Comments (15)
Thanks for the details & legwork @btm
@jessehu we're looking into this internally and should have further news in the next day or so.
from omnibus-chef-server.
@marcparadise many thanks . Looking forward to the good news!
from omnibus-chef-server.
I don't think the arguments for not upgrading ruby in the 11.x client apply in the same way here, fwiw. Our concern there was that users' code might break given the upgrade from 1.9 to 2.1.
from omnibus-chef-server.
@thommay, @mp, can we just use the current channel of our apt / yum repos to distribute a version with a new openssl in the short term?
from omnibus-chef-server.
We can get a build out on packagecloud with the updated openssl in short order. I've got that in flight now and will update here when it's available.
@JessHu This will not be a formal release, but will contain the fix you need to unblock your deployment.
Is upgrading to Chef Server 12 is an option for you instead? Aside from new features, it has newer versions of many base components (such as solr 4 instead of 1.4 - which is out of support and has unpatched security issues).
If you already have Chef Server 11.1.x or later installed, the upgrade path is relatively straightforward:
http://docs.chef.io/upgrade_server.html#from-chef-server-osc
With additional information here:
https://docs.chef.io/upgrade_server_open_source_notes.html
There are two things to ensure before an upgrade:
- Chef Server 11.1.0 (or later) to CS12 is the only supported upgrade path - if you're on a CS 11.0.x, you would first need to upgrade to 11.1.6
- All cookbooks must have the 'name' attribute set in metadata.rb.
from omnibus-chef-server.
The change has been completed and passed CI. Once the next nightly is available with this update, I'll post a link. Here's the PR: #105
from omnibus-chef-server.
Thanks @marcparadise a lot. Can the postgresql 9.2.9 be updated to 9.2.10 ? It also a critical security issue for us.
from omnibus-chef-server.
@marcparadise, one of our engineers tried to upgrade to Chef Server 12 but met some issue. So we decided to stick to Chef Server 11, and Chef Server 12 might be the last choice. Since OpenSSL 1.0.1m and postgresql 9.2.10 can be packaged in new Chef Server 11, we will still use Chef Server 11.
from omnibus-chef-server.
I am 👍 for upgrading ruby to a non-eol version (2.x?) EOL means no security fixes, and managing the risk of that seems far easier to handle in a non-emergency time than when a high risk issue drops. That's my two cents worth if anyone cared to hear it.
from omnibus-chef-server.
Hi @marcparadise, where can I get the nightly build which contains the openssl 1.0.1m and postgresql 9.2.10 ?
from omnibus-chef-server.
@jessehu Apologies for yet another round of questioning, but when reading through this thread, it occurred to me: Are you targeting Open Source Chef Server 11 or Enterprise Chef Server 11?
Nightlies of the open source build with the upgraded nginx and postgresql can now be found on package cloud. Here is the package from ubuntu:
from omnibus-chef-server.
Thanks @stevendanna, I want Open Source Chef Server 11 for Redhat RHEL 5 x86_64. What's the download URL?
from omnibus-chef-server.
I find it on https://packagecloud.io/chef/current . Will test it in my env. When will the formal release 11.1.7 annouced and avaible for download ?
from omnibus-chef-server.
Hi @marcparadise , I'm now using chef-12.4.1-1.el6.x86_64 and found the following files. I'm a little confused whether /opt/chef/embedded/lib/libssl.so.1.0.0 is the openssl 1.0.1m. BTW, will a new Chef Client 12 version which contains openssl 1.0.1p delivered in 1 or 2 weeks ?
$ ll /opt/chef/embedded/lib/libssl*
-rw-r--r-- 1 root root 749714 Jul 7 14:40 /opt/chef/embedded/lib/libssl.a
lrwxrwxrwx 1 root root 15 Sep 9 11:01 /opt/chef/embedded/lib/libssl.so -> libssl.so.1.0.0
-r-xr-xr-x 1 root root 483887 Jul 7 14:40 /opt/chef/embedded/lib/libssl.so.1.0.0
$ grep openssl /opt/chef/version-manifest.txt
openssl 1.0.1m md5:d143d1555d842a069cb7cc34ba745a06
openssl-customization 12.4.1
from omnibus-chef-server.
The latest chef-12.4.3-1.el6.x86_64 released last week contains OpenSSL 1.0.1p. Thank you all.
from omnibus-chef-server.
Related Issues (8)
- chef-server-ctl reconfigure does not create symlinks for runit HOT 10
- Chef server does not rotate NGINX logs HOT 5
- Built-in runit cookbook shouldn't use upstart under docker HOT 4
- Can we make nginx listen addresses configurable? HOT 3
- Unable to perform a generic database dump with pg_dump HOT 3
- installing add-ons produces weird output HOT 1
- current master doesn't build HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from omnibus-chef-server.