From e3a797ff55bb271d7032d7e4ccd783e88a1d99d1 Mon Sep 17 00:00:00 2001 From: danielsdeleo Date: Sat, 28 Mar 2015 08:39:32 -0700 Subject: [PATCH] Reset docs for 12.3 and doc --minimal-ohai flag --- CHANGELOG.md | 3 + DOC_CHANGES.md | 88 ++++--------------------- RELEASE_NOTES.md | 168 ++++------------------------------------------- 3 files changed, 27 insertions(+), 232 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 163d291da2f..f25718f02df 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,9 @@ Removed after_created and added test to recipe_spec * [**Tim Sogard**](https://github.com/drags): Reset $HOME to user running chef-client when running via sudo +* [pr#3162](https://github.com/chef/chef/pull/3162): Add + `--minimal-ohai` flag to client/solo/apply; restricts ohai to only the + bare minimum of plugins. ## 12.2.1 * [Issue 3153](https://github.com/chef/chef/issues/3153): Fix bug where unset HOME would cause chef to crash diff --git a/DOC_CHANGES.md b/DOC_CHANGES.md index ceac4352738..a3fae662df9 100644 --- a/DOC_CHANGES.md +++ b/DOC_CHANGES.md @@ -6,80 +6,14 @@ Example Doc Change: Description of the required change. --> - -### knife ssh has --exit-on-error option -`knife ssh` now has an --exit-on-error option that will cause it to -fail immediately in the face of an SSH connection error. The default -behavior is move on to the next node. - -### DSC Resource - -The `dsc_resource` resource for Windows systems that allows cookbook authors to invoke [PowerShell Desired -State Configuration](http://technet.microsoft.com/en-us/library/dn249912.aspx) resources in Chef DSL. - -#### Prerequisites - -* **Windows Management Framework 5** February Preview -* **Local Configuration Manager** must be set to have a `RefreshMode` of `Disabled` - -#### Syntax - -```ruby -dsc_resource "description" do - resource "resource_name" - property :property_name, property_value - ... - property :property_name, property_value -end -``` - -#### Attributes - -- `resource`: The friendly name of the DSC resource - -- `property`: `:property_name`, `property_value` pair for each property that must be set for the DSC resource. -`property_name` must be of the `Symbol`. The following types are supported for `property_value`, along with -their conversion into Powershell: - -| Ruby Type | Powershell Type | -|-------------------------------------|-----------------| -| Fixnum | Integer | -| Float | Double | -| FalseClass | bool($false) | -| TrueClass | bool($true) | -| Chef::Util::Powershell:PSCredential | PSCredential | -| Hash | Hashtable | -| Array | Object[] | - -- `module_name` is the name of the module that the DSC resource comes from. If it is not provided, it will - be inferred. - -#### Actions - -|Action|Description| -|------|------------------------| -|`:run`| Invoke the DSC resource| - -#### Example - -```ruby -dsc_resource "demogroupremove" do - resource :group - property :groupname, 'demo1' - property :ensure, 'present' -end - -dsc_resource "useradd" do - resource :user - property :username, "Foobar1" - property :fullname, "Foobar1" - property :password, ps_credential("P@assword!") - property :ensure, 'present' -end - -dsc_resource "AddFoobar1ToUsers" do - resource :Group - property :GroupName, "demo1" - property :MembersToInclude, ["Foobar1"] -end -``` +### Chef Client, Solo, and Apply `--minimal-ohai` Flag + +Chef Client, Solo, and Apply all implement a `--minimal-ohai` flag. When +set, Chef only runs the bare minimum necessary ohai plugins required for +internal functionality. This reduces the run time of ohai and might +improve Chef performance by reducing the amount of data kept in memory. +Most users should NOT use this mode, however, because cookbooks that +rely on data collected by other ohai plugins will definitely be broken +when Chef is run in this mode. It may be possible for advanced users to +work around that by using the ohai resource to collect the "missing" +data during the compile phase. diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md index 6c45d2f41ea..859ca7c8401 100644 --- a/RELEASE_NOTES.md +++ b/RELEASE_NOTES.md @@ -1,155 +1,13 @@ -# Chef Client Release Notes 12.2.0: - -## Policyfile Chef Server 12.0.7 Compatibility - -Chef Server 12.0.7 will contain the minimum necessary funtioning -implementation of Policyfiles to converge a node. Policyfile "native -mode" is updated to work with the APIs in Chef Server 12.0.7. Note that -Chef Server 12.0.7 will likely not ship with the necessary code to -upgrade existing organizations, so you will need to set some special -configuration to opt-in to enabling the Policyfile APIs in Chef Server. -That process will be described in the release notes for Chef Server. - -## Desired State Configuration (DSC) Resource - -If you are using `Windows Management Framework(WMF) 5`, you can now take advantage of the new `dsc_resource`. -This new functionality takes advantage of WMF 5's `Invoke-DscResource` cmdlet to -directly invoke resources. - -### Prerequisites - -To use this new resource, you must have the February preview of WMF 5. -This can be installed using the Powershell cookbook. It is also required that -the Local Configuration Manager(LCM) be configured with a `RefreshMode` of `Disabled`. -Doing this will preclude you from using `dsc_script`. Below we provide an example -DSC configuration: - -```powershell -# create a configuration command to generate a meta.mof to set Local Configuration Manager settings - -Configuration LCMSettings { - Node localhost { - LocalConfigurationManager { - RefreshMode = 'Disabled' - } - } -} - -# Run the configuration command and generate the meta.mof to configure a local configuration manager -LCMSettings -# Apply the local configuration manager settings found in the LCMSettings folder (by default configurations are generated -# to a folder in the current working directory named for the configuration command name -Set-DscLocalConfigurationManager -path ./LCMSettings -``` - -Running this script tells the LCM not to do document management, allowing Chef to -take over that role. While you may be able to switch this to other values mid-run, -you should not be doing this to run both `dsc_script` and `dsc_resource` resources. - -### Usage - -Once the LCM is correctly configured, you can begin using `dsc_resource` in your recipes. -You can get a list of available by running the `Get-DscResource` command. You will be -able to use any resource that does not have an `ImplementedAs` property with value -`Composite`. - -As an example, let's consider the `User` dsc resource. Start by taking a look -at what a DSC `User` resource would look like - -``` -> Get-DscResource User - -ImplementedAs Name Module Properties -------------- ---- ------ ---------- -PowerShell User PSDesiredStateConfiguration {UserName, DependsOn, Descr... - -``` - -We see here that is `ImplementedAs` is not equal to `Composite`, so it is a resource that can -be used with `dsc_resource`. We can what properties are accpeted by the `User` resource by -running - -``` -> Get-DscResource User -Syntax - -User [string] #ResourceName -{ - UserName = [string] - [ DependsOn = [string[]] ] - [ Description = [string] ] - [ Disabled = [bool] ] - [ Ensure = [string] { Absent | Present } ] - [ FullName = [string] ] - [ Password = [PSCredential] ] - [ PasswordChangeNotAllowed = [bool] ] - [ PasswordChangeRequired = [bool] ] - [ PasswordNeverExpires = [bool] ] -} -``` - -From above, the `User` resource has a require property `UserName`, however we're probably -also going to want to prover at the very least a `Password`. From above, we can see the `UserName` -property must be of type string, and `Password` needs to be of type `PSCredential`. Since there -is no native Ruby type that maps to a Powershell PSCredential, a dsl method `ps_credential` is -provided that makes creating this simple. `ps_credential` can be called as `ps_credential(password)` -or `ps_credential(username, password)`. Under the hood, this creates a -`Chef::Util::Powershell::PSCredential` which gets serialized into a Powershell PSCredential. - -The following type translations are supported: - -| Ruby Type | Powershell Type | -|-------------------------------------|-----------------| -| Fixnum | Integer | -| Float | Double | -| FalseClass | bool($false) | -| TrueClass | bool($true) | -| Chef::Util::Powershell:PSCredential | PSCredential | -| Hash | Hashtable | -| Array | Object[] | - -With this information in hand, we can now construct a Chef `dsc_resource` resource that creates -a user. - -```ruby -dsc_resource 'create foo user' do - resource :User - property :UserName, 'FooUser' - property :Password, ps_credential("P@ssword!") - property :Ensure, 'Present' -end -``` - -#### Third Party Resources -`dsc_resource` also supports the use of 3rd party DSC resources, for example the DSC Resource Kit. These -resources can be used just like you would use any `PSDesiredStateConfiguration` resource like `User`. Since -the implementation of `dsc_resource` knows how to talk to DSC resources that are visible through the -`Get-DscResource` cmdlet, it should just work. For example, if we wanted to use `xSmbShare`, we could -construct the powershell resource as - -```ruby -dsc_resource 'create smb share' do - resource :xSmbShare - property :Name, 'Foo' - property :Path, 'C:\Foo' -end -``` - -This would execute - -``` -> Get-DscResource xSmbShare - -ImplementedAs Name Module Properties -------------- ---- ------ ---------- -PowerShell xSmbShare xSmbShare {Name, Path, ChangeAccess, ... -``` - -to look up the module name, and in this case use `xSmbShare`. However, this lookup process can slow down -the process. It is also possible that there are multiple DSC resources with that name. To address these -cases, `dsc_resource` provides an aditional attribute `module_name`. You can pass the name of the module -that the resource comes from, and `dsc_resource` will make sure that it uses that module. This will -short-circuit any logic to lookup the module name, shortening the time it takes to execute the resource. - -## Notes - -- The implementation of `dsc_resource` is base on the experimental Invoke-DscResource cmdlet +# Chef Client Release Notes 12.3.0: + +## Minimal Ohai Flag + +Chef Client, Solo, and Apply all now support a `--minimal-ohai` flag. +When set, Chef will only run the bare minimum Ohai plugins necessary to +support node name detection and resource/provider selection. The primary +motivation for this feature is to speed up Chef's integration tests +which run `chef-client` (and solo) many times in various contexts, +however advanced users may find it useful in certain use cases. Any +cookbook that relies on other ohai data will absolutely not work in this +mode unless the user implements workarounds such as running the ohai +resource during the compile phase.