Skip to main content

Deprecation: Local Mode Listen (CHEF-18)

[edit on GitHub]

When using chef-client Local Mode, there are two ways to launch the internal Chef Zero server. Originally we launched it as a normal network service on localhost and then connected to it as per normal. Unfortunately this meant that any user or process on the machine could also connect to the Zero server during the converge and because Chef Zero has no authentication or authorization systems, they could potentially alter data mid-converge. We later added a “socketless” mode, which runs the Zero server completely internally and never exposes it on a real socket.

Remediation

If you need to re-enable socket mode for now, you can run chef-client –local-mode –listen or set knife[:listen] = true in your .chef/knife.rb or .chef/config.rb.

Was this page helpful?