diff --git a/.expeditor/release.omnibus.yml b/.expeditor/release.omnibus.yml index 9a2517fc81e..892dbd1c6b5 100644 --- a/.expeditor/release.omnibus.yml +++ b/.expeditor/release.omnibus.yml @@ -20,3 +20,5 @@ builder-to-testers-map: - ubuntu-22.04-x86_64 el-8-x86_64: - el-8-x86_64 + el-9-x86_64: + - el-9-x86_64 diff --git a/.github/workflows/brakeman-analysis.yml b/.github/workflows/brakeman-analysis.yml index fe074283dad..d32ba4220a4 100644 --- a/.github/workflows/brakeman-analysis.yml +++ b/.github/workflows/brakeman-analysis.yml @@ -25,11 +25,11 @@ jobs: steps: # Checkout the repository to the GitHub Actions runner - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 # Customize the ruby version depending on your needs - name: Setup Ruby - uses: actions/setup-ruby@v1 + uses: ruby/setup-ruby@v1 with: ruby-version: '2.7' diff --git a/.github/workflows/sonarqube.yml b/.github/workflows/sonarqube.yml new file mode 100644 index 00000000000..a265fad38f6 --- /dev/null +++ b/.github/workflows/sonarqube.yml @@ -0,0 +1,27 @@ +name: SonarQube scan + +on: + # Trigger analysis when pushing to your main branches, and when creating a pull request. + push: + branches: + - main + - develop + - 'release/**' + pull_request: + types: [opened, synchronize, reopened] + +jobs: + sonarqube: + runs-on: ip-range-controlled +# runs-on: ubuntu-latest +# needs: [build] + steps: + - uses: actions/checkout@v3 + with: + # Disabling shallow clone is recommended for improving relevancy of reporting + fetch-depth: 0 + - name: SonarQube Scan + uses: sonarsource/sonarqube-scan-action@master + env: + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} diff --git a/CHANGELOG.md b/CHANGELOG.md index e76ca31f067..442d1563ace 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,12 +1,92 @@ # Chef Server Changelog - + +## [15.7.3](https://github.com/chef/chef-server/tree/15.7.3) (2023-07-06) + +#### Merged Pull Requests +- CHEF-3465 Replace download links [#3683](https://github.com/chef/chef-server/pull/3683) ([IanMadd](https://github.com/IanMadd)) - + +### Changes since 15.7.0 release + +#### Merged Pull Requests +- CHEF-3465 Replace download links [#3683](https://github.com/chef/chef-server/pull/3683) ([IanMadd](https://github.com/IanMadd)) +- Docs update [#3676](https://github.com/chef/chef-server/pull/3676) ([PrajaktaPurohit](https://github.com/PrajaktaPurohit)) +- Update supported platforms page [#3675](https://github.com/chef/chef-server/pull/3675) ([IanMadd](https://github.com/IanMadd)) +## [15.7.0](https://github.com/chef/chef-server/tree/15.7.0) (2023-06-14) + +#### Merged Pull Requests +- Integrating with sonarcubes [#3628](https://github.com/chef/chef-server/pull/3628) ([vinay-satish](https://github.com/vinay-satish)) +- Bump activesupport from 7.0.4.1 to 7.0.4.2 in /oc-chef-pedant [#3588](https://github.com/chef/chef-server/pull/3588) ([dependabot[bot]](https://github.com/dependabot[bot])) +- Bump mixlib-install from 3.12.24 to 3.12.27 in /src/chef-server-ctl [#3591](https://github.com/chef/chef-server/pull/3591) ([dependabot[bot]](https://github.com/dependabot[bot])) +- Bump nokogiri from 1.14.0 to 1.14.2 in /src/oc-id [#3602](https://github.com/chef/chef-server/pull/3602) ([dependabot[bot]](https://github.com/dependabot[bot])) +- Bump pg from 1.4.5 to 1.4.6 in /src/chef-server-ctl [#3612](https://github.com/chef/chef-server/pull/3612) ([dependabot[bot]](https://github.com/dependabot[bot])) +- Update release process docs [#3631](https://github.com/chef/chef-server/pull/3631) ([lbakerchef](https://github.com/lbakerchef)) +- Bump nokogiri from 1.14.2 to 1.14.3 in /src/oc-id [#3643](https://github.com/chef/chef-server/pull/3643) ([dependabot[bot]](https://github.com/dependabot[bot])) +- Bump omnibus-software from `6a1c889` to `67a1705` in /omnibus [#3660](https://github.com/chef/chef-server/pull/3660) ([dependabot[bot]](https://github.com/dependabot[bot])) +- Add el-9 builder and tester to the pipelines [#3661](https://github.com/chef/chef-server/pull/3661) ([PrajaktaPurohit](https://github.com/PrajaktaPurohit)) +- Updated license scout issues [#3666](https://github.com/chef/chef-server/pull/3666) ([jashaik](https://github.com/jashaik)) +- Setting file and template backup to false for the config files [#3659](https://github.com/chef/chef-server/pull/3659) ([vinay-satish](https://github.com/vinay-satish)) + + +## [15.6.2](https://github.com/chef/chef-server/tree/15.6.2) (2023-03-17) + +#### Merged Pull Requests +- Update default OpenJRE to 11.0.18+10 [#3623](https://github.com/chef/chef-server/pull/3623) ([lbakerchef](https://github.com/lbakerchef)) + +## [15.6.1](https://github.com/chef/chef-server/tree/15.6.1) (2023-03-07) + +#### Merged Pull Requests +- Disable caching on SSL pages [#3570](https://github.com/chef/chef-server/pull/3570) ([lbakerchef](https://github.com/lbakerchef)) +- Normalize host header case [#3587](https://github.com/chef/chef-server/pull/3587) ([lbakerchef](https://github.com/lbakerchef)) +- Bump omnibus-software to pull in the OpenJRE update [#3609](https://github.com/chef/chef-server/pull/3609) ([lbakerchef](https://github.com/lbakerchef)) +- Update Erlang dependencies [#3611](https://github.com/chef/chef-server/pull/3611) ([lbakerchef](https://github.com/lbakerchef)) +- Bump spring from 4.1.0 to 4.1.1 in /src/oc-id [#3572](https://github.com/chef/chef-server/pull/3572) ([dependabot[bot]](https://github.com/dependabot[bot])) + +## [15.5.1](https://github.com/chef/chef-server/tree/15.5.1) (2023-02-08) + +#### Merged Pull Requests +- Update release process documentation [#3567](https://github.com/chef/chef-server/pull/3567) ([lbakerchef](https://github.com/lbakerchef)) +- Updated license_scout to 1.3.4 [#3595](https://github.com/chef/chef-server/pull/3595) ([jashaik](https://github.com/jashaik)) +- Update opensearch version to 1.3.7 in chef-server. [#3573](https://github.com/chef/chef-server/pull/3573) ([sreepuramsudheer](https://github.com/sreepuramsudheer)) +- Adding opensearch config to gen_frontend/backend [#3596](https://github.com/chef/chef-server/pull/3596) ([jashaik](https://github.com/jashaik)) +- Forward ports from dev vm to host [#3594](https://github.com/chef/chef-server/pull/3594) ([lbakerchef](https://github.com/lbakerchef)) +- Updated upgrade docs with a note [#3600](https://github.com/chef/chef-server/pull/3600) ([jashaik](https://github.com/jashaik)) + +## [15.4.0](https://github.com/chef/chef-server/tree/15.4.0) (2023-01-05) + +#### Merged Pull Requests +- Bump selenium-webdriver from 4.5.0 to 4.6.1 in /src/oc-id [#3498](https://github.com/chef/chef-server/pull/3498) ([dependabot[bot]](https://github.com/dependabot[bot])) +- Bump capybara from 3.37.1 to 3.38.0 in /src/oc-id [#3499](https://github.com/chef/chef-server/pull/3499) ([dependabot[bot]](https://github.com/dependabot[bot])) +- Bump mixlib-install from 3.12.20 to 3.12.24 in /src/chef-server-ctl [#3507](https://github.com/chef/chef-server/pull/3507) ([dependabot[bot]](https://github.com/dependabot[bot])) +- Bump jquery-rails from 4.5.0 to 4.5.1 in /src/oc-id [#3509](https://github.com/chef/chef-server/pull/3509) ([dependabot[bot]](https://github.com/dependabot[bot])) +- Made nginx[ssl_port] read from config for reindex. [#3501](https://github.com/chef/chef-server/pull/3501) ([sreepuramsudheer](https://github.com/sreepuramsudheer)) +- Document: Added documentation for user public key update methods. [#3492](https://github.com/chef/chef-server/pull/3492) ([sreepuramsudheer](https://github.com/sreepuramsudheer)) +- Bump omnibus-software from `e9632cb` to `ab655a5` in /omnibus [#3512](https://github.com/chef/chef-server/pull/3512) ([dependabot[bot]](https://github.com/dependabot[bot])) +- sqerl master -> main [#3504](https://github.com/chef/chef-server/pull/3504) ([lbakerchef](https://github.com/lbakerchef)) +- Fix Makefile for bumping Erlang deps [#3503](https://github.com/chef/chef-server/pull/3503) ([lbakerchef](https://github.com/lbakerchef)) +- Fix chef_authn reference [#3523](https://github.com/chef/chef-server/pull/3523) ([lbakerchef](https://github.com/lbakerchef)) +- Bump pg from 1.4.4 to 1.4.5 in /src/oc-id [#3520](https://github.com/chef/chef-server/pull/3520) ([dependabot[bot]](https://github.com/dependabot[bot])) +- Bump pg from 1.4.4 to 1.4.5 in /src/chef-server-ctl [#3518](https://github.com/chef/chef-server/pull/3518) ([dependabot[bot]](https://github.com/dependabot[bot])) +- Update ruby-setup to the actively maintained codebase. Update actions to v3 [#3539](https://github.com/chef/chef-server/pull/3539) ([PrajaktaPurohit](https://github.com/PrajaktaPurohit)) +- Upgrade most bookshelf, bifrost, and oc_erchef Erlang dependencies. [#3537](https://github.com/chef/chef-server/pull/3537) ([lbakerchef](https://github.com/lbakerchef)) +- Bump timecop from 0.9.5 to 0.9.6 in /src/oc-id [#3531](https://github.com/chef/chef-server/pull/3531) ([dependabot[bot]](https://github.com/dependabot[bot])) +- Bump bigdecimal from 3.1.2 to 3.1.3 in /src/oc-id [#3535](https://github.com/chef/chef-server/pull/3535) ([dependabot[bot]](https://github.com/dependabot[bot])) +- Bump nokogiri from 1.13.9 to 1.13.10 in /src/oc-id [#3542](https://github.com/chef/chef-server/pull/3542) ([dependabot[bot]](https://github.com/dependabot[bot])) +- Bump selenium-webdriver from 4.6.1 to 4.7.1 in /src/oc-id [#3536](https://github.com/chef/chef-server/pull/3536) ([dependabot[bot]](https://github.com/dependabot[bot])) +- Bump config from 4.0.0 to 4.1.0 in /src/oc-id [#3513](https://github.com/chef/chef-server/pull/3513) ([dependabot[bot]](https://github.com/dependabot[bot])) +- Bump sinatra from 2.2.0 to 3.0.4 in /src/oc-id [#3532](https://github.com/chef/chef-server/pull/3532) ([dependabot[bot]](https://github.com/dependabot[bot])) +- Bump omnibus from `d1fe3bb` to `2c058e1` in /omnibus [#3546](https://github.com/chef/chef-server/pull/3546) ([dependabot[bot]](https://github.com/dependabot[bot])) +- Automate upgrade of Erlang rebar dependencies [#3534](https://github.com/chef/chef-server/pull/3534) ([lbakerchef](https://github.com/lbakerchef)) +- Add s3_url_type config setting to docs [#3556](https://github.com/chef/chef-server/pull/3556) ([lbakerchef](https://github.com/lbakerchef)) +- Upgrade rebar3 3.6.2 -> 3.20.0 [#3551](https://github.com/chef/chef-server/pull/3551) ([lbakerchef](https://github.com/lbakerchef)) +- Changed erlang version to 24. [#3560](https://github.com/chef/chef-server/pull/3560) ([sreepuramsudheer](https://github.com/sreepuramsudheer)) +- Bump omnibus-software from `ab655a5` to `2be3816` in /omnibus [#3558](https://github.com/chef/chef-server/pull/3558) ([dependabot[bot]](https://github.com/dependabot[bot])) + ## [15.3.2](https://github.com/chef/chef-server/tree/15.3.2) (2022-11-09) #### Merged Pull Requests @@ -50,7 +130,6 @@ - Vhost [#2147](https://github.com/chef/chef-server/pull/2147) ([lbakerchef](https://github.com/lbakerchef)) - Revert "Bump doorkeeper from 4.4.3 to 5.6.0 in /src/oc-id" [#3495](https://github.com/chef/chef-server/pull/3495) ([vinay-satish](https://github.com/vinay-satish)) - Revise docs for AWS Settings; Add new `s3_path_or_vhost` configuration [#3481](https://github.com/chef/chef-server/pull/3481) ([lbakerchef](https://github.com/lbakerchef)) - ## [15.1.7](https://github.com/chef/chef-server/tree/15.1.7) (2022-08-30) diff --git a/Makefile b/Makefile index 028fab47b09..02da92fa2ec 100644 --- a/Makefile +++ b/Makefile @@ -3,8 +3,47 @@ bump: bump_rebars bump_bundles bump_rebars: rebar_bookshelf rebar_oc_bifrost rebar_oc_erchef bump_bundles: bundle_oc-id -rebar_%: - cd src/$* && ./rebar3 upgrade $$TARGET +# After the rebar3 upgrade from 3.6.2 to 3.20.0, license scout has issues +# with transitive dependencies referenced as packages in rebar.lock files. +# So, if we do a blanket upgrade of all dependencies (rebar3 upgrade --all), +# some transitive dependencies will be referenced as packages, causing license +# scout issues. Therefore, we upgrade only the dependencies that don't pull in +# transitive dependencies. +# +# To arrive at the list of dependencies to upgrade for an app, start with the +# deps in the rebar.config, and subtract from that anything pulling in a +# transitive dependency as seen by running a `rebar3 tree` in the appropriate +# directory. Problem dependencies in a lock file will be referenced by `pkg`, +# and will have an entry in a pkg_hash and possibly a pkg_hash_ext section at +# the bottom (the rebar.lock should not contain these entries). +# +# Anything pulling in a problem dependency, and any problem dependencies themselves, +# should be upgraded by hand. +# +# It was observed that upgrading a single dependency, e.g. `./rebar3 upgrade eper`, +# rewrote the entire lockfile, removing packages. So if a lockfile ever gets +# inadvertently polluted, it's something to try. +# +#rebar_%: +# cd src/$* && ./rebar3 upgrade --all $$TARGET + +rebar_bookshelf: + cd src/bookshelf; \ + ./rebar3 upgrade cf,chef_secrets,envy,eper,erlsom,erlware_commons,iso8601,meck,mini_s3,mixer,mochiweb,opscoderl_wm,sqerl; \ + echo "some references are pulled in as git:// - rewriting to https://"; \ + sed -i '' 's/git:\/\//https:\/\//g' rebar.lock + +rebar_oc_bifrost: + cd src/oc_bifrost; \ + ./rebar3 upgrade chef_secrets,edown,ej,eper,jiffy,mixer,mochiweb,opscoderl_wm,sqerl,stats_hero; \ + echo "some references are pulled in as git:// - rewriting to https://"; \ + sed -i '' 's/git:\/\//https:\/\//g' rebar.lock + +rebar_oc_erchef: + cd src/oc_erchef; \ + ./rebar3 upgrade cf,chef_authn,chef_secrets,darklaunch,edown,efast_xs,ej,envy,eper,folsom,folsom_graphite,ibrowse,jiffy,mini_s3,mixer,mochiweb,neotoma,opscoderl_folsom,opscoderl_httpc,opscoderl_wm,pooler,prometheus,sqerl,stats_hero,uuid; \ + echo "some references are pulled in as git:// - rewriting to https://"; \ + sed -i '' 's/git:\/\//https:\/\//g' rebar.lock bundle_%: cd src/$* && bundle install --no-deployment && bundle update $$TARGET diff --git a/RELEASE_PROCESS.md b/RELEASE_PROCESS.md index 92f82dda5e8..25dc99be540 100644 --- a/RELEASE_PROCESS.md +++ b/RELEASE_PROCESS.md @@ -27,6 +27,15 @@ In order to release, you will need the following accounts/permissions: ## THE PROCESS +### Upgrade Erlang Dependencies + +Upgrade Erlang dependencies via automated script. +See https://github.com/chef/chef-server/blob/main/dev-docs/FrequentTasks.md#updating-erlang-dependencies-using-rebar3 . + +### Update documentation + +Ensure documentation in [docs-site](https://docs.chef.io/) is updated for changes that would be included in the release. + ### Update Release Notes #### Pending Release Notes In Wiki @@ -166,6 +175,18 @@ https://buildkite.com/chef/chef-chef-server-main-habitat-build Follow the below document for testing the chef-server version in Automate environment. https://github.com/chef/automate/blob/main/dev-docs/DEV_ENVIRONMENT.md +#### Software Versions Check + +If any software was bumped or updated (including any CVEs addressed), load up a dev VM and verify that the software is the correct version. + +For example, after an OpenJRE bump: +``` +# /opt/opscode/embedded/open-jre/bin/java --version +openjdk 11.0.18 2023-01-17 +OpenJDK Runtime Environment Temurin-11.0.18+10 (build 11.0.18+10) +OpenJDK 64-Bit Server VM Temurin-11.0.18+10 (build 11.0.18+10, mixed mode) +``` + #### Special Testing Do any special testing specific to the particular release you are doing, as applicable. @@ -219,18 +240,20 @@ https://discourse.chef.io/c/chef-release/9 1. Confirm that the release notes from Pending Release Notes are automatically posted on discourse. Sample post: https://discourse.chef.io/t/chef-infra-server-14-10-23-released/20438 1. Confirm that the data for the Pending Release Notes at https://github.com/chef/chef-server/wiki/Pending-Release-Notes is automatically deleted by expeditor, and only the titles remain. Notify releng at https://github.com/chef/release-engineering/issues if this does not automatically happen on promote. -1. Confirm that the release notes appear at https://docs.chef.io/release_notes_server/ . This should happen automatically via expeditor, but if it does not you need to perform the steps manually and create an issue with releng at https://github.com/chef/release-engineering/issues. +1. Confirm that the release notes appear at https://docs.chef.io/release_notes_server/ . This should happen automatically via expeditor, but if it does not you need to perform the steps manually and create an issue with releng at https://github.com/chef/release-engineering/issues. For instructions on how to proceed with a manual edit, contact docs-support. In case of release failure, consult appropriate documentation to assist with troubleshooting and correcting the issue. https://expeditor.chef.io/dashboard/?token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE2NDYxODMwMTgsImlhdCI6MTY0NjE2ODYxOCwiaXNzIjoiaHR0cHM6Ly9leHBlZGl0b3IuY2hlZi5pbyIsInVzZXJfbG9naW4iOiJQcmFqYWt0YVB1cm9oaXQiLCJ1c2VyX25hbWUiOm51bGwsImFjY2Vzc190b2tlbiI6ImdodV95R3o4MkE5dWg5TzdnVXhOMHhEbXQ5bHU1YXM0YUE0TVZuVjYiLCJhZG1pbiI6dHJ1ZX0.5EZ1GvD_ufWmXPzfosGbs11RXYnHNm7gABgc-TpLgkQ#/ ### Automate -1. Create issues in the chef-server repo and in the automate repo to update the version of Chef Infra Server in Automate. Make sure to link the issues to each other. -1. Bump the version of Automate [placeholder - instructions forthcoming]. +Notify the Automate team that chef server has been released, and give them the version. Confirm that the hab packages are available for them to consume: - https://github.com/chef/chef-server/blob/main/dev-docs/AUTOMATE_DEV_ENV.md - https://github.com/chef/automate/pull/5269 + https://bldr.habitat.sh/#/pkgs/chef/oc_erchef/latest + https://bldr.habitat.sh/#/pkgs/chef/oc_bifrost/latest + https://bldr.habitat.sh/#/pkgs/chef/bookshelf/latest + https://bldr.habitat.sh/#/pkgs/chef/chef-server-nginx/latest + https://bldr.habitat.sh/#/pkgs/chef/chef-server-ctl/latest Chef Infra Server is now released. @@ -260,5 +283,5 @@ https://buildkite.com/chef/chef-umbrella-main-chef-server-full/builds/97#20ad56a - verify that manifest contains correct PASSED release number - build and release the release PENDING -- Create automate issues PENDING +- notify automate PENDING ``` diff --git a/VERSION b/VERSION index 7bb26bde92e..65b190b6cab 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -15.3.2 \ No newline at end of file +15.7.3 \ No newline at end of file diff --git a/dev-docs/FrequentTasks.md b/dev-docs/FrequentTasks.md index 48ae63472a2..0f86d8f4a08 100644 --- a/dev-docs/FrequentTasks.md +++ b/dev-docs/FrequentTasks.md @@ -189,13 +189,20 @@ file, using /host as the root directory, e.g. /host/src/chef-server-ctl. - oc_bifrost - Check for the current rebar3 version with `./rebar3 --version` - Latest version for rebar3 can be found at: https://www.rebar3.org/ -- Download and update the current rebar3 executable with it. +- Download and update the current rebar3 executable with it. If you have wget, you can try the scriptlet below after `cd`ing to your chef-server repo. +``` +pushd /tmp +wget https://s3.amazonaws.com/rebar3/rebar3 && chmod +x rebar3 +popd +cp /tmp/rebar3 src/bookshelf && cp /tmp/rebar3 src/oc_bifrost && cp /tmp/rebar3 src/oc_erchef +``` ## Updating Erlang Dependencies using rebar3 -- There are 2 approaches to updating the dependencies +- There are 3 approaches to updating the dependencies - From the dev-vm (Preferred method) - - From the host machine (mac in most cases) + - From the host machine by hand (mac in most cases) + - Automated script - Updating the erlang deps from the dev-vm - cd chef-server/dev - vagrant up @@ -232,6 +239,51 @@ chef-server/src/bookshelf/rebar.lock chef-server/src/oc_erchef/rebar.lock chef-server/src/oc_bifrost/rebar.lock ``` +- Automated script + +1) Create your new branch in the chef-server repo for upgrading the Erlang dependencies. +``` +cd chef-server +git checkout main +git pull +git checkout -b YOUR-BRANCH +``` +2) OPTIONAL STEP: Upgrade to the latest rebar3. +``` +pushd /tmp +wget https://s3.amazonaws.com/rebar3/rebar3 && chmod +x rebar3 +popd +cp /tmp/rebar3 src/bookshelf && cp /tmp/rebar3 src/oc_bifrost && cp /tmp/rebar3 src/oc_erchef +git add src/bookshelf/rebar3 src/oc_bifrost/rebar3 src/oc_erchef/rebar3 +git commit -sm 'Upgrade rebar3 to X.Y.Z' +``` +3) Upgrade the Erlang dependencies using the automated script. The script upgrades most dependencies, but a few are not updated because upgrading those dependencies creates hex `pkg` references which cause problems for license scout after the upgrade to rebar3 3.20.0. +``` +make bump_rebars +``` +4) Test compilation locally. If you have environmental or other issues with local compilation, skip this step and test on buildkite instead. +``` +pushd src/bookshelf +./rebar3 compile +popd + +pushd src/oc_bifrost +./rebar3 compile +popd + +pushd src/oc_erchef +./rebar3 compile +popd +``` +5) Commit rebar.locks and push the branch. +``` +git add src/bookshelf/rebar.lock src/oc_bifrost/rebar.lock src/oc_erchef/rebar.lock +git commit -sm 'Upgrade Erlang dependencies' +git push +``` +6) Test on buildkite. + +7) Fix any issues, revert any problem dependencies, etc. ## Buildkite Artifacts (omnibus/adhoc) diff --git a/dev/Vagrantfile b/dev/Vagrantfile index 023ce090a05..d3ca4544c74 100644 --- a/dev/Vagrantfile +++ b/dev/Vagrantfile @@ -61,6 +61,8 @@ end Vagrant.configure("2") do |config| config.vm.network 'public_network' if USE_AZURE + config.vm.network "forwarded_port", guest: 80, host: 8080 + config.vm.network "forwarded_port", guest: 443, host: 8443 config.vm.box = "bento/ubuntu-20.04" config.ssh.forward_agent = true config.omnibus.chef_version = :latest diff --git a/docs-chef-io/content/server/auth.md b/docs-chef-io/content/server/auth.md index ed8df3eff95..9a3941dbe13 100644 --- a/docs-chef-io/content/server/auth.md +++ b/docs-chef-io/content/server/auth.md @@ -110,7 +110,7 @@ cURL: _chef_dir () { # Helper function: # Recursive function that searches for chef configuration directory - # It looks upward from the cwd until it hits /. If no directory is found, + # It looks upward from the cwd until it hits /. If no directory is found, # ~/.chef is chosen if it exists # You could simply hard-code the path below @@ -386,6 +386,83 @@ common causes: minutes. This can be fixed by syncing the clock with an Network Time Protocol (NTP) server. +## Update a User's Key Pair for Authenticating With Chef Infra Server + +You can update a user's key pair on Chef Infra Server with knife using either the [`knife user reregister`]({{< relref "/workstation/knife_user#reregister" >}}) subcommand, or the [`knife user key`]({{< relref "/workstation/knife_user" >}}) subcommands. + +### knife user reregister + +Use [`knife user reregister`]({{< relref "/workstation/knife_user#reregister" >}}) to regenerate an RSA key pair for a user. Knife will store the public key on the Chef Infra Server and the private key will be displayed in the standard output, or use the `--file` option to write to a named file. + +```sh +knife user reregister USERNAME (options) +``` + +### knife user key + +You can list, add, edit, and delete public keys using the following subcommands: + +- [`knife user key create`]({{< relref "/workstation/knife_user#key-create" >}}) +- [`knife user key delete`]({{< relref "/workstation/knife_user#key-delete" >}}) +- [`knife user key list`]({{< relref "/workstation/knife_user#key-list" >}}) +- [`knife user key edit`]({{< relref "/workstation/knife_user#key-edit" >}}) + +{{< note >}} + +You can't modify a public key while using that same key to authenticate with Chef Infra Server. To update a user's key pair using the `knife user key` subcommands, create a new key pair and then delete the old key pair. + +{{< /note >}} + +To update a user's key pair: + +1. Check the current keys associated with the user: + + ```sh + knife user key list USERNAME + ``` + +1. Create a new key pair: + + ```sh + knife user key create USERNAME --key-name KEYNAME --expiration-date YYYY-MM-DDTHH:MM:SSZ --file FILENAME + ``` + + Knife will open your text editor with a data file containing the username, key name, and key pair expiration date that will be sent to the Chef Infra Server. + + Modify the username, key name, and key expiration date to match the new key pair that you are creating, then save the file and close your editor. + + Knife will also generate a new private key (PEM file) using the specified filename. + + {{< note >}} + + Specify the expiration date in ISO 8601 format. + + The expiration date is optional. User keys don't expire if an expiration date isn't specified. + + {{< /note >}} + +1. Make the new user key active by placing the generated PEM file in the `.chef` directory on your workstation. + +1. Open your `config.rb` file or `credentials` file and modify it to match the new key name. + +1. Check the list of current keys associated with the user: + + ```sh + knife user key list USERNAME + ``` + +1. Delete any old or unwanted keys to reduce security risks: + + ```sh + knife user key delete USERNAME OLD_KEY_NAME + ``` + +1. Check the list of current keys associated with the user to verify that the new key has been added and any older keys have been deleted: + + ```sh + knife user key list USERNAME + ``` + ## Authorization For more information about Chef Infra Server Authorization, see diff --git a/docs-chef-io/content/server/install_server.md b/docs-chef-io/content/server/install_server.md index f09afa66693..3d7aee94161 100644 --- a/docs-chef-io/content/server/install_server.md +++ b/docs-chef-io/content/server/install_server.md @@ -70,7 +70,7 @@ loop. To install Chef Infra Server: -1. Download the package from . +1. Download the package from [Chef Downloads](https://www.chef.io/downloads). 2. Upload the package to the machine that will run the Chef Infra Server, and then record its location on the file system. The rest of diff --git a/docs-chef-io/content/server/install_server_ha.md b/docs-chef-io/content/server/install_server_ha.md index 7af3d30a8ed..c4f27cdf020 100644 --- a/docs-chef-io/content/server/install_server_ha.md +++ b/docs-chef-io/content/server/install_server_ha.md @@ -120,8 +120,7 @@ These instructions assume you are using the minimum versions: - Chef Server : 12.5.0 - Chef Backend : 0.8.0 -Download [Chef Infra Server](https://www.chef.io/downloads/tools/infra-server) and -[Chef Backend (chef-backend)](https://www.chef.io/downloads/tools/backend) +Download Chef Infra Server and Chef Backend from [Chef Downloads](https://www.chef.io/downloads) if you do not have them already. Before creating the backend HA cluster and building at least one Chef @@ -149,7 +148,7 @@ different from any other back-end node. 1. Install the Chef Backend package on the first backend node **as root**. - Download [Chef Backend - (chef-backend)](https://www.chef.io/downloads/tools/backend) + (chef-backend)](https://www.chef.io/downloads) - In Red Hat/CentOS: `yum install PATH_TO_RPM` - In Debian/Ubuntu: `dpkg -i PATH_TO_DEB` @@ -200,7 +199,7 @@ join nodes in parallel the cluster may fail to become available): 1. Install the Chef Backend package on the node. - Download [Chef Backend - (chef-backend)](https://www.chef.io/downloads/tools/backend) + (chef-backend)](https://www.chef.io/downloads) - In Red Hat/CentOS: `yum install PATH_TO_RPM` - In Debian/Ubuntu: `dpkg -i PATH_TO_DEB` diff --git a/docs-chef-io/content/server/install_server_pre.md b/docs-chef-io/content/server/install_server_pre.md index 1d7545d8c49..b298a96995e 100644 --- a/docs-chef-io/content/server/install_server_pre.md +++ b/docs-chef-io/content/server/install_server_pre.md @@ -33,7 +33,7 @@ The following platforms are not tested by Chef Software: ## Capacity Planning Read the [guidance around capacity -planning]({{< relref "server/#capacity-planning" >}}) for information about +planning]({{< relref "capacity_planning" >}}) for information about how to choose the right topology for the Chef Infra Server. ## Hardware Requirements @@ -314,8 +314,8 @@ The `api_fqdn` setting can be added to the private-chef.rb file (it is not there by default). When added, its value should be equal to the FQDN or IP address for the service URI used by the Chef Infra Server. Then configure the same value for the `bookshelf['vip']` setting prior to -installing the Chef Infra Server. For example: -`api_fqdn "chef.example.com"` or `api_fqdn 123.45.67.890`. +installing the Chef Infra Server. FQDNs must always be in lowercase. +For example: `api_fqdn "chef.example.com"` or `api_fqdn "123.45.67.890"`. #### Configure Hostnames diff --git a/docs-chef-io/content/server/install_server_tiered.md b/docs-chef-io/content/server/install_server_tiered.md index 805141944f1..c4e3452b216 100644 --- a/docs-chef-io/content/server/install_server_tiered.md +++ b/docs-chef-io/content/server/install_server_tiered.md @@ -128,7 +128,7 @@ following: Use the following steps to set up the backend Chef Infra Server: -1. Download the packages from . +1. Download the packages from [Chef Downloads](https://www.chef.io/downloads). For Red Hat and CentOS 6: ```bash @@ -216,7 +216,7 @@ Add the following settings to the chef-server.rb file: Replace `FQDN` with the FQDN of the load balanced virtual IP address, which should be equal to the FQDN for the service URI that - is used by the Chef Infra Server. + is used by the Chef Infra Server. FQDNs must always be in lowercase. 6. {{% chef-server/install_chef_server_reconfigure %}} diff --git a/docs-chef-io/content/server/server_tuning.md b/docs-chef-io/content/server/server_tuning.md index 38b22c9a0a6..5cad841d9b6 100644 --- a/docs-chef-io/content/server/server_tuning.md +++ b/docs-chef-io/content/server/server_tuning.md @@ -59,7 +59,8 @@ file (no equal sign is necessary to set the value): : The FQDN for the Chef Infra Server. This setting is not in the server configuration file by default. When added, its value should be equal to the FQDN for the service URI used by the Chef Infra - Server. For example: `api_fqdn "chef.example.com"`. + Server. FQDNs must always be in lowercase. + For example: `api_fqdn "chef.example.com"`. `bootstrap` diff --git a/docs-chef-io/content/server/upgrades.md b/docs-chef-io/content/server/upgrades.md index 6007f2ab278..c82c0fec29e 100644 --- a/docs-chef-io/content/server/upgrades.md +++ b/docs-chef-io/content/server/upgrades.md @@ -88,7 +88,7 @@ See the [Release-Specific Steps](#release-specific-steps) for information about After performing the stepped upgrade to 12.17.15, continue with the next step. -1. Download the desired Chef Infra Server version from the [Chef Infra Server Downloads](https://www.chef.io/downloads/tools/infra-server). +1. Download the desired Chef Infra Server version from the [Chef Infra Server Downloads](https://www.chef.io/downloads). 1. Stop the Chef Infra Server: @@ -248,7 +248,7 @@ The following External PostgreSQL upgrade steps are provided as a courtesy only. After performing the stepped upgrade, return here and continue with the next step below. -1. [Download](https://www.chef.io/downloads/tools/infra-server) the desired version of Chef Infra Server. +1. [Download](https://www.chef.io/downloads) the desired version of Chef Infra Server. 1. Stop the Chef Infra Server: @@ -480,7 +480,7 @@ To upgrade to Chef Infra Server on a tiered Chef Infra Server configuration, do chef-server-ctl reconfigure ``` -3. Download the desired Chef Infra Server version from the [Chef Infra Server Downloads](https://www.chef.io/downloads/tools/infra-server) page, then copy it to each server. +3. Download the desired Chef Infra Server version from [Chef Downloads](https://www.chef.io/downloads), then copy it to each server. 4. Stop all front end servers: @@ -525,24 +525,30 @@ To upgrade to Chef Infra Server on a tiered Chef Infra Server configuration, do ```bash scp -r /etc/opscode :/etc ``` + +9. Run the following command on the back end servers: -9. Upgrade each of the front end servers: + ```bash + chef-server-ctl start + ``` + +10. Upgrade each of the front end servers: ```bash chef-server-ctl upgrade ``` -10. Run the following command on both the front end, and back end servers: +11. Run the following command on both the front end: ```bash chef-server-ctl start ``` -11. [Upgrade]({{< relref "#upgrading-manage-add-on" >}}) any Chef Infra Server add-ons. +12. [Upgrade]({{< relref "#upgrading-manage-add-on" >}}) any Chef Infra Server add-ons. -12. After the upgrade process is complete, test and verify that the server works. +13. After the upgrade process is complete, test and verify that the server works. -13. Clean up the server by removing the old data: +14. Clean up the server by removing the old data: ```bash chef-server-ctl cleanup @@ -550,13 +556,32 @@ chef-server-ctl cleanup ## Release-Specific Steps +### Upgrading to 15.5 or later (tiered installations only) + +The Chef Infra Server 15.5 upgrade from 15.0.X or later does not automatically reindex for Tiered installations. +{{% chef-server/server_upgrade_duration %}} + +#### steps for reindex +1. Run the below command on frontend server's +```bash +chef-server-ctl reindex +``` + +{{< note >}} + +`chef-server-ctl reindex` is a downtime operation. + +{{}} + +Chef Infra Server 15.5 is the minimum recommended version for upgrade from older versions lessthan 15 for tiered installations. + ### Upgrading to 15.x Chef Infra Server 15.0 moved from Elasticsearch to OpenSearch as its search index. {{% chef-server/server_upgrade_duration %}} -The Chef Infra Server 15 upgrade does not automatically reindex existing external Elasticsearch installations. +The Chef Infra Server 15 will automatically transfer search data from Elasticsearch to OpenSearch without the need for a reindex. The Chef Infra Server 15 upgrade will need to manually reindex existing external Elasticsearch installations. The upgrade duration might take more time if you are upgrading from Chef Infra Server 12.x/13.x, as it automatically reindexes your database. diff --git a/docs-chef-io/content/server/v13_2/config_rb_server_optional_settings.md b/docs-chef-io/content/server/v13_2/config_rb_server_optional_settings.md index b57741e9c86..75c76ff81ef 100644 --- a/docs-chef-io/content/server/v13_2/config_rb_server_optional_settings.md +++ b/docs-chef-io/content/server/v13_2/config_rb_server_optional_settings.md @@ -435,7 +435,7 @@ This configuration file has the following settings for `lb`: `lb['api_fqdn']` -: Default value: `node['fqdn']`. +: FQDNs must always be in lowercase. Default value: `node['fqdn']`. `lb['ban_refresh_interval']` @@ -521,7 +521,7 @@ This configuration file has the following settings for `lb`: `lb['web_ui_fqdn']` -: Default value: `node['fqdn']`. +: FQDNs must always be in lowercase. Default value: `node['fqdn']`. `lb['xdl_defaults']['503_mode']` @@ -696,7 +696,8 @@ Chef Infra Server versions earlier than 14.5 configured with `nginx['enable_non_ `nginx['server_name']` -: The FQDN for the server. Default value: `node['fqdn']`. +: The FQDN for the server. FQDNs must always be in lowercase. + Default value: `node['fqdn']`. `nginx['ssl_certificate']` @@ -1063,8 +1064,9 @@ This configuration file has the following settings for `oc-id`: `oc_id['origin']` -: The FQDN for the server that is sending outbound email. Defaults to - the `'api_fqdn'` value, which is the FQDN for the Chef Infra Server. +: The FQDN for the server that is sending outbound email. FQDNs must + always be in lowercase. Defaults to the `'api_fqdn'` value, which is + the FQDN for the Chef Infra Server. `oc_id['num_to_keep']` diff --git a/docs-chef-io/content/server/v14/config_rb_server_optional_settings.md b/docs-chef-io/content/server/v14/config_rb_server_optional_settings.md index 17eb4ba0d3f..c96abf5de49 100644 --- a/docs-chef-io/content/server/v14/config_rb_server_optional_settings.md +++ b/docs-chef-io/content/server/v14/config_rb_server_optional_settings.md @@ -411,7 +411,7 @@ This configuration file has the following settings for `lb`: `lb['api_fqdn']` -: Default value: `node['fqdn']`. +: The FQDN for the Chef Infra Server. FQDNs must always be in lowercase. Default value: `node['fqdn']`. `lb['ban_refresh_interval']` @@ -497,7 +497,7 @@ This configuration file has the following settings for `lb`: `lb['web_ui_fqdn']` -: Default value: `node['fqdn']`. +: FQDNs must always be in lowercase. Default value: `node['fqdn']`. `lb['xdl_defaults']['503_mode']` @@ -671,7 +671,7 @@ Chef Infra Server versions earlier than 14.5 configured with `nginx['enable_non_ `nginx['server_name']` -: The FQDN for the server. Default value: `node['fqdn']`. +: The FQDN for the server. FQDNs must always be in lowercase. Default value: `node['fqdn']`. `nginx['ssl_certificate']` @@ -1068,8 +1068,9 @@ This configuration file has the following settings for `oc-id`: `oc_id['origin']` -: The FQDN for the server that is sending outbound email. Defaults to - the `'api_fqdn'` value, which is the FQDN for the Chef Infra Server. +: The FQDN for the server that is sending outbound email. FQDNs must + always be in lowercase. Defaults to the `'api_fqdn'` value, which + is the FQDN for the Chef Infra Server. `oc_id['num_to_keep']` @@ -1321,6 +1322,13 @@ This configuration file has the following settings for `opscode-erchef`: expire. If node bootstraps are timing out, increase this setting. Default value: `28800`. +`opscode_erchef['s3_url_type']` + +: The URL style to use (`path` or `vhost`) when connecting to S3. + Mainly used to manually override the default setting. Note that + Amazon may eliminate path-style URLs on some or all S3 buckets + in the future. Default value: `vhost`. + `opscode_erchef['sql_connection_user']` : The PostgreSQL user name in `'username@hostname'` format (e.g. diff --git a/docs-chef-io/content/server/v14/reusable_text/server_tuning_general.md b/docs-chef-io/content/server/v14/reusable_text/server_tuning_general.md index 03b707f6466..8ec7e38865d 100644 --- a/docs-chef-io/content/server/v14/reusable_text/server_tuning_general.md +++ b/docs-chef-io/content/server/v14/reusable_text/server_tuning_general.md @@ -6,7 +6,8 @@ file (no equal sign is necessary to set the value): : The FQDN for the Chef Infra Server. This setting is not in the server configuration file by default. When added, its value should be equal to the FQDN for the service URI used by the Chef Infra - Server. For example: `api_fqdn "chef.example.com"`. + Server. FQDNs must always be in lowercase. + For example: `api_fqdn "chef.example.com"`. `bootstrap` diff --git a/docs-chef-io/layouts/shortcodes/chef-server/adopted_platforms_server.md b/docs-chef-io/layouts/shortcodes/chef-server/adopted_platforms_server.md index 79b7f7a2268..e1f5ae09feb 100644 --- a/docs-chef-io/layouts/shortcodes/chef-server/adopted_platforms_server.md +++ b/docs-chef-io/layouts/shortcodes/chef-server/adopted_platforms_server.md @@ -1,48 +1,10 @@ -The following table lists the commercially-supported platforms and versions for the Chef Infra Server: +The following table lists the commercially-supported platforms for Chef Infra Server: - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
PlatformArchitectureVersion
Amazon Linux 2x86_642.x
CentOSx86_647.x, 8.x
Oracle Enterprise Linuxx86_647.x, 8.x
Red Hat Enterprise Linuxx86_647.x, 8.x
SUSE Linux Enterprise Serverx86_6412.x, 15.x
Ubuntux86_6416.04, 18.04, 20.04
+| Platform | Architecture | Version | +|------------------------------|--------------|-------------------------------------| +| Amazon Linux 2 | `x86_64` | `2.x` | +| CentOS | `x86_64` | `7.x`, `8.x` | +| Oracle Enterprise Linux | `x86_64` | `7.x`, `8.x` | +| Red Hat Enterprise Linux | `x86_64` | `7.x`, `8.x`, `9.x` | +| SUSE Linux Enterprise Server | `x86_64` | `12.x`, `15.x` | +| Ubuntu | `x86_64` | `16.04`, `18.04`, `20.04`, `22.04` | diff --git a/docs-chef-io/layouts/shortcodes/chef-server/config_rb_backend_summary.md b/docs-chef-io/layouts/shortcodes/chef-server/config_rb_backend_summary.md index 3085a379fad..8453be00dfd 100644 --- a/docs-chef-io/layouts/shortcodes/chef-server/config_rb_backend_summary.md +++ b/docs-chef-io/layouts/shortcodes/chef-server/config_rb_backend_summary.md @@ -7,7 +7,7 @@ you have been advised to do so. The following settings are the only settings you should modify without guidance: `fqdn` -: Host name of this node. +: Host name of this node. FQDNs must always be in lowercase. `hide_sensitive` : Set to `false` if you wish to print deltas of diff --git a/docs-chef-io/layouts/shortcodes/chef-server/ctl_chef_server_restore.md b/docs-chef-io/layouts/shortcodes/chef-server/ctl_chef_server_restore.md index 58d9b962a0c..bd1b8616ff2 100644 --- a/docs-chef-io/layouts/shortcodes/chef-server/ctl_chef_server_restore.md +++ b/docs-chef-io/layouts/shortcodes/chef-server/ctl_chef_server_restore.md @@ -14,4 +14,4 @@ Ideally, the restore server will have the same FQDN as the server that you backe 4. If you use a CA-issued certificate instead of a self-signed certificate, copy the CA-issued certificate and key into `/var/opt/opscode/nginx/ca`. 5. Update the `/etc/chef/client.rb` file on each client to point to the new server FQDN. 6. Run `chef-server-ctl reconfigure`. -7. Run ``chef-server-ctl restore`. +7. Run `chef-server-ctl restore`. diff --git a/oc-chef-pedant/Gemfile.lock b/oc-chef-pedant/Gemfile.lock index 41bd9d58842..6a36295177a 100644 --- a/oc-chef-pedant/Gemfile.lock +++ b/oc-chef-pedant/Gemfile.lock @@ -19,7 +19,7 @@ PATH GEM remote: https://rubygems.org/ specs: - activesupport (7.0.4) + activesupport (7.0.4.2) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) @@ -101,7 +101,7 @@ GEM uuidtools (~> 2.1) webrick coderay (1.1.3) - concurrent-ruby (1.1.10) + concurrent-ruby (1.2.2) corefoundation (0.3.13) ffi (>= 1.15.0) debug_inspector (1.1.0) @@ -183,7 +183,7 @@ GEM mime-types (3.4.1) mime-types-data (~> 3.2015) mime-types-data (3.2022.0105) - minitest (5.16.3) + minitest (5.17.0) mixlib-archive (1.1.7) mixlib-log mixlib-authentication (3.0.10) @@ -301,7 +301,7 @@ GEM pastel (~> 0.8) strings (~> 0.2.0) tty-screen (~> 0.8) - tzinfo (2.0.5) + tzinfo (2.0.6) concurrent-ruby (~> 1.0) unf (0.1.4) unf_ext diff --git a/omnibus/Gemfile.lock b/omnibus/Gemfile.lock index 578132cbd16..af197f72636 100644 --- a/omnibus/Gemfile.lock +++ b/omnibus/Gemfile.lock @@ -1,18 +1,18 @@ GIT remote: https://github.com/chef/omnibus-software.git - revision: e9632cb92ae2649d61fd2f3329a9f68cd0d7f7cb + revision: 67a1705bfa8731ba4eac7b5e62f340d5f08a2952 branch: main specs: - omnibus-software (4.0.0) + omnibus-software (23.5.290) omnibus (>= 9.0.0) GIT remote: https://github.com/chef/omnibus.git - revision: d1fe3bbba0bf8c6cbc0e9d75bfcc8216e4345078 + revision: c66e97c211a60296e58da100d79d048974e13904 branch: main specs: - omnibus (9.0.8) - aws-sdk-s3 (~> 1) + omnibus (9.0.14) + aws-sdk-s3 (~> 1.116.0) chef-cleanroom (~> 1.0) chef-utils (>= 15.4) contracts (>= 0.16.0, < 0.17.0) @@ -20,7 +20,7 @@ GIT license_scout (~> 1.0) mixlib-shellout (>= 2.0, < 4.0) mixlib-versioning - ohai (>= 15, < 18) + ohai (>= 16, < 19) pedump rexml (~> 3.2) ruby-progressbar (~> 1.7) @@ -29,25 +29,25 @@ GIT GEM remote: https://rubygems.org/ specs: - addressable (2.8.1) + addressable (2.8.4) public_suffix (>= 2.0.2, < 6.0) artifactory (3.0.15) awesome_print (1.9.2) aws-eventstream (1.2.0) - aws-partitions (1.652.0) - aws-sdk-core (3.166.0) + aws-partitions (1.765.0) + aws-sdk-core (3.172.0) aws-eventstream (~> 1, >= 1.0.2) aws-partitions (~> 1, >= 1.651.0) aws-sigv4 (~> 1.5) jmespath (~> 1, >= 1.6.1) - aws-sdk-kms (1.59.0) + aws-sdk-kms (1.64.0) aws-sdk-core (~> 3, >= 3.165.0) aws-sigv4 (~> 1.1) - aws-sdk-s3 (1.117.1) - aws-sdk-core (~> 3, >= 3.165.0) + aws-sdk-s3 (1.116.0) + aws-sdk-core (~> 3, >= 3.127.0) aws-sdk-kms (~> 1) aws-sigv4 (~> 1.4) - aws-sdk-secretsmanager (1.67.0) + aws-sdk-secretsmanager (1.72.0) aws-sdk-core (~> 3, >= 3.165.0) aws-sigv4 (~> 1.1) aws-sigv4 (1.5.2) @@ -122,13 +122,13 @@ GEM citrus (3.0.2) cleanroom (1.0.0) coderay (1.1.3) - concurrent-ruby (1.1.10) + concurrent-ruby (1.2.2) contracts (0.16.1) corefoundation (0.3.13) ffi (>= 1.15.0) diff-lcs (1.5.0) ed25519 (1.3.0) - erubi (1.11.0) + erubi (1.12.0) erubis (2.7.0) faraday (1.4.3) faraday-em_http (~> 1.0) @@ -182,17 +182,17 @@ GEM train-core (~> 3.0) tty-prompt (~> 0.17) tty-table (~> 0.10) - iostruct (0.0.4) + iostruct (0.0.5) ipaddress (0.8.3) - jmespath (1.6.1) - json (2.6.2) + jmespath (1.6.2) + json (2.6.3) libyajl2 (2.1.0) license-acceptance (2.1.13) pastel (~> 0.7) tomlrb (>= 1.2, < 3.0) tty-box (~> 0.6) tty-prompt (~> 0.20) - license_scout (1.3.2) + license_scout (1.3.6) ffi-yajl (~> 2.2) mixlib-shellout (>= 2.2, < 4.0) toml-rb (>= 1, < 3) @@ -208,7 +208,7 @@ GEM mixlib-cli (2.1.8) mixlib-config (3.0.27) tomlrb - mixlib-install (3.12.20) + mixlib-install (3.12.27) mixlib-shellout mixlib-versioning thor @@ -218,19 +218,19 @@ GEM mixlib-versioning (1.2.12) molinillo (0.8.0) multi_json (1.15.0) - multipart-post (2.2.3) + multipart-post (2.3.0) net-scp (4.0.0) net-ssh (>= 2.6.5, < 8.0.0) net-sftp (2.1.2) net-ssh (>= 2.6.5) - net-ssh (7.0.1) + net-ssh (7.1.0) net-ssh-gateway (2.0.0) net-ssh (>= 4.0.0) nori (2.6.0) octokit (4.25.1) faraday (>= 1, < 3) sawyer (~> 0.9) - ohai (17.9.0) + ohai (17.9.1) chef-config (>= 14.12, < 18) chef-utils (>= 16.0, < 18) ffi (~> 1.9) @@ -247,19 +247,19 @@ GEM parslet (1.8.2) pastel (0.8.0) tty-color (~> 0.5) - pedump (0.6.5) + pedump (0.6.6) awesome_print iostruct (>= 0.0.4) multipart-post (>= 2.0.0) rainbow zhexdump (>= 0.0.2) - plist (3.6.0) + plist (3.7.0) proxifier (1.0.3) - pry (0.14.1) + pry (0.14.2) coderay (~> 1.1) method_source (~> 1.0) - public_suffix (5.0.0) - rack (2.2.4) + public_suffix (5.0.1) + rack (2.2.6.2) rainbow (3.1.1) rake (13.0.6) retryable (3.0.5) @@ -280,7 +280,7 @@ GEM diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.11.0) rspec-support (3.11.1) - ruby-progressbar (1.11.0) + ruby-progressbar (1.13.0) ruby2_keywords (0.0.5) rubyntlm (0.6.3) rubyzip (2.3.2) @@ -298,7 +298,7 @@ GEM unicode_utils (~> 1.4) strings-ansi (0.2.0) syslog-logger (1.6.8) - test-kitchen (3.4.0) + test-kitchen (3.5.0) bcrypt_pbkdf (~> 1.0) chef-utils (>= 16.4.35) ed25519 (~> 1.2) @@ -312,7 +312,7 @@ GEM winrm (~> 2.0) winrm-elevated (~> 1.0) winrm-fs (~> 1.1) - thor (1.2.1) + thor (1.2.2) toml-rb (2.2.0) citrus (~> 3.0, > 3.0) tomlrb (1.3.0) @@ -345,12 +345,12 @@ GEM pastel (~> 0.8) strings (~> 0.2.0) tty-screen (~> 0.8) - unicode-display_width (2.3.0) + unicode-display_width (2.4.2) unicode_utils (1.4.0) uuidtools (2.2.0) vault (0.17.0) aws-sigv4 - webrick (1.7.0) + webrick (1.8.1) winrm (2.3.6) builder (>= 2.1.2) erubi (~> 1.8) diff --git a/omnibus/config/software/opensearch.rb b/omnibus/config/software/opensearch.rb index ad72c90741b..70ea0b2b8db 100644 --- a/omnibus/config/software/opensearch.rb +++ b/omnibus/config/software/opensearch.rb @@ -15,7 +15,7 @@ # name "opensearch" -default_version "1.3.6" +default_version "1.3.7" dependency "server-open-jre" @@ -50,6 +50,11 @@ sha256: "0784cc05ec03dc9cac17dca923272ae08ebc9a43fbbbb61397024f1c90cdb024" end +version "1.3.7" do + source url: "https://artifacts.opensearch.org/releases/bundle/opensearch/#{version}/opensearch-#{version}-linux-x64.tar.gz", + sha256: "541a371f71d6df7bfb643832c8c1291180d082918623987de00b67d0c560a8fa" +end + target_path = "#{install_dir}/embedded/opensearch" build do diff --git a/omnibus/files/server-ctl-cookbooks/infra-server/libraries/private_chef.rb b/omnibus/files/server-ctl-cookbooks/infra-server/libraries/private_chef.rb index 779dbfd2518..2077257abb6 100644 --- a/omnibus/files/server-ctl-cookbooks/infra-server/libraries/private_chef.rb +++ b/omnibus/files/server-ctl-cookbooks/infra-server/libraries/private_chef.rb @@ -294,6 +294,7 @@ def gen_backend(bootstrap) PrivateChef['bookshelf']['listen'] ||= PrivateChef['default_listen_address'] PrivateChef['redis_lb']['listen'] ||= PrivateChef['default_listen_address'] PrivateChef['elasticsearch']['listen'] ||= PrivateChef['default_listen_address'] + PrivateChef['opensearch']['listen'] ||= PrivateChef['default_listen_address'] PrivateChef['postgresql']['listen_address'] ||= '*' # PrivateChef["default_listen_address"] authaddr = [] @@ -312,6 +313,10 @@ def gen_frontend PrivateChef['redis_lb']['vip'] ||= PrivateChef['backend_vips']['ipaddress'] PrivateChef['elasticsearch']['enable'] ||= false PrivateChef['elasticsearch']['vip'] ||= PrivateChef['backend_vips']['ipaddress'] + + PrivateChef['opensearch']['enable'] ||= false + PrivateChef['opensearch']['vip'] ||= PrivateChef['backend_vips']['ipaddress'] + PrivateChef['postgresql']['enable'] ||= false PrivateChef['postgresql']['vip'] ||= PrivateChef['backend_vips']['ipaddress'] PrivateChef['lb']['upstream'] ||= Mash.new diff --git a/omnibus/files/server-ctl-cookbooks/infra-server/recipes/fix_permissions.rb b/omnibus/files/server-ctl-cookbooks/infra-server/recipes/fix_permissions.rb index 989357c258d..96e6dba2554 100644 --- a/omnibus/files/server-ctl-cookbooks/infra-server/recipes/fix_permissions.rb +++ b/omnibus/files/server-ctl-cookbooks/infra-server/recipes/fix_permissions.rb @@ -24,3 +24,18 @@ execute "find #{GEM_PATH} -perm /u=r,g=r,o=r ! -perm /u=x -exec chmod 644 {} \\;" do user 'root' end + +# We backup the files and templates in the folder /var/opt/opscode/local-mode-cache/backup +# the default vaule for the file and template resource is 5 i.e, there will be upto 5 backups of the +# files and templates that we use in the server-ctl cookbook. This includes the configs files also. +# To stop taking the backup, we need to explicitly mention the property backup as 'false' in all the +# usage of file and template resource in the server-ctl cookbook. +# We can secure the backups by changing the permission of /var/opt/opscode/local-mode-cache/backup +# to read and write only for the root user. (CVE-2023-28864) + +directory "/var/opt/#{ChefUtils::Dist::Org::LEGACY_CONF_DIR}/local-mode-cache/backup" do + owner 'root' + group 'root' + mode '600' + recursive false +end diff --git a/omnibus/files/server-ctl-cookbooks/infra-server/templates/default/nginx/nginx_chef_api_lb.conf.erb b/omnibus/files/server-ctl-cookbooks/infra-server/templates/default/nginx/nginx_chef_api_lb.conf.erb index 4ada31997c9..3028c3eb958 100644 --- a/omnibus/files/server-ctl-cookbooks/infra-server/templates/default/nginx/nginx_chef_api_lb.conf.erb +++ b/omnibus/files/server-ctl-cookbooks/infra-server/templates/default/nginx/nginx_chef_api_lb.conf.erb @@ -56,6 +56,8 @@ # Whitelist the docs necessary to serve up error pages and friendly # html to non-chef clients hitting this host. location ~ "^/[0-9]{3,3}\.(json|html)|favicon.ico|index.html$" { + add_header Cache-Control no-store always; + add_header Pragma no-cache always; add_header Content-Security-Policy "default-src 'self';"; add_header X-Frame-Options DENY; add_header X-Content-Type-Options nosniff; @@ -67,6 +69,8 @@ } location "/css/" { + add_header Cache-Control no-store always; + add_header Pragma no-cache always; add_header Content-Security-Policy "default-src 'self';"; add_header X-Frame-Options DENY; add_header X-Content-Type-Options nosniff; @@ -78,6 +82,8 @@ } location "/images/" { + add_header Cache-Control no-store always; + add_header Pragma no-cache always; add_header Content-Security-Policy "default-src 'self';"; add_header X-Frame-Options DENY; add_header X-Content-Type-Options nosniff; @@ -89,6 +95,8 @@ } location /version { + add_header Cache-Control no-store always; + add_header Pragma no-cache always; add_header Content-Security-Policy "default-src 'self';"; add_header X-Frame-Options DENY; add_header X-Content-Type-Options nosniff; @@ -103,6 +111,8 @@ } location ~ "^/organizations/([^/]+)/validate" { + add_header Cache-Control no-store always; + add_header Pragma no-cache always; allow 127.0.0.1; allow ::1; deny all; @@ -111,6 +121,8 @@ <% if node['private_chef']['data_collector']['proxy'] -%> location "/data-collector/" { + add_header Cache-Control no-store always; + add_header Pragma no-cache always; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; @@ -122,6 +134,8 @@ <% if node['private_chef']['data_collector']['root_url'] -%> location ~ "^/organizations/([^/]+)/data-collector$" { + add_header Cache-Control no-store always; + add_header Pragma no-cache always; set $request_org $1; access_by_lua_block { validator.validate("POST") } proxy_set_header x-data-collector-token $data_collector_token; @@ -132,6 +146,8 @@ <% end -%> location ~ "^/organizations/([^/]+)/required_recipe$" { + add_header Cache-Control no-store always; + add_header Pragma no-cache always; <% if node['private_chef']['required_recipe']['enable'] -%> set $request_org $1; access_by_lua_block { validator.validate("GET") } @@ -159,6 +175,8 @@ location ~ <%= @compliance_proxy_regex -%> { set $request_org $1; access_by_lua_block { validator.validate("GET") } + add_header Cache-Control no-store always; + add_header Pragma no-cache always; proxy_set_header x-data-collector-token $data_collector_token; proxy_set_header x-data-collector-auth "version=1.0"; rewrite ^<%= @compliance_proxy_regex -%> /compliance/profiles/$2$3 break; @@ -170,6 +188,8 @@ <% if node['private_chef']['opscode-erchef']['nginx_bookshelf_caching'] != :off -%> location ~ "^/<%= node['private_chef']['opscode-erchef']['s3_bucket'] %>/organization-.+" { set $destination @cached; + add_header Cache-Control no-store always; + add_header Pragma no-cache always; if ($request_method !~ ^(GET)$) { set $destination @uncached; } @@ -177,6 +197,8 @@ return 404; } location @cached { + add_header Cache-Control no-store always; + add_header Pragma no-cache always; proxy_cache cookbooks; <% if node['private_chef']['bookshelf']['external_url'] == :host_header -%> proxy_cache_key $scheme$host$request_uri; @@ -186,16 +208,22 @@ proxy_pass http://bookshelf; } location @uncached { + add_header Cache-Control no-store always; + add_header Pragma no-cache always; proxy_pass http://bookshelf; } <% else -%> location ~ "^/<%= node['private_chef']['opscode-erchef']['s3_bucket'] %>/organization-.+" { + add_header Cache-Control no-store always; + add_header Pragma no-cache always; proxy_pass http://bookshelf; } <% end -%> # erchef status endpoint location ~ "^/_status/?$" { + add_header Cache-Control no-store always; + add_header Pragma no-cache always; types { } default_type application/json; proxy_pass http://opscode_erchef; @@ -203,6 +231,8 @@ # erchef stats endpoint location ~ "^/_stats/?$" { + add_header Cache-Control no-store always; + add_header Pragma no-cache always; <% if node['private_chef']['opscode-erchef']['stats_auth_enable'] -%> auth_basic "Chef Server Admin Stats"; auth_basic_user_file <%= node['private_chef']['opscode-erchef']['stats_password_file'] %>; @@ -221,11 +251,15 @@ include <%= node['private_chef']['nginx']['dir'] %>/etc/addon.d/*_external.conf; location /_route/ { + add_header Cache-Control no-store always; + add_header Pragma no-cache always; default_type 'application/json'; content_by_lua_file '<%= @script_path %>/dispatch_route.lua'; } location / { + add_header Cache-Control no-store always; + add_header Pragma no-cache always; satisfy any; <% if @access_by_lua_file %> @@ -242,7 +276,10 @@ proxy_pass http://$upstream; proxy_redirect http://$upstream /; } + location @errorrespfilter { + add_header Cache-Control no-store always; + add_header Pragma no-cache always; header_filter_by_lua_block { ngx.header.content_length = nil } body_filter_by_lua ' ngx.arg[1] = ngx.re.sub(ngx.arg[1],"openresty", "") diff --git a/sonar-project.properties b/sonar-project.properties new file mode 100644 index 00000000000..056a32cafae --- /dev/null +++ b/sonar-project.properties @@ -0,0 +1,23 @@ +# must be unique in a given SonarQube instance +sonar.projectKey=chef_chef-server_AYb-tSwfJ4YHsO5MtIeK + +# --- optional properties --- + +# defaults to project key +sonar.projectName=chef-server +# defaults to 'not provided' +#sonar.projectVersion=1.0 + +sonar.sources=. +sonar.exclusions=**/*_test.go + +sonar.tests=. +sonar.test.inclusions=**/*_test.go + +# Encoding of the source code. Default is default system encoding +#sonar.sourceEncoding=UTF-8 + +# skip C-language processor +sonar.c.file.suffixes=- +sonar.cpp.file.suffixes=- +sonar.objc.file.suffixes=- diff --git a/src/bookshelf/habitat/plan.sh b/src/bookshelf/habitat/plan.sh index 84a8b28b579..a91702cc0ca 100644 --- a/src/bookshelf/habitat/plan.sh +++ b/src/bookshelf/habitat/plan.sh @@ -3,7 +3,7 @@ pkg_origin=chef pkg_license=('Apache-2.0') pkg_maintainer="The Chef Server Maintainers " pkg_deps=( - core/erlang22 + core/erlang24 core/cacerts core/coreutils core/gcc-libs diff --git a/src/bookshelf/rebar.config b/src/bookshelf/rebar.config index 75b00d4ca8f..bbd193b19e0 100644 --- a/src/bookshelf/rebar.config +++ b/src/bookshelf/rebar.config @@ -39,7 +39,7 @@ {opscoderl_wm, ".*", {git, "https://github.com/chef/opscoderl_wm", {branch, "main"}}}, {sqerl, ".*", - {git, "https://github.com/chef/sqerl", {branch, "master"}}}, + {git, "https://github.com/chef/sqerl", {branch, "main"}}}, {sync, ".*", {git, "https://github.com/rustyio/sync", {branch, "master"}}} ]}. @@ -142,6 +142,7 @@ {include_src, false}, {extended_start_script,true}, {overlay,[{template,"config/app.config","sys.config"}, - {copy,"schema","."} + {mkdir,"schema"}, + {copy,"schema","schema"} ]} ]}. diff --git a/src/bookshelf/rebar.lock b/src/bookshelf/rebar.lock index ddc35351bc4..eb43dea9f61 100644 --- a/src/bookshelf/rebar.lock +++ b/src/bookshelf/rebar.lock @@ -1,5 +1,7 @@ -{"1.2.0", -[{<<"base16">>,{pkg,<<"base16">>,<<"1.0.0">>},1}, +[{<<"base16">>, + {git,"https://github.com/goj/base16", + {ref,"f78918e7b593fbdc35ec9bcc349aa50f47f45a8b"}}, + 1}, {<<"cf">>, {git,"https://github.com/project-fifo/cf", {ref,"2bcf00402db9ca5a4790de7f82c8139baaf8856c"}}, @@ -8,7 +10,10 @@ {git,"https://github.com/chef/chef_secrets", {ref,"6fa36689fd599602e5985587a1497282df2d907a"}}, 0}, - {<<"eini">>,{pkg,<<"eini">>,<<"1.2.6">>},1}, + {<<"eini">>, + {git,"https://github.com/erlcloud/eini", + {ref,"511a94254d6eecc9331da31cd4fa08ff64b4d2e2"}}, + 1}, {<<"ej">>, {git,"https://github.com/chef/ej", {ref,"f843f4da1cb7d8d2414adccc37fe523e3f92d789"}}, @@ -22,12 +27,12 @@ {ref,"17b0f97ea8287b72e8ebbe7132214db182ff1a1d"}}, 0}, {<<"epgsql">>, - {git,"https://github.com/chef/epgsql-1", + {git,"https://github.com/chef/epgsql-1.git", {ref,"34b4182f0e21f9189ddd7b2e290f01a9e7d93bf1"}}, 1}, {<<"erlcloud">>, {git,"https://github.com/chef/erlcloud", - {branch,"lbaker/presigned-headers"}}, + {ref,"27724cc615bb71595e88665ffd3ea083bf51ecb3"}}, 0}, {<<"erlsom">>, {git,"https://github.com/chef/erlsom", @@ -37,29 +42,41 @@ {git,"https://github.com/chef/erlware_commons", {ref,"f511ed875bea87212ba9ee40ade1c9f53498ce79"}}, 0}, - {<<"fs">>,{pkg,<<"fs">>,<<"6.1.1">>},1}, - {<<"goldrush">>,{pkg,<<"goldrush">>,<<"0.1.9">>},1}, + {<<"fs">>, + {git,"https://github.com/synrc/fs", + {ref,"936ba9dcf88186250ecc5995e25154bde44252a1"}}, + 1}, + {<<"goldrush">>, + {git,"https://github.com/DeadZen/goldrush", + {ref,"8f1b715d36b650ec1e1f5612c00e28af6ab0de82"}}, + 1}, {<<"iso8601">>, {git,"https://github.com/erlsci/iso8601", {ref,"4603fc810cacf859761c0e154590cde2ce9cc6b5"}}, 0}, {<<"jiffy">>, {git,"https://github.com/davisp/jiffy", - {ref, "9ea1b35b6e60ba21dfd4adbd18e7916a831fd7d4"}}, + {ref,"9ea1b35b6e60ba21dfd4adbd18e7916a831fd7d4"}}, + 1}, + {<<"jsx">>, + {git,"https://github.com/talentdeficit/jsx", + {ref,"e8d2e01b608e0670a4f82e35ccb5ef3f86115423"}}, 1}, - {<<"jsx">>,{pkg,<<"jsx">>,<<"2.9.0">>},1}, {<<"lager">>, {git,"https://github.com/erlang-lager/lager", {ref,"a140ea935eae9149bb35234bb40f6acf1c69caa1"}}, 0}, - {<<"lhttpc">>,{pkg,<<"lhttpc">>,<<"1.6.2">>},1}, + {<<"lhttpc">>, + {git,"https://github.com/erlcloud/lhttpc", + {ref,"8e34985a3cd0ac2a7fc2a88a041554c64d33e74b"}}, + 1}, {<<"meck">>, {git,"https://github.com/eproxus/meck", - {ref,"06192a984750070ace33b60a492ca27ec9bc6806"}}, + {ref,"e48641a20a605174e640ac91a528d443be11c9b9"}}, 0}, {<<"mini_s3">>, {git,"https://github.com/chef/mini_s3", - {ref,"e3d368bf2c9e0aff4743574cbc7d8c8472741957"}}, + {ref,"4dd584fce031d35bbe5c4b72a04660b75673ca21"}}, 0}, {<<"mixer">>, {git,"https://github.com/inaka/mixer", @@ -67,7 +84,7 @@ 0}, {<<"mochiweb">>, {git,"https://github.com/mochi/mochiweb", - {ref,"070594e4d66163d662ac7e3bfb75dadcc922dd7c"}}, + {ref,"666ac57d5cad8da0341e53db884855ee9a9805b0"}}, 0}, {<<"observer_cli">>, {git,"https://github.com/zhongwencool/observer_cli", @@ -78,13 +95,16 @@ {ref,"5436cc600db462226a5d2f3ed585ab39eaf20ee5"}}, 0}, {<<"pooler">>, - {git,"https://github.com/chef/pooler", + {git,"https://github.com/chef/pooler.git", {ref,"681c355abaacc5487ddf41a84b9ed53151a765fe"}}, 1}, - {<<"recon">>,{pkg,<<"recon">>,<<"2.5.1">>},1}, + {<<"recon">>, + {git,"https://github.com/ferd/recon/", + {ref,"f7b6c08e6e9e2219db58bfb012c58c178822e01e"}}, + 1}, {<<"sqerl">>, {git,"https://github.com/chef/sqerl", - {ref,"a27e3e58da53240dc9925ec03ecdb894b8231cf9"}}, + {ref,"ebbe4c20ab5cd21041229d22dd60a6b38aa2930c"}}, 0}, {<<"sync">>, {git,"https://github.com/rustyio/sync", @@ -93,14 +113,4 @@ {<<"webmachine">>, {git,"https://github.com/chef/webmachine", {ref,"1389b01a9fbc25d36aad8956e08d2d0db242625f"}}, - 1}]}. -[ -{pkg_hash,[ - {<<"base16">>, <<"283644E2B21BD5915ACB7178BED7851FB07C6E5749B8FAD68A53C501092176D9">>}, - {<<"eini">>, <<"DFFA48476FD89FB6E41CEEA0ADFA1BC6E7862CCD6584417442F8BB37E5D34715">>}, - {<<"fs">>, <<"9D147B944D60CFA48A349F12D06C8EE71128F610C90870BDF9A6773206452ED0">>}, - {<<"goldrush">>, <<"F06E5D5F1277DA5C413E84D5A2924174182FB108DABB39D5EC548B27424CD106">>}, - {<<"jsx">>, <<"D2F6E5F069C00266CAD52FB15D87C428579EA4D7D73A33669E12679E203329DD">>}, - {<<"lhttpc">>, <<"044F16F0018C7AA7E945E9E9406C7F6035E0B8BC08BF77B00C78CE260E1071E3">>}, - {<<"recon">>, <<"430FFA60685AC1EFDFB1FE4C97B8767C92D0D92E6E7C3E8621559BA77598678A">>}]} -]. + 1}]. diff --git a/src/bookshelf/rebar3 b/src/bookshelf/rebar3 index bcec2f00a69..ed2a36d577b 100755 Binary files a/src/bookshelf/rebar3 and b/src/bookshelf/rebar3 differ diff --git a/src/chef-server-ctl/Gemfile.lock b/src/chef-server-ctl/Gemfile.lock index 70b6994c308..dd21bdf633a 100644 --- a/src/chef-server-ctl/Gemfile.lock +++ b/src/chef-server-ctl/Gemfile.lock @@ -133,7 +133,7 @@ GEM rubocop (= 1.25.1) cleanroom (1.0.0) coderay (1.1.3) - concurrent-ruby (1.1.10) + concurrent-ruby (1.2.2) corefoundation (0.3.13) ffi (>= 1.15.0) diff-lcs (1.5.0) @@ -240,7 +240,7 @@ GEM mixlib-cli (2.1.8) mixlib-config (3.0.27) tomlrb - mixlib-install (3.12.20) + mixlib-install (3.12.27) mixlib-shellout mixlib-versioning thor @@ -288,14 +288,14 @@ GEM pastel (0.8.0) tty-color (~> 0.5) pbkdf2 (0.1.0) - pg (1.4.4) + pg (1.4.6) plist (3.6.0) proxifier (1.0.3) pry (0.14.1) coderay (~> 1.1) method_source (~> 1.0) public_suffix (5.0.0) - rack (2.2.4) + rack (2.2.6.2) rainbow (3.1.1) rake (13.0.6) redis (4.7.1) diff --git a/src/chef-server-ctl/lib/chef_server_ctl/config.rb b/src/chef-server-ctl/lib/chef_server_ctl/config.rb index 0f3954d9a1d..1281331d4c6 100644 --- a/src/chef-server-ctl/lib/chef_server_ctl/config.rb +++ b/src/chef-server-ctl/lib/chef_server_ctl/config.rb @@ -72,7 +72,12 @@ def self.lb_url elsif fips_enabled DEFAULT_FIPS_LB_URL else - DEFAULT_LB_URL + nginx = @@ctl.running_service_config("nginx") + if nginx and nginx["ssl_port"] and (nginx["ssl_port"] != 443) + "#{DEFAULT_LB_URL}:#{nginx["ssl_port"]}" + else + DEFAULT_LB_URL + end end end diff --git a/src/oc-id/Gemfile b/src/oc-id/Gemfile index d7304a05d6a..63382413a48 100644 --- a/src/oc-id/Gemfile +++ b/src/oc-id/Gemfile @@ -8,19 +8,19 @@ gem 'chef', '~> 17' gem 'jbuilder', '~> 2.11' gem 'jquery-rails' gem 'jwt' # For Zendesk SSO -gem 'config', '~> 4.0' # Replacement of rails_config gem +gem 'config', '~> 4.1' # Replacement of rails_config gem gem 'rb-readline', '~> 0.5.2', require: false gem 'sass-rails', '>= 4.0.3' gem 'turbolinks', '~> 5' gem 'unicorn-rails', '~> 2.2', '>= 2.2.1' -gem 'nokogiri', '1.13.9' +gem 'nokogiri', '1.14.3' gem 'pg', '>= 0.18', '< 2.0' # active_record 4.2.8 pins this but doesn't manifest this in the gemspec for some reason gem 'mixlib-authentication', '>= 2.1', '< 4' gem 'responders', '~> 3.0', '>= 3.0.1' gem 'doorkeeper', '~> 4.0' gem "sprockets-rails", ">= 3.4.2" gem 'therubyracer', '~> 0.12.3' -gem 'bigdecimal', '3.1.2' +gem 'bigdecimal', '3.1.3' gem 'veil', '~> 0.3.11' gem 'omniauth-chef', '~> 0.4' @@ -55,8 +55,8 @@ group :doc do end group :test do - gem 'capybara', '~> 3.37' + gem 'capybara', '~> 3.38' gem 'factory_girl_rails', '~> 4.9.0' - gem 'selenium-webdriver', '~> 4.5.0' + gem 'selenium-webdriver', '~> 4.7.1' gem 'timecop' end diff --git a/src/oc-id/Gemfile.lock b/src/oc-id/Gemfile.lock index 1fa0b53baf5..89cd2a3299d 100644 --- a/src/oc-id/Gemfile.lock +++ b/src/oc-id/Gemfile.lock @@ -60,8 +60,8 @@ GEM minitest (>= 5.1) tzinfo (~> 2.0) zeitwerk (~> 2.3) - addressable (2.8.0) - public_suffix (>= 2.0.2, < 5.0) + addressable (2.8.1) + public_suffix (>= 2.0.2, < 6.0) aws-eventstream (1.2.0) aws-partitions (1.568.0) aws-sdk-core (3.130.0) @@ -86,12 +86,12 @@ GEM coderay (>= 1.0.0) erubi (>= 1.0.0) rack (>= 0.9.0) - bigdecimal (3.1.2) + bigdecimal (3.1.3) binding_of_caller (1.0.0) debug_inspector (>= 0.0.1) builder (3.2.4) byebug (11.1.3) - capybara (3.37.1) + capybara (3.38.0) addressable matrix mini_mime (>= 0.1.3) @@ -151,7 +151,6 @@ GEM rack (~> 2.0, >= 2.0.6) uuidtools (~> 2.1) webrick - childprocess (4.1.0) coderay (1.1.3) coffee-rails (5.0.0) coffee-script (>= 2.2.0) @@ -161,7 +160,7 @@ GEM execjs coffee-script-source (1.12.2) concurrent-ruby (1.1.10) - config (4.0.0) + config (4.1.0) deep_merge (~> 1.2, >= 1.2.1) dry-validation (~> 1.0, >= 1.0.0) corefoundation (0.3.13) @@ -173,39 +172,39 @@ GEM diff-lcs (1.5.0) doorkeeper (4.4.3) railties (>= 4.2) - dry-configurable (0.14.0) + dry-configurable (1.0.1) + dry-core (~> 1.0, < 2) + zeitwerk (~> 2.6) + dry-core (1.0.0) concurrent-ruby (~> 1.0) - dry-core (~> 0.6) - dry-container (0.9.0) - concurrent-ruby (~> 1.0) - dry-configurable (~> 0.13, >= 0.13.0) - dry-core (0.7.1) - concurrent-ruby (~> 1.0) - dry-inflector (0.2.1) + zeitwerk (~> 2.6) + dry-inflector (1.0.0) dry-initializer (3.1.1) - dry-logic (1.2.0) + dry-logic (1.4.0) concurrent-ruby (~> 1.0) - dry-core (~> 0.5, >= 0.5) - dry-schema (1.9.1) + dry-core (~> 1.0, < 2) + zeitwerk (~> 2.6) + dry-schema (1.12.0) concurrent-ruby (~> 1.0) - dry-configurable (~> 0.13, >= 0.13.0) - dry-core (~> 0.5, >= 0.5) + dry-configurable (~> 1.0, < 2) + dry-core (~> 1.0, < 2) dry-initializer (~> 3.0) - dry-logic (~> 1.0) - dry-types (~> 1.5) - dry-types (1.5.1) + dry-logic (>= 1.4, < 2) + dry-types (>= 1.7, < 2) + zeitwerk (~> 2.6) + dry-types (1.7.0) concurrent-ruby (~> 1.0) - dry-container (~> 0.3) - dry-core (~> 0.5, >= 0.5) - dry-inflector (~> 0.1, >= 0.1.2) - dry-logic (~> 1.0, >= 1.0.2) - dry-validation (1.8.0) + dry-core (~> 1.0, < 2) + dry-inflector (~> 1.0, < 2) + dry-logic (>= 1.4, < 2) + zeitwerk (~> 2.6) + dry-validation (1.10.0) concurrent-ruby (~> 1.0) - dry-container (~> 0.7, >= 0.7.1) - dry-core (~> 0.5, >= 0.5) + dry-core (~> 1.0, < 2) dry-initializer (~> 3.0) - dry-schema (~> 1.9, >= 1.9.1) - erubi (1.10.0) + dry-schema (>= 1.12, < 2) + zeitwerk (~> 2.6) + erubi (1.11.0) erubis (2.7.0) eventmachine (1.2.7) execjs (2.8.1) @@ -246,7 +245,7 @@ GEM tilt hashie (4.1.0) httpclient (2.8.3) - i18n (1.10.0) + i18n (1.12.0) concurrent-ruby (~> 1.0) iniparse (1.5.0) inspec-core (4.56.17) @@ -277,7 +276,7 @@ GEM actionview (>= 5.0.0) activesupport (>= 5.0.0) jmespath (1.6.1) - jquery-rails (4.5.0) + jquery-rails (4.5.1) rails-dom-testing (>= 1, < 3) railties (>= 4.2.0) thor (>= 0.14, < 2.0) @@ -295,7 +294,7 @@ GEM logging (2.3.0) little-plugger (~> 1.1) multi_json (~> 1.14) - loofah (2.18.0) + loofah (2.19.0) crass (~> 1.0.2) nokogiri (>= 1.5.9) mail (2.7.1) @@ -314,8 +313,8 @@ GEM matrix (0.4.2) method_source (1.0.0) mini_mime (1.1.2) - mini_portile2 (2.8.0) - minitest (5.15.0) + mini_portile2 (2.8.1) + minitest (5.16.3) mixlib-archive (1.1.7) mixlib-log mixlib-authentication (3.0.10) @@ -327,7 +326,7 @@ GEM chef-utils multi_json (1.15.0) multipart-post (2.1.1) - mustermann (1.1.1) + mustermann (3.0.0) ruby2_keywords (~> 0.0.1) net-scp (3.0.0) net-ssh (>= 2.6.5, < 7.0.0) @@ -335,7 +334,7 @@ GEM net-ssh (>= 5.0.0, < 7.0.0) net-ssh (6.1.0) nio4r (2.5.8) - nokogiri (1.13.9) + nokogiri (1.14.3) mini_portile2 (~> 2.8.0) racc (~> 1.4) nori (2.6.0) @@ -364,7 +363,7 @@ GEM pastel (0.8.0) tty-color (~> 0.5) pbkdf2 (0.1.0) - pg (1.4.4) + pg (1.4.5) plist (3.6.0) proxifier (1.0.3) pry (0.14.1) @@ -375,13 +374,13 @@ GEM pry (>= 0.13, < 0.15) psych (4.0.3) stringio - public_suffix (4.0.7) - racc (1.6.0) - rack (2.2.3.1) - rack-protection (2.2.0) + public_suffix (5.0.0) + racc (1.6.2) + rack (2.2.6.2) + rack-protection (3.0.4) rack - rack-test (1.1.0) - rack (>= 1.0, < 3) + rack-test (2.0.2) + rack (>= 1.3) rails (6.1.4.6) actioncable (= 6.1.4.6) actionmailbox (= 6.1.4.6) @@ -418,7 +417,7 @@ GEM rdoc (6.4.0) psych (>= 4.0.0) ref (2.0.0) - regexp_parser (2.4.0) + regexp_parser (2.6.0) responders (3.0.1) actionpack (>= 5.0) railties (>= 5.0) @@ -462,21 +461,20 @@ GEM tilt sdoc (2.4.0) rdoc (>= 5.0) - selenium-webdriver (4.5.0) - childprocess (>= 0.5, < 5.0) + selenium-webdriver (4.7.1) rexml (~> 3.2, >= 3.2.5) rubyzip (>= 1.2.2, < 3.0) websocket (~> 1.0) semverse (3.0.0) - sinatra (2.2.0) - mustermann (~> 1.0) - rack (~> 2.2) - rack-protection (= 2.2.0) + sinatra (3.0.4) + mustermann (~> 3.0) + rack (~> 2.2, >= 2.2.4) + rack-protection (= 3.0.4) tilt (~> 2.0) skinny (0.2.2) eventmachine (~> 1.0) thin - spring (4.1.0) + spring (4.1.1) spring-commands-rspec (1.0.4) spring (>= 0.9.1) sprockets (4.0.2) @@ -506,8 +504,8 @@ GEM eventmachine (~> 1.0, >= 1.0.4) rack (>= 1, < 3) thor (1.2.1) - tilt (2.0.10) - timecop (0.9.5) + tilt (2.0.11) + timecop (0.9.6) tomlrb (1.3.0) train-core (3.8.9) addressable (~> 2.5) @@ -541,7 +539,7 @@ GEM turbolinks (5.2.1) turbolinks-source (~> 5.2) turbolinks-source (5.2.0) - tzinfo (2.0.4) + tzinfo (2.0.5) concurrent-ruby (~> 1.0) uglifier (4.2.0) execjs (>= 0.3.0, < 3) @@ -586,19 +584,19 @@ GEM wmi-lite (1.0.5) xpath (3.2.0) nokogiri (~> 1.8) - zeitwerk (2.5.4) + zeitwerk (2.6.6) PLATFORMS ruby DEPENDENCIES better_errors - bigdecimal (= 3.1.2) + bigdecimal (= 3.1.3) binding_of_caller - capybara (~> 3.37) + capybara (~> 3.38) chef (~> 17) coffee-rails (~> 5.0) - config (~> 4.0) + config (~> 4.1) doorkeeper (~> 4.0) factory_girl_rails (~> 4.9.0) jbuilder (~> 2.11) @@ -606,7 +604,7 @@ DEPENDENCIES jwt mailcatcher mixlib-authentication (>= 2.1, < 4) - nokogiri (= 1.13.9) + nokogiri (= 1.14.3) omniauth-chef (~> 0.4) pg (>= 0.18, < 2.0) pry-byebug @@ -617,7 +615,7 @@ DEPENDENCIES rspec-rails (~> 6.0) sass-rails (>= 4.0.3) sdoc - selenium-webdriver (~> 4.5.0) + selenium-webdriver (~> 4.7.1) spring spring-commands-rspec sprockets-rails (>= 3.4.2) diff --git a/src/oc_bifrost/habitat/plan.sh b/src/oc_bifrost/habitat/plan.sh index c86923f256e..04f7c34200f 100644 --- a/src/oc_bifrost/habitat/plan.sh +++ b/src/oc_bifrost/habitat/plan.sh @@ -3,7 +3,7 @@ pkg_origin=chef pkg_license=('Apache-2.0') pkg_maintainer="The Chef Server Maintainers " pkg_deps=( - core/erlang22 + core/erlang24 core/cacerts core/coreutils core/curl diff --git a/src/oc_bifrost/oc-bifrost-pedant/Gemfile.lock b/src/oc_bifrost/oc-bifrost-pedant/Gemfile.lock index 4583c93a87d..514791ba510 100644 --- a/src/oc_bifrost/oc-bifrost-pedant/Gemfile.lock +++ b/src/oc_bifrost/oc-bifrost-pedant/Gemfile.lock @@ -13,7 +13,7 @@ PATH GEM remote: https://rubygems.org/ specs: - activesupport (7.0.4) + activesupport (7.0.4.1) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) @@ -31,7 +31,7 @@ GEM mime-types (3.4.1) mime-types-data (~> 3.2015) mime-types-data (3.2022.0105) - minitest (5.16.3) + minitest (5.17.0) mixlib-config (3.0.27) tomlrb net-http-spy (0.2.1) diff --git a/src/oc_bifrost/rebar.lock b/src/oc_bifrost/rebar.lock index 4d7b63b171e..721626374dd 100644 --- a/src/oc_bifrost/rebar.lock +++ b/src/oc_bifrost/rebar.lock @@ -1,18 +1,17 @@ -{"1.1.0", [{<<"chef_secrets">>, {git,"https://github.com/chef/chef_secrets", {ref,"6fa36689fd599602e5985587a1497282df2d907a"}}, 0}, {<<"edown">>, {git,"https://github.com/uwiger/edown", - {ref,"3c4f660c892e395fedac83b43476b23d38f4efb4"}}, + {ref,"36b838a7fdf829cb5dac07533294f7cb8c8de632"}}, 0}, {<<"ej">>, {git,"https://github.com/chef/ej", {ref,"f843f4da1cb7d8d2414adccc37fe523e3f92d789"}}, 0}, {<<"envy">>, - {git,"https://github.com/manderson26/envy", + {git,"https://github.com/manderson26/envy.git", {ref,"0148fb4b7ed0e188511578e98b42d6e7dde0ebd1"}}, 1}, {<<"eper">>, @@ -20,11 +19,17 @@ {ref,"17b0f97ea8287b72e8ebbe7132214db182ff1a1d"}}, 0}, {<<"epgsql">>, - {git,"https://github.com/chef/epgsql-1", + {git,"https://github.com/chef/epgsql-1.git", {ref,"34b4182f0e21f9189ddd7b2e290f01a9e7d93bf1"}}, 1}, - {<<"fs">>,{pkg,<<"fs">>,<<"6.1.1">>},1}, - {<<"goldrush">>,{pkg,<<"goldrush">>,<<"0.1.9">>},1}, + {<<"fs">>, + {git,"https://github.com/synrc/fs", + {ref,"936ba9dcf88186250ecc5995e25154bde44252a1"}}, + 1}, + {<<"goldrush">>, + {git,"https://github.com/DeadZen/goldrush", + {ref,"8f1b715d36b650ec1e1f5612c00e28af6ab0de82"}}, + 1}, {<<"jiffy">>, {git,"https://github.com/davisp/jiffy", {ref,"9ea1b35b6e60ba21dfd4adbd18e7916a831fd7d4"}}, @@ -43,7 +48,7 @@ 0}, {<<"mochiweb">>, {git,"https://github.com/mochi/mochiweb", - {ref,"070594e4d66163d662ac7e3bfb75dadcc922dd7c"}}, + {ref,"666ac57d5cad8da0341e53db884855ee9a9805b0"}}, 0}, {<<"observer_cli">>, {git,"https://github.com/zhongwencool/observer_cli", @@ -54,13 +59,16 @@ {ref,"5436cc600db462226a5d2f3ed585ab39eaf20ee5"}}, 0}, {<<"pooler">>, - {git,"https://github.com/chef/pooler", + {git,"https://github.com/chef/pooler.git", {ref,"681c355abaacc5487ddf41a84b9ed53151a765fe"}}, 1}, - {<<"recon">>,{pkg,<<"recon">>,<<"2.5.1">>},1}, + {<<"recon">>, + {git,"https://github.com/ferd/recon/", + {ref,"f7b6c08e6e9e2219db58bfb012c58c178822e01e"}}, + 1}, {<<"sqerl">>, {git,"https://github.com/chef/sqerl", - {ref,"a27e3e58da53240dc9925ec03ecdb894b8231cf9"}}, + {ref,"ebbe4c20ab5cd21041229d22dd60a6b38aa2930c"}}, 0}, {<<"stats_hero">>, {git,"https://github.com/chef/stats_hero", @@ -68,15 +76,9 @@ 0}, {<<"sync">>, {git,"https://github.com/rustyio/sync", - {ref,"7c9367e73b7dbb01a788f8d0120d747330112f6f"}}, + {ref,"3f0049e809ffe303ae2cd395217a025ce6e758ae"}}, 0}, {<<"webmachine">>, {git,"https://github.com/chef/webmachine", {ref,"1389b01a9fbc25d36aad8956e08d2d0db242625f"}}, - 1}]}. -[ -{pkg_hash,[ - {<<"fs">>, <<"9D147B944D60CFA48A349F12D06C8EE71128F610C90870BDF9A6773206452ED0">>}, - {<<"goldrush">>, <<"F06E5D5F1277DA5C413E84D5A2924174182FB108DABB39D5EC548B27424CD106">>}, - {<<"recon">>, <<"430FFA60685AC1EFDFB1FE4C97B8767C92D0D92E6E7C3E8621559BA77598678A">>}]} -]. + 1}]. diff --git a/src/oc_bifrost/rebar3 b/src/oc_bifrost/rebar3 index bcec2f00a69..ed2a36d577b 100755 Binary files a/src/oc_bifrost/rebar3 and b/src/oc_bifrost/rebar3 differ diff --git a/src/oc_erchef/apps-chef_db-itest b/src/oc_erchef/apps-chef_db-itest new file mode 120000 index 00000000000..5ebd8d7f339 --- /dev/null +++ b/src/oc_erchef/apps-chef_db-itest @@ -0,0 +1 @@ +apps/chef_db/itest/ \ No newline at end of file diff --git a/src/oc_erchef/apps-oc_chef_authz-itest b/src/oc_erchef/apps-oc_chef_authz-itest new file mode 120000 index 00000000000..40f8ff5c844 --- /dev/null +++ b/src/oc_erchef/apps-oc_chef_authz-itest @@ -0,0 +1 @@ +apps/oc_chef_authz/itest/ \ No newline at end of file diff --git a/src/oc_erchef/apps-oc_chef_wm-itest b/src/oc_erchef/apps-oc_chef_wm-itest new file mode 120000 index 00000000000..d5c5decbf8e --- /dev/null +++ b/src/oc_erchef/apps-oc_chef_wm-itest @@ -0,0 +1 @@ +apps/oc_chef_wm/itest/ \ No newline at end of file diff --git a/src/oc_erchef/apps/chef_objects/src/chef_objects.app.src b/src/oc_erchef/apps/chef_objects/src/chef_objects.app.src index 177de5805dc..1c96b230900 100644 --- a/src/oc_erchef/apps/chef_objects/src/chef_objects.app.src +++ b/src/oc_erchef/apps/chef_objects/src/chef_objects.app.src @@ -31,7 +31,7 @@ pooler ]}, {env, [ - {s3_url_type, undefined}, + {s3_url_type, path}, %% S3 Access credentials for Bookshelf operations {s3_access_key_id, undefined}, diff --git a/src/oc_erchef/apps/chef_objects/src/chef_s3.erl b/src/oc_erchef/apps/chef_objects/src/chef_s3.erl index c4c571fc22d..a989a00d48f 100644 --- a/src/oc_erchef/apps/chef_objects/src/chef_s3.erl +++ b/src/oc_erchef/apps/chef_objects/src/chef_s3.erl @@ -164,7 +164,7 @@ aws_config(S3Url) -> {ok, S3AccessKeyId} = chef_secrets:get(<<"bookshelf">>, <<"access_key_id">>), {ok, S3SecretKeyId} = chef_secrets:get(<<"bookshelf">>, <<"secret_access_key">>), SslOpts = envy:get(chef_objects, s3_ssl_opts, [], list), - PathOrVhost = envy:get(chef_objects, s3_url_type, atom), + PathOrVhost = envy:get(chef_objects, s3_url_type, path, atom), mini_s3:new(erlang:binary_to_list(S3AccessKeyId), erlang:binary_to_list(S3SecretKeyId), S3Url, PathOrVhost, SslOpts). %% @doc returns a url for accessing s3 internally. This is used diff --git a/src/oc_erchef/apps/chef_objects/test/chef_s3_tests.erl b/src/oc_erchef/apps/chef_objects/test/chef_s3_tests.erl index e001f068b07..bb826bfec7f 100644 --- a/src/oc_erchef/apps/chef_objects/test/chef_s3_tests.erl +++ b/src/oc_erchef/apps/chef_objects/test/chef_s3_tests.erl @@ -140,7 +140,7 @@ generate_presigned_url_uses_configured_s3_url_test_() -> fun() -> application:set_env(chef_objects, s3_url_expiry_window_size, {15, minutes}), ExpectedExpiry = {3600, 900}, - InternalS3Url = "https://FAKE_S3.com", + InternalS3Url = "https://fake_s3.com", ExternalS3Url = host_header, setup_s3(InternalS3Url, ExternalS3Url), {InternalS3Url, ExternalS3Url, ExpectedExpiry} @@ -178,7 +178,7 @@ generate_presigned_url_uses_configured_s3_url_test_() -> fun() -> application:set_env(chef_objects, s3_url_expiry_window_size, {15, percent}), ExpectedExpiry = {3600, 540}, - InternalS3Url = "https://FAKE_S3.com", + InternalS3Url = "https://fake_s3.com", ExternalS3Url = InternalS3Url, setup_s3(InternalS3Url, ExternalS3Url), {InternalS3Url, ExternalS3Url, ExpectedExpiry} @@ -215,7 +215,7 @@ generate_presigned_url_uses_configured_s3_url_test_() -> fun() -> application:set_env(chef_objects, s3_url_expiry_window_size, off), ExpectedExpiry = 3600, - InternalS3Url = "https://FAKE_S3.com", + InternalS3Url = "https://fake_s3.com", ExternalS3Url = "https://external-s3.com", setup_s3(InternalS3Url, ExternalS3Url), {InternalS3Url, ExternalS3Url, ExpectedExpiry} diff --git a/src/oc_erchef/habitat/plan.sh b/src/oc_erchef/habitat/plan.sh index 019c014042b..885ebc60cb3 100644 --- a/src/oc_erchef/habitat/plan.sh +++ b/src/oc_erchef/habitat/plan.sh @@ -3,7 +3,7 @@ pkg_origin=chef pkg_license=('Apache-2.0') pkg_maintainer="The Chef Server Maintainers " pkg_deps=( - core/erlang22 + core/erlang24 core/cacerts core/coreutils core/curl diff --git a/src/oc_erchef/rebar.config b/src/oc_erchef/rebar.config index cd813e73fb9..ff9336f9a01 100644 --- a/src/oc_erchef/rebar.config +++ b/src/oc_erchef/rebar.config @@ -88,9 +88,9 @@ {ct_opts, [ {dir, [ - "apps/chef_db/itest", - "apps/oc_chef_authz/itest", - "apps/oc_chef_wm/itest" + "apps-chef_db-itest", + "apps-oc_chef_authz-itest", + "apps-oc_chef_wm-itest" ]}]}. {overrides, [ @@ -165,7 +165,8 @@ {overlay,[{mkdir,"log/sasl"}, {mkdir,"lib/patches"}, {mkdir,"etc/keys"}, - {copy,"schema","."}, + {mkdir,"schema"}, + {copy,"schema","schema"}, {copy,"priv/reindex-opc-organization", "bin/reindex-opc-organization"}, {template,"config/app.config","sys.config"}]} diff --git a/src/oc_erchef/rebar.lock b/src/oc_erchef/rebar.lock index 61eaa35a9e6..89ca7dcf050 100644 --- a/src/oc_erchef/rebar.lock +++ b/src/oc_erchef/rebar.lock @@ -1,11 +1,13 @@ -{"1.1.0", -[{<<"base16">>,{pkg,<<"base16">>,<<"1.0.0">>},1}, +[{<<"base16">>, + {git,"https://github.com/goj/base16", + {ref,"f78918e7b593fbdc35ec9bcc349aa50f47f45a8b"}}, + 1}, {<<"bcrypt">>, {git,"https://github.com/erlangpack/bcrypt", {ref,"826291ebd232ebfc4fb69f1c27d35706eecb8fc2"}}, 0}, {<<"bear">>, - {git,"https://github.com/boundary/bear", + {git,"https://github.com/boundary/bear.git", {ref,"119234548783af19b8ec75c879c5062676b92571"}}, 1}, {<<"cf">>, @@ -14,7 +16,7 @@ 0}, {<<"chef_authn">>, {git,"https://github.com/chef/chef_authn", - {ref,"2ba22845aa5d706cd4e3d5b867f0d9ca038e649a"}}, + {ref,"57ae954ab231e4cd24740315eddc932aaf5515fc"}}, 0}, {<<"chef_secrets">>, {git,"https://github.com/chef/chef_secrets", @@ -26,13 +28,16 @@ 0}, {<<"edown">>, {git,"https://github.com/uwiger/edown", - {ref,"3c4f660c892e395fedac83b43476b23d38f4efb4"}}, + {ref,"36b838a7fdf829cb5dac07533294f7cb8c8de632"}}, 0}, {<<"efast_xs">>, {git,"https://github.com/chef/efast_xs", {ref,"c2a6b925ed94ab8a28ff49375782834033919190"}}, 0}, - {<<"eini">>,{pkg,<<"eini">>,<<"1.2.6">>},1}, + {<<"eini">>, + {git,"https://github.com/erlcloud/eini", + {ref,"511a94254d6eecc9331da31cd4fa08ff64b4d2e2"}}, + 1}, {<<"ej">>, {git,"https://github.com/chef/ej", {ref,"f843f4da1cb7d8d2414adccc37fe523e3f92d789"}}, @@ -46,12 +51,12 @@ {ref,"17b0f97ea8287b72e8ebbe7132214db182ff1a1d"}}, 0}, {<<"epgsql">>, - {git,"https://github.com/chef/epgsql-1", + {git,"https://github.com/chef/epgsql-1.git", {ref,"34b4182f0e21f9189ddd7b2e290f01a9e7d93bf1"}}, 1}, {<<"erlcloud">>, {git,"https://github.com/chef/erlcloud", - {branch,"lbaker/presigned-headers"}}, + {ref,"27724cc615bb71595e88665ffd3ea083bf51ecb3"}}, 0}, {<<"erlware_commons">>, {git,"https://github.com/chef/erlware_commons", @@ -65,8 +70,14 @@ {git,"https://github.com/chef/folsom_graphite", {ref,"6898a51a6478767b45b9e568274c9ade7d71908d"}}, 0}, - {<<"fs">>,{pkg,<<"fs">>,<<"6.1.1">>},1}, - {<<"goldrush">>,{pkg,<<"goldrush">>,<<"0.1.9">>},1}, + {<<"fs">>, + {git,"https://github.com/synrc/fs", + {ref,"936ba9dcf88186250ecc5995e25154bde44252a1"}}, + 1}, + {<<"goldrush">>, + {git,"https://github.com/DeadZen/goldrush", + {ref,"8f1b715d36b650ec1e1f5612c00e28af6ab0de82"}}, + 1}, {<<"ibrowse">>, {git,"https://github.com/chef/ibrowse", {ref,"d541f7190894734e2b69f4763c3664fb4d6bb9db"}}, @@ -75,19 +86,25 @@ {git,"https://github.com/davisp/jiffy", {ref,"9ea1b35b6e60ba21dfd4adbd18e7916a831fd7d4"}}, 0}, - {<<"jsx">>,{pkg,<<"jsx">>,<<"2.9.0">>},1}, + {<<"jsx">>, + {git,"https://github.com/talentdeficit/jsx", + {ref,"e8d2e01b608e0670a4f82e35ccb5ef3f86115423"}}, + 1}, {<<"lager">>, {git,"https://github.com/erlang-lager/lager", {ref,"a140ea935eae9149bb35234bb40f6acf1c69caa1"}}, 0}, - {<<"lhttpc">>,{pkg,<<"lhttpc">>,<<"1.6.2">>},1}, + {<<"lhttpc">>, + {git,"https://github.com/erlcloud/lhttpc", + {ref,"8e34985a3cd0ac2a7fc2a88a041554c64d33e74b"}}, + 1}, {<<"meck">>, {git,"https://github.com/eproxus/meck", - {ref,"06192a984750070ace33b60a492ca27ec9bc6806"}}, + {ref,"e48641a20a605174e640ac91a528d443be11c9b9"}}, 1}, {<<"mini_s3">>, {git,"https://github.com/chef/mini_s3", - {ref,"e3d368bf2c9e0aff4743574cbc7d8c8472741957"}}, + {ref,"4dd584fce031d35bbe5c4b72a04660b75673ca21"}}, 0}, {<<"mixer">>, {git,"https://github.com/inaka/mixer", @@ -95,7 +112,7 @@ 0}, {<<"mochiweb">>, {git,"https://github.com/mochi/mochiweb", - {ref,"070594e4d66163d662ac7e3bfb75dadcc922dd7c"}}, + {ref,"666ac57d5cad8da0341e53db884855ee9a9805b0"}}, 0}, {<<"neotoma">>, {git,"https://github.com/seancribbs/neotoma", @@ -117,7 +134,10 @@ {git,"https://github.com/chef/opscoderl_wm", {ref,"5436cc600db462226a5d2f3ed585ab39eaf20ee5"}}, 0}, - {<<"poolboy">>,{pkg,<<"poolboy">>,<<"1.5.2">>},1}, + {<<"poolboy">>, + {git,"https://github.com/devinus/poolboy", + {ref,"29be47db8c2be38b18c908e43a80ebb7b9b6116b"}}, + 1}, {<<"pooler">>, {git,"https://github.com/chef/pooler", {ref,"681c355abaacc5487ddf41a84b9ed53151a765fe"}}, @@ -127,13 +147,16 @@ {ref,"f8619006f945eeaeb1725206209ec89a1409575c"}}, 0}, {<<"quickrand">>, - {git,"https://github.com/okeuday/quickrand", + {git,"https://github.com/okeuday/quickrand.git", {ref,"c7eca718faa0d52c097155263dea6c25067396f7"}}, 1}, - {<<"recon">>,{pkg,<<"recon">>,<<"2.5.1">>},1}, + {<<"recon">>, + {git,"https://github.com/ferd/recon/", + {ref,"f7b6c08e6e9e2219db58bfb012c58c178822e01e"}}, + 1}, {<<"sqerl">>, {git,"https://github.com/chef/sqerl", - {ref,"a27e3e58da53240dc9925ec03ecdb894b8231cf9"}}, + {ref,"ebbe4c20ab5cd21041229d22dd60a6b38aa2930c"}}, 0}, {<<"stats_hero">>, {git,"https://github.com/chef/stats_hero", @@ -150,15 +173,4 @@ {<<"webmachine">>, {git,"https://github.com/chef/webmachine", {ref,"1389b01a9fbc25d36aad8956e08d2d0db242625f"}}, - 1}]}. -[ -{pkg_hash,[ - {<<"base16">>, <<"283644E2B21BD5915ACB7178BED7851FB07C6E5749B8FAD68A53C501092176D9">>}, - {<<"eini">>, <<"DFFA48476FD89FB6E41CEEA0ADFA1BC6E7862CCD6584417442F8BB37E5D34715">>}, - {<<"fs">>, <<"9D147B944D60CFA48A349F12D06C8EE71128F610C90870BDF9A6773206452ED0">>}, - {<<"goldrush">>, <<"F06E5D5F1277DA5C413E84D5A2924174182FB108DABB39D5EC548B27424CD106">>}, - {<<"jsx">>, <<"D2F6E5F069C00266CAD52FB15D87C428579EA4D7D73A33669E12679E203329DD">>}, - {<<"lhttpc">>, <<"044F16F0018C7AA7E945E9E9406C7F6035E0B8BC08BF77B00C78CE260E1071E3">>}, - {<<"poolboy">>, <<"392B007A1693A64540CEAD79830443ABF5762F5D30CF50BC95CB2C1AAAFA006B">>}, - {<<"recon">>, <<"430FFA60685AC1EFDFB1FE4C97B8767C92D0D92E6E7C3E8621559BA77598678A">>}]} -]. + 1}]. diff --git a/src/oc_erchef/rebar3 b/src/oc_erchef/rebar3 index bcec2f00a69..ed2a36d577b 100755 Binary files a/src/oc_erchef/rebar3 and b/src/oc_erchef/rebar3 differ