the command line
  • CHEF-4602 — Errno::ETXTBSY Text file busy
  • CHEF-4610 — Chef on Windows prints “deprecated” warning for every operation
  • CHEF-4614 — ResourceReporter should check that before/after state for a resource are hashes
  • CHEF-4615 — –chef-repo-path doesn’t work for knife deps, download, etc
  • CHEF-4625 — Remote_file local file copy on Windows fails with EACCESS, requires atomic_update false workaround
  • CHEF-4649 — Auto configure ssl_ca_file on windows when running in omnibus
  • CHEF-4671 — Remote file cache control handling needs to be updated for HTTP library refactor
  • CHEF-4674 — 11.6.2 windows MSI does not include Erubis executable

What’s Improved

The following improvements were made:

  • CHEF-3609 — when bootstrapping, should generate no_proxy in /etc/chef/client.rb if no_proxy is configured in knife.rb
  • CHEF-4248 — Expose timeout attribute on scm resource and associated providers
  • CHEF-4343 — Only test certain branches on Travis
  • CHEF-4458 — add chef_ca_cert resource
  • CHEF-4465 — mdadm provider shouldn’t pass chunk size for mirrors
  • CHEF-4469 — Allow Solaris package install from Jumpstart install server’s NFS share of packages
  • CHEF-4471 — Add Windows 8.1/2012 R2 to Chef Windows Helper
  • CHEF-4477 — fix typographical errors in autogenerated
  • CHEF-4488 — Support chef_server_url ‘local’ running chef-zero
  • CHEF-4497 — tag method should be moved into the Node object
  • CHEF-4529 — A Timestamp of backup_filename is too short.
  • CHEF-4568 — Normalize whitespace
  • CHEF-4571 — GET ‘/cookbooks/foo/_latest’ returns duplicate JSON keys in recipes
  • CHEF-4578 — groupadd add non_unique support (-o)
  • CHEF-4585 — chef/mixin/shell_out should require mixlib/shellout and document why it requires chef/shell_out
  • CHEF-4603 — Refactor Chef::REST so behavior is swappable
  • CHEF-4648 — Add Pry as a runtime dep

New Features

The following features were added:

  • CHEF-2928 — Chef solo’s role_path should allow for an array of paths