Meta tags:
description= Chef Backend release notes;
Headings (most frequently used words):
chef, backend, fixes, enhancements, bug, security, elasticsearch, ruby, component, updates, openjdk, 14, platforms, health, infra, client, status, 16, packaging, improvements, 11, 13, postgresql, 25, improve, epmd, on, release, notes, 30, upgrading, upgrades, fix, 23, newly, supported, deprecated, rpm, package, digests, log4j, mitigation, openssl, 2zb, checker, ionice, configuration, options, leader, endpoint, caching, 15, 12, 22, increased, memory, allocation, erlang, 18, etcd, 19, new, deprecations, backup, timeout, control, cluster, temporary, files, ssl, ciphers, improved, checking, for, demoted, leaders, fails, certain, ipv6, configurations, java, 8u144, update, minimum_master_nodes, node, removal, include, disk, in, checks, and, output, robustness, regarding,
Text of the page (most frequently used words):
chef (235), the (108), cve (101), backend (84), and (62), infra (47), overview (46), #elasticsearch (39), for (38), version (37), from (35), server (34), postgresql (33), upgrade (33), fixes (32), install (32), automate (31), 2021 (30), builder (30), security (28), with (28), deployment (28), node (27), this (26), bug (24), enhancements (24), that (24), aws (24), client (23), cluster (23), configure (23), ruby (22), about (22), updated (21), habitat (20), health (19), etcd (19), configuration (19), packages (19), backup (18), ctl (18), users (18), supermarket (18), status (17), now (17), 2020 (17), new (16), leader (16), manage (16), api (16), prem (16), improve (14), following (14), leaderl (14), nodes (14), management (14), 2022 (14), reference (14), config (14), are (13), platforms (13), release (13), community (13), recovery (13), restore (13), settings (13), managed (13), resolve (13), 2019 (13), license (13), updates (12), openjdk (12), started (12), cves (12), 2017 (12), workstation (12), 360 (12), supported (11), create (11), set (11), system (11), 2018 (11), platform (11), all (10), epmd (10), disk (10), using (10), data (10), compliance (10), effortless (10), saas (10), opensearch (10), database (10), update (9), component (9), upgrades (9), package (9), you (9), which (9), cloud (9), service (9), guide (9), certificates (9), requirements (9), ssl (8), files (8), erlang (8), improvements (8), upgrading (8), your (8), can (8), fail (8), performance (8), resources (8), prerequisites (8), origin (8), disaster (8), desktop (8), iam (8), use (7), improved (7), timeout (7), deprecations (7), endpoint (7), log4j (7), notes (7), feedback (7), support (7), because (7), number (7), start (7), defaults (7), log (7), services (7), page (6), policy (6), licensing (6), checks (6), fix (6), leaders (6), packaging (6), memory (6), ionice (6), options (6), when (6), remove (6), cases (6), where (6), some (6), would (6), during (6), these (6), will (6), health_check (6), longer (6), user (6), default (6), failures (6), available (6), cookbooks (6), audit (6), migrate (6), inspec (6), style (6), cookstyle (6), troubleshooting (6), logs (6), get (6), integrations (6), dashboard (6), applications (6), certificate (6), add (6), enterprise (6), progress (5), used (5), see (5), terms (5), ciphers (5), checker (5), failover (5), directory (5), key (5), check (5), local (5), option (5), space (5), change (5), amazon (5), organizations (5), certain (4), trademarks (4), its (4), other (4), not (4), include (4), output (4), java (4), 8u144 (4), configurations (4), demoted (4), temporary (4), openssl (4), 2zb (4), rpm (4), deprecated (4), still (4), don (4), added (4), report (4), after (4), event (4), process (4), have (4), reduce (4), flags (4), instead (4), seconds (4), command (4), more (4), bugs (4), large (4), file (4), rolling (4), better (4), send (4), downloads (4), uninstall (4), groups (4), roles (4), saml (4), ldap (4), resource (4), packs (4), profiles (4), download (4), apis (4), monitor (4), private (4), quick (4), cops (4), firewalls (4), ports (4), authentication (4), authorization (4), high (4), availability (4), core (4), origins (4), profile (4), minio (4), single (4), cookbook (4), application (4), enrollment (4), setup (4), infrastructure (4), getting (4), migration (4), courier (4), tokens (4), jobs (4), app (4), integration (4), external (4), a2ha (4), premises (4), edition (4), product (3), names (3), robustness (3), regarding (3), minimum_master_nodes (3), removal (3), fails (3), ipv6 (3), checking (3), control (3), increased (3), allocation (3), caching (3), mitigation (3), digests (3), newly (3), table (3), contents (3), existing (3), only (3), follower (3), promote (3), promoting (3), failing (3), customer (3), installation (3), configurable (3), bumped (3), issues (3), fixed (3), multiple (3), information (3), back (3), our (3), documentation (3), has (3), machine (3), failure (3), non (3), downtime (3), list (3), embedded (3), tmp (3), isn (3), reports (3), removed (3), versions (3), clients (3), main (3), formatting (3), run (3), frontend (3), example (3), legacy (3), enhance (3), verify (3), scan (3), active (3), account (3), content (3), herein (2), software (2), corporation (2), one (2), subsidiaries (2), affiliates (2), rights (2), reserved (2), their (2), respective (2), owners (2), 2026 (2), modified (2), how (2), contact (2), was (2), test (2), specified (2), connections (2), while (2), ensured (2), stability (2), election (2), down (2), but (2), state (2), follow (2), shouldn (2), avoids (2), followers (2), replication (2), manually (2), overrides (2), respected (2), please (2), prefer (2), milliseconds (2), election_timeout (2), heartbeat_interval (2), changed (2), shmmax (2), required (2), allows (2), procedure (2), pgsql (2), force (2), times (2), before (2), upgraded (2), falls (2), recommend (2), reduced (2), appear (2), previously (2), port (2), mapper (2), daemon (2), empd (2), first (2), under (2), related (2), below (2), value (2), fatal (2), issue (2), removing (2), address (2), build (2), should (2), resume (2), leadership (2), requires (2), full (2), major (2), configures (2), sles (2), ubuntu (2), rhel (2), reliability (2), allocated (2), 32gb (2), running (2), join (2), timeouts (2), values (2), linux (2), class (2), 44228 (2), vulnerable (2), produce (2), time (2), require (2), later (2), doesn (2), resolves (2), elastic (2), many (2), bmp (2), verification (2), string (2), github (2), environments (2), bags (2), console (2), azure (2), remediation (2), share (2), what (2), scaffolding (2), variables (2), pattern (2), attributehelper (2), attributedefault (2), useplatformhelpers (2), unnecessaryplatformcasestatement (2), unnecessaryoscheck (2), trueclassfalseclassresourceproperties (2), simplifyplatformmajorversioncheck (2), overlycomplexsupportsdependsmetadata (2), negatingonlyif (2), includerecipewithparentheses (2), immediatenotificationtiming (2), filemode (2), defaultcopyrightcomments (2), copyrightcommentformat (2), commentsentencespacing (2), commentformat (2), chefwhaaat (2), attributekeys (2), invalidlicensestring (2), insecurecookbookurl (2), includeresourceexamples (2), includeresourcedescriptions (2), includepropertydescriptions (2), emptymetadatafield (2), defaultmetadatamaintainer (2), sharing (2), sshprivatekey (2), unlessdefinedrequire (2), requirenethttps (2), legacypowershelloutmethods (2), gemspecrequirerubygems (2), gemspeclicense (2), usecreateifmissing (2), unnecessarynameproperty (2), unnecessarydesiredstate (2), suggestsmetadata (2), stringpropertywithnildefault (2), sensitivepropertyinresource (2), resourcewithnothingaction (2), replacesmetadata (2), recipemetadata (2), providesmetadata (2), propertywithrequiredanddefault (2), propertysplatregex (2), ohaiattributetostring (2), namepropertyisrequired (2), multipleplatformchecks (2), longdescriptionmetadata (2), groupingmetadata (2), doublecompiletime (2), customresourcewithallowedactions (2), conflictsmetadata (2), attributemetadata (2), aptrepositorynotifiesaptupdate (2), aptrepositorydistributiondefault (2), redundantcode (2), zipfileresource (2), windowszipfileusage (2), windowsscresource (2), windowsregistryuac (2), whyrunsupportedtrue (2), useszypperrepo (2), userequirerelative (2), usemultipackageinstalls (2), usecheflanguagesystemdhelper (2), usecheflanguageenvhelpers (2), usecheflanguagecloudhelpers (2), usebuildessentialresource (2), unnecessarymixlibshelloutrequire (2), unnecessarydependschef15 (2), unnecessarydependschef14 (2), sysctlparamresource (2), simplifyaptppasetup (2), shellouttochocolatey (2), shellouthelper (2), sevenziparchiveresource (2), setorreturninresources (2), respondtoresourcename (2), respondtoprovides (2), respondtoinmetadata (2), respondtocompiletime (2), resourcenamefrominitialize (2), resourceforcingcompiletime (2), providesfrominitialize (2), propertywithnameattribute (2), powershellscriptexpandarchive (2), powershellinstallwindowsfeature (2), powershellinstallpackage (2), powershellguardinterpreter (2), osxconfigprofileresource (2), opensslx509resource (2), opensslrsakeyresource (2), noderolesinclude (2), nodeinitpackage (2), minitesthandlerusage (2), macosxuserdefaults (2), libarchivefileresource (2), legacyberksfilesource (2), includingwindowsdefaultrecipe (2), includingohaidefaultrecipe (2), includingmixinshelloutinresources (2), includingaptdefaultrecipe (2), ifprovidesdefaultaction (2), foodcriticcomments (2), executetzutil (2), executesysctl (2), executesleep (2), executescexe (2), executeaptupdate (2), emptyresourceinitializemethod (2), dslincludeinresource (2), dependsonzyppercookbook (2), dependsonwindowsfirewallcookbook (2), dependsontimezonelwrpcookbook (2), dependsonopensslcookbook (2), dependsonlocalecookbook (2), dependsonkernelmodulecookbook (2), dependsonchocolateycookbooks (2), dependsonchefvaultcookbook (2), definitions (2), defineschefspecmatchers (2), defaultactionfrominitialize (2), declareactionclass (2), databaghelpers (2), customresourcewithattributes (2), cronmanageresource (2), crondfileortemplate (2), conditionalusingtest (2), classevalactionclass (2), chefgemnokogiri (2), allowedactionsfrominitialize (2), actionmethodinresource (2), modernize (2), searchforenvironmentsorroles (2), dependschefvault (2), cookbookusessearch (2), cookbookusesroles (2), cookbookusespolicygroups (2), cookbookusesenvironments (2), cookbookusesdatabags (2), chefvaultused (2), berksfile (2), windowsversionhelpers (2), windowstaskchangeaction (2), windowspackageinstallertypestring (2), windowsfeatureservermanagercmd (2), verifypropertyusesfileexpansion (2), useyamldump (2), usesruncommandhelper (2), usesdeprecatedmixins (2), useschefresthelpers (2), userdeprecatedsupportsproperty (2), useinlineresourcesdefined (2), useautomaticresourcename (2), searchusespositionalparameters (2), rubyblockcreateaction (2), ruby27keywordargumentwarnings (2), resourcewithoutunifiedtrue (2), resourceusesupdatedmethod (2), resourceusesproviderbasemethod (2), resourceusesonlyresourcename (2), resourceusesdslnamemethod (2), resourceoverridesprovidesmethod (2), resourceinheritsfromcompatresource (2), requirerecipe (2), powershellcookbookhelpers (2), policyfilecommunitysource (2), poisearchiveusage (2), partialsearchhelperusage (2), partialsearchclassusage (2), nodesetwithoutlevel (2), nodesetunless (2), nodeset (2), nodemethodsinsteadofattributes (2), nodedeepfetch (2), namepropertywithdefaultvalue (2), macosuserdefaultsglobalproperty (2), logresourcenotifications (2), localedeprecatedlcallproperty (2), librarianchefspec (2), legacyyumcookbookrecipes (2), legacynotifysyntax (2), launchddeprecatedhashproperty (2), includingyumdnfcompatrecipe (2), includingxmlrubyrecipe (2), hwrpwithoutunifiedtrue (2), hwrpwithoutprovides (2), foodcritictesting (2), foodcriticfile (2), executerelativecreateswithoutcwd (2), executepathproperty (2), erlcallresource (2), epicfail (2), eolauditmodeusage (2), easyinstallresource (2), deprecatedyumrepositoryproperties (2), deprecatedyumrepositoryactions (2), deprecatedwindowsversioncheck (2), deprecatedsudoactions (2), deprecatedshelloutmethods (2), deprecatedplatformmethods (2), deprecatedchefspecplatform (2), dependsonomnibusupdatercookbook (2), dependsonchefreportingcookbook (2), dependsonchefnginxcookbook (2), delivery (2), cookbooksdependsonself (2), cookbookdependsonpoise (2), cookbookdependsonpartialsearch (2), cookbookdependsoncompatresource (2), chocolateypackageuninstallaction (2), chefwindowsplatformhelper (2), chefsugarhelpers (2), chefspeclegacyrunner (2), chefspeccoveragereport (2), chefshellout (2), chefrewind (2), chefhandlerusessupports (2), chefhandlerrecipe (2), cheffile (2), chefdkgenerators (2), tmppath (2), supportsmustbefloat (2), serviceresource (2), scopedfileexist (2), resourcewithnoneaction (2), resourcesetsnameproperty (2), resourcesetsinternalproperties (2), propertywithouttype (2), powershellscriptdeletefile (2), powershellfileexists (2), opensslpasswordhelpers (2), octalmodeasstring (2), notifiesactionnotsymbol (2), nodenormalunless (2), nodenormal (2), metadatamissingversion (2), metadatamissingname (2), metadatamalformeddepends (2), malformedplatformvalueforplatformhelper (2), macosuserdefaultsinvalidtype (2), lazyinresourceguard (2), lazyevalnodeattributedefaults (2), invalidversionmetadata (2), invalidplatformvalueforplatformhelper (2), invalidplatformvalueforplatformfamilyhelper (2), invalidplatformmetadata (2), invalidplatformincase (2), invalidplatformhelper (2), invalidplatformfamilyincase (2), invalidplatformfamilyhelper (2), invalidnotificationtiming (2), invalidnotificationresource (2), invaliddefaultaction (2), invalidcookbookname (2), incorrectlibraryinjection (2), emptyresourceguard (2), dnfpackageallowdowngrades (2), cookbookusesnodesave (2), conditionalrubyshellout (2), chefapplicationfatal (2), blockguardwithonlystring (2), correctness (2), v25 (2), v26 (2), tuning (2), optional (2), usage (2), tiered (2), airgap (2), capacity (2), planning (2), plan (2), base (2), 2025 (2), refresh (2), strategy (2), bootstrap (2), membership (2), rbac (2), keys (2), rotate (2), certs (2), separate (2), scale (2), artifactory (2), artifact (2), store (2), warm (2), spare (2), env (2), connect (2), windows_update_settings (2), windows_power_management (2), windows_password_policy (2), windows_ie_esc (2), windows_firewall (2), windows_disk_encryption (2), windows_desktop_winrm_settings (2), windows_desktop_screensaver (2), windows_defender_exclusion (2), windows_defender (2), windows_choco_installer (2), windows_automatic_logout (2), windows_app_management (2), windows_admin_control (2), rescue_account (2), macos_power_management (2), macos_password_policy (2), macos_firewall (2), macos_disk_encryption (2), macos_desktop_screensaver (2), macos_automatic_software_updates (2), macos_automatic_logout (2), macos_app_management (2), macos_admin_control (2), windows (2), macos (2), zero (2), touch (2), redirect (2), sso (2), opsworks (2), skills (2), administration (2), guides (2), enroll (2), clis (2), san (2), best (2), practices (2), feature (2), cli (2), architecture (2), administrator (2), incident (2), servicenow (2), marketplace (2), runs (2), setting (2), eas (2), feed (2), teams (2), policies (2), actions (2), projects (2), credentials (2), lifecycle (2), feeds (2), notifications (2), cleanup (2), monitoring (2), centralize (2), ingestion (2), invalid (2), login (2), attempts (2), telemetry (2), session (2), disclosure (2), panel (2), banner (2), collection (2), topics (2), manager (2), bastion (2), sudo (2), password (2), rds (2), vpc (2), cidr (2), load (2), balancer (2), faqs (2), benchmarks (2), rotation (2), self (2), signed (2), custom (2), view (2), bootstrapping (2), commands (2), generation (2), place (2), efs (2), object (2), storage (2), filesystem (2), airgapped (2), tutorial (2), shortcodes (2), front (2), matter (2), reuse (2), hugo (2), procedures (2), tables (2), headings (2), notices (2), markdown (2), lists (2), linking (2), tools (2), house (2), contribute (2), docs (2), guidelines (2), contributions (2), commercial (2), script (2), accept (2), training (2), blog (2), registered, countries, appropriate, markings, any, contained, inclusion, does, imply, endorsement, affiliation, sponsorship, between, copyright, last, april, cookie, privacy, trademark, site, map, thank, submit, fill, field, document, ask, stuck, yes, helpful, misc, code, cleanups, overwrite, multi, hosts, retried, waiting, gracefully, handled, syncing, conf, uses, correct, made, possible, clean, partially, shows, erroneously, there, keeps, long, become, leaderless, elected, slow, waited, connection, rather, than, simple, promotion, processes, nomethoderror, forced, checkpoint, instance, synchronous, missing, proven, spurious, failovers, deploying, various, providers, 1000, 5000, 100, 500, leaderl_ttl_seconds, interval_seconds, based, sysctl, they, previous, remember, shmall, 503, haven, initiated, tunable, required_active_followers, straightforward, human, intervention, needed, basebackup, max_pgsql_failures, max_etcd_failures, max_elasticsearch_failures, triggering, maximum, each, via, snapshot_count, customization, etc, too, far, behind, max_bytes_behind_leader, prior, flicker, slower, terminals, rendering, indicators, function, waits, minutes, done, wait, take, zlib, further, periodically, attempt, register, itself, failed, part, runtime, typically, automatically, supervision, restarted, exposed, through, queried, fatal_system_checks, true, directories, 250mb, considered, purposes, low, won, over, make, adapt, minimum, count, leaves, unrecoverable, 3526, demotion, stops, result, means, couldn, track, whether, action, taken, ship, details, instructions, breaking, 8780, 8779, 8778, 8777, 6914, 17742, 17405, out, box, older, less, secure, allowed, own, stored, temp_directory, var, opt, blocked, eligible, includes, flag, controls, duration, 600, 10208, 10130, 10925, 10915, 1058, 1053, 7548, 7547, 7546, 7486, 7485, 7484, 15099, 12172, 8325, 8324, 8323, 8322, 8321, 8320, 16255, 16254, 16201, 15845, 16396, 16395, 2015, 9251, 2012, 6708, 7611, 8442, language, 3rd, 4th, recommends, slightly, allow, room, moved, oraclejdk, adoptopenjdk, oracle, newer, jdk, project, delivering, open, source, friendly, validator, problem, prevented, completion, serves, locally, cached, response, possibility, returned, polling, polls, thus, believe, outages, resulted, request, controlling, input, scheduling, priority, respectively, mirror, current, level, detects, subject, retries, makes, fewer, calls, unnecessary, overs, changes, 25696, 25694, 25695, 14350, 14803, 14798, 14797, 14796, 14792, 14782, 14781, 14779, 2161, 2163, 2388, 2369, 2341, 35603, 35586, 35578, 35567, 35564, 35561, 35559, 35556, 35565, 35550, 1968, 1971, 23839, 23840, 23841, 3712, let, encrypt, 10933, 10663, 28965, 25613, 31799, 32066, 31810, 41819, 41817, mitigated, vulnerability, outlined, disabling, message, within, logging, concerns, digest, md5, sha256, prevent, installing, fips, enabled, systems, end, life, backs, speeds, restoring, backed, generate, reindex, eol, warnings, reconfigure, direct, aren, intermediate, then, both, steps, method, workflow, directly, complete, shutdown, perform, matrix, 44832, 45105, 45046, stated, realize, internal, installations, improves, adds, capabilities, receive, 21365, enhanced, processing, 21360, image, 21341, serial, forms, transport, 21340, jar, 21305, array, indexing, 21277, tiff, handling, 21299, scanning, xml, entities, 21296, sax, parser, 21282, resolution, uris, 21294, construction, identity, maps, 21293, constructions, 21291, methods, 21283, matching, 21248, cross, serialization, installed, 770, development, representative, migrating, warning, menu, search, skip,
Text of the page (random words):
nd of life rpm package digests we updated the file digest in chef backend rpm packages from md5 to sha256 to prevent failures from installing on some fips enabled systems security log4j mitigation we mitigated the log4j vulnerability that s outlined in cve 2021 44228 by disabling message formatting within logging chef backend isn t vulnerable to this cve in log4j but this change avoids security concerns with this cve ruby 2 7 5 we updated ruby from 2 6 5 to 2 7 5 for improved performance and to resolve the following cves cve 2021 41817 cve 2021 41819 cve 2021 31810 cve 2021 32066 cve 2021 31799 cve 2020 25613 cve 2021 28965 cve 2020 10663 cve 2020 10933 openssl 1 0 2zb we updated openssl from 1 0 2v to 1 0 2zb to resolve issues with let s encrypt certificates and to resolve the following cves cve 2021 3712 cve 2021 23841 cve 2021 23840 cve 2021 23839 cve 2020 1971 cve 2020 1968 openjdk 11 0 13 8 we updated openjdk from 11 0 7 10 to 11 0 13 8 to resolve the following cves cve 2021 35550 cve 2021 35565 cve 2021 35556 cve 2021 35559 cve 2021 35561 cve 2021 35564 cve 2021 35567 cve 2021 35578 cve 2021 35586 cve 2021 35603 cve 2021 2341 cve 2021 2369 cve 2021 2388 cve 2021 2163 cve 2021 2161 cve 2020 14779 cve 2020 14781 cve 2020 14782 cve 2020 14792 cve 2020 14796 cve 2020 14797 cve 2020 14798 cve 2020 14803 postgresql 9 5 25 we updated postgresql from 9 5 19 to 9 5 25 to resolve the following cves cve 2020 14350 cve 2020 25695 cve 2020 25694 cve 2020 25696 chef backend 2 2 0 improvements improve health checker the health checker is now modified to reduce the number of unnecessary fail overs changes to the health checker include the postgresql health check makes fewer calls to postgresql all postgresql failures are subject to health check retries bug fix we removed the etcd health check because the main leader election detects etcd failures first ionice configuration options we ve added new ionice settings for controlling the disk input output scheduling class and set priority for the etcd process etcd ionice class and etcd ionice level settings with the default values of 2 and 0 respectively the default values mirror the current system defaults on linux leader endpoint caching the leader endpoint now serves a locally cached response this change should reduce the possibility of timeouts returned to clients that are polling the leader endpoint the chef infra server polls the leader endpoint and thus we believe this change will reduce some chef backend outages that resulted from leader request timeouts bug fixes we fixed a postgresql validator problem that prevented join cluster from running to completion component updates chef infra client 15 12 22 we ve updated the embedded chef infra client that s used for chef backend configuration from 14 14 25 to 15 12 22 ruby 2 6 5 we ve updated ruby from 2 5 7 to 2 6 5 for improved performance chef backend 2 1 0 improvements openjdk we ve moved from oraclejdk to adoptopenjdk because oracle has changed its license on newer versions of the jdk the openjdk project is delivering security updates in a version with a more open source friendly licensing policy increased elasticsearch memory allocation elasticsearch is now allocated 1 3rd of the available memory up to 32gb instead of 1 4th elasticsearch recommends using 1 2 of the available system memory up to 32gb we slightly reduced the allocated memory to allow room for other chef backend services component updates erlang 18 3 we ve updated the erlang language that s used to build chef backend from 18 2 to 18 3 to improve reliability etcd 2 3 8 we ve updated etcd from 2 3 7 to 2 3 8 to resolve bugs chef infra client 14 14 25 we ve updated the embedded chef infra client that configures chef backend from 14 11 21 to 14 14 25 security fixes elasticsearch 5 6 16 we ve updated elasticsearch from 5 4 1 to 5 6 16 to resolve a large number of bugs improve performance and resolve the following cves cve 2017 8442 cve 2019 7611 ruby 2 5 7 we ve updated ruby from 2 4 4 to 2 5 7 for performance improvements and bug fixes and to resolve the following cves cve 2012 6708 cve 2015 9251 cve 2018 16395 cve 2018 16396 cve 2019 15845 cve 2019 16201 cve 2019 16254 cve 2019 16255 cve 2019 8320 cve 2019 8321 cve 2019 8322 cve 2019 8323 cve 2019 8324 cve 2019 8325 postgresql 9 5 19 we ve updated postgresql from 9 5 6 to 9 5 19 to resolve a large number of bugs and the following cves cve 2017 12172 cve 2017 15099 cve 2017 7484 cve 2017 7485 cve 2017 7486 cve 2017 7546 cve 2017 7547 cve 2017 7548 cve 2018 1053 cve 2018 1058 cve 2018 10915 cve 2018 10925 cve 2019 10130 cve 2019 10208 packaging new platforms we added support for rhel 8 deprecations we removed support for ubuntu 14 04 we removed support for sles 11 chef backend 2 0 30 enhancements backup timeout control the backup command now includes a new timeout flag that controls the timeout duration in seconds it defaults to 600 seconds cluster status the cluster status command now reports leaders that are blocked and leaders that are eligible elasticsearch temporary files elasticsearch temporary files are now stored in var opt chef backend elasticsearch tmp you can change this value with a new elasticsearch temp_directory configuration option the elasticsearch tmp directory isn t its own tmp directory component upgrades chef infra client 13 9 1 we ve updated the embedded chef infra client that configures chef backend from 13 3 42 to 13 9 1 security ssl ciphers we ve improved out of the box ssl security by removing older and less secure ssl ciphers from the list of allowed ssl ciphers ruby 2 4 4 we ve updated ruby from 2 3 5 to 2 4 4 to improve performance and to resolve the following cves cve 2017 17405 cve 2017 17742 cve 2018 6914 cve 2018 8777 cve 2018 8778 cve 2018 8779 cve 2018 8780 chef backend 2 0 1 we ve bumped the major version because of a breaking change in the upgrade procedure upgrading to this version requires full cluster downtime before upgrading see our guide to upgrading to chef backend 2 enhancements elasticsearch 5 we now ship elasticsearch 5 by default this requires a full cluster downtime during the upgrade see the upgrade instructions for this release for more details improved health checking for demoted leaders during demotion the management service leaderl stops postgresql previously this would result in all health checks for postgresql failing which means that the node couldn t resume leadership now we track whether postgresql is only down because of action taken by leaderl which allows demoted leaders to resume leadership in some cases bug fixes epmd fails on certain ipv6 configurations this build should fix issues that are related to the erlang port mapper daemon empd failing to start in some epmd configurations security fixes java 8u144 we updated the version of java to 8u144 to address cve 2017 3526 ruby 2 3 5 we updated the version of ruby to 2 3 5 to address multiple cves chef backend 1 4 6 bug fix update minimum_master_nodes on elasticsearch node removal this release fixes an issue when removing nodes from the cluster would not adapt the minimum node count that s required for the elasticsearch cluster that s managed by chef backend which leaves the cluster in an unrecoverable state enhancements include disk status in health checks and status output when the available disk space for the log and data directories that are used by chef backend falls below a user configurable value default 250mb by default disk space failures are considered non fatal for the purposes of leaderl health checks that is low disk space won t force a fail over to make disk space failures fatal set the following configuration option leaderl health_check fatal_system_checks true the disk space related health status can be queried using chef backend ctl status disk which is exposed through the status endpoint improve robustness regarding epmd the erlang port mapper daemon empd is part of the erlang runtime system typically this service is started automatically by the first erlang process to start on a machine by promoting epmd to a service under supervision the service will now appear in chef backend ctl status and will be restarted on failure further leaderl will now periodically attempt to re register itself with epmd if epmd has failed security updates we ve bumped zlib to 1 2 11 chef backend 1 3 2 this release is a bug fix release bug fixes we ve fixed multiple bugs in the backup and restore process we recommend that all users take a new backup after upgrading see our documentation for information about how to back up and restore your chef infra server the pgsql promote function now waits up to 5 minutes for recovery done to appear previously it would only wait 5 seconds enhancements we ve reduced flicker on slower terminals when rendering progress indicators chef backend 1 2 5 this release fixes a number of stability issues with 1 1 2 we recommend that all users of chef backend 1 1 2 and prior upgrade enhancements fail follower health check if the node falls too far behind leader this is configurable with the leaderl health_check max_bytes_behind_leader option the following etcd configuration options are now available for customization in etc chef backend chef backend rb etcd election_timeout etcd heartbeat_interval etcd snapshot_count we ve bumped etcd to 2 3 7 we ve upgraded to postgresql 9 5 5 health checks can now fail up to a configurable number of times before triggering a failover users can configure the maximum failures for each service via the following configuration settings leaderl health_check max_elasticsearch_failures leaderl health_check max_etcd_failures leaderl health_check max_pgsql_failures if you have manually set these flags in chef backend rb your overrides will still be respected please remove these options if you d prefer to use the new defaults instead we ve added a force basebackup option to the pgsql follow command this allows for a more straightforward recovery procedure in cases where human intervention is needed report 503 from leaderl if a user specified number of followers haven t initiated replication connections this is tunable with the leaderl required_active_followers configuration option default 0 we no longer set shmmax sysctl s because they re no longer required by postgresql 9 5 if you are upgrading from a previous installation remember to remove postgresql shmmax and postgresql shmall from your chef backend rb we ve updated configuration defaults based on customer feedback we ve changed the following configuration defaults leaderl health_check interval_seconds from 2 to 5 seconds leaderl leaderl_ttl_seconds from 10 to 30 etcd heartbeat_interval from 100 to 500 milliseconds etcd election_timeout from 1000 to 5000 milliseconds the new defaults have proven to reduce spurious failovers when deploying chef backend to various cloud providers if you have manually set these flags in chef backend rb your overrides will still be respected please remove these options if you d prefer to use the new defaults instead bug fixes chef server ctl cluster status shouldn t fail because of a missing leader key we ve forced a checkpoint after promoting the local postgresql instance which avoids some cases of postgresql followers failing to start synchronous replication after a failover chef backend ctl restore shouldn t fail with a nomethoderror we ve waited for postgresql to be started using a test connection rather than a simple process check during the promotion and follow processes this fixes a number of cases where postgresql would fail to promote during a failover event we ve ensured that the leader key keeps the leader key as long as it s still in the promoting state this fixes some cases where the cluster would become leaderless after a failover event because the elected follower was slow to promote don t erroneously report etcd as down in chef backend ctl status in cases where etcd is up but there is no leaderl leader chef backend 1 1 2 enhancements cluster status now shows which node a follower is following it s now possible to clean up a partially added node with chef backend ctl remove node we ve made stability improvements in leader election bug fixes we ve ensured that elasticsearch uses the correct directory don t create recovery conf on the leader we ve gracefully handled failover while syncing we ve retried etcd connections when chef backend ctl is waiting for the leader in multi ip hosts only test the specified ip and not all don t overwrite existing configuration other misc code cleanups table of contents chef backend release notes chef backend 3 1 1 bug fixes security openjdk 11 0 14 chef backend 3 0 0 enhancements elasticsearch 6 8 23 upgrading chef backend 2 3 16 fixes enhancements packaging newly supported platforms deprecated platforms rpm package digests security log4j mitigation ruby 2 7 5 openssl 1 0 2zb openjdk 11 0 13 8 postgresql 9 5 25 chef backend 2 2 0 improvements improve health checker ionice configuration options leader endpoint caching bug fixes component updates chef infra client 15 12 22 ruby 2 6 5 chef backend 2 1 0 improvements openjdk increased elasticsearch memory allocation component updates erlang 18 3 etcd 2 3 8 chef infra client 14 14 25 security fixes elasticsearch 5 6 16 ruby 2 5 7 postgresql 9 5 19 packaging new platforms deprecations chef backend 2 0 30 enhancements backup timeout control cluster status elasticsearch temporary files component upgrades chef infra client 13 9 1 security ssl ciphers ruby 2 4 4 chef backend 2 0 1 enhancements elasticsearch 5 improved health checking for demoted leaders bug fixes epmd fails on certain ipv6 configurations security fixes java 8u144 ruby 2 3 5 chef backend 1 4 6 bug fix update minimum_master_nodes on elasticsearch node removal enhancements include disk status in health checks and status output improve robustness regarding epmd security updates chef backend 1 3 2 bug fixes enhancements chef backend 1 2 5 enhancements bug fixes chef backend 1 1 2 enhancements bug fixes was this page helpful yes no still stuck contact support ask the community how can we improve this document do not fill in this field submit feedback thank you for your feedback table of contents chef backend release notes chef backend 3 1 1 bug fixes security openjdk 11 0 14 chef backend 3 0 0 enhancements elasticsearch 6 8 23 upgrading chef backend 2 3 16 fixes enhancements packaging newly supported platforms deprecated platforms rpm package digests security log4j mitigation ruby 2 7 5 openssl 1 0 2zb openjdk 11 0 13 8 postgresql 9 5 25 chef backend 2 2 0 improvements improve health checker ionice configuration options leader endpoint caching bug fixes component updates chef infra client 15 12 22 ruby 2 6 5 chef backend 2 1 0 improvements openjdk increased elasticsearch memory allocation component updates erlang 18 3 etcd 2 3 8 chef infra client 14 14 25 security fixes elasticsearch 5 6 16 ruby 2 5 7 postgresql 9 5 19 pack...
|