Docs: Puppet 3 Release Notes


Puppet 3 Release Notes

Puppet 3.x Release Notes

For a full description of the Puppet 3 release, including major changes, backward incompatibilities, and focuses of development, please see the long-form Puppet 3 “What’s New” document.

Puppet 3.2.0

3.2.0 is a backward-compatible features and fixes release in the Puppet 3 series. The most notable changes are:

  • An optional, experimental “Future” parser
  • Ruby 2.0 support
  • OpenWRT OS support
  • External CA support
  • A new modulo (%) operator
  • New slow catalog profiling capabilities
  • General improvements and fixes, including improved splay behavior, fixes to the cron type, improvements to the module tool, and some Hiera-related fixes

Experimental “Future” Parser With Iteration

In a first for Puppet, we’re shipping two versions of the Puppet language in one release.

By default, Puppet 3.2 is backward compatible with Puppet 3.1, with only minimal new language features (the modulo operator). However, if you set parser = future in puppet.conf, you can try out new, proposed language features like iteration (as defined in arm-2). See the documents linked above for complete details.

Note that features in the experimental parser are exempt from semantic versioning. They might change several times before being released in the “current” parser.

(Issues 19983 and 11331)

Ruby 2.0 Support

Special thanks to: Dominic Cleal.

Previous releases almost worked on Ruby 2.0; this one officially works.

(Issue 18494)

OpenWRT OS Support

Special thanks to: Kyle Anderson.

OpenWRT is a distribution of Linux that runs on small consumer-grade routers, and you can now manage more of it with Puppet. This requires Facter 1.7.0-rc1 or later, as well as Puppet 3.2. Puppet Labs doesn’t ship any packages for OpenWRT.

New OpenWRT support includes:

  • Facter values:
    • operatingsystem and osfamily will report as OpenWrt
    • operatingsystemrelease will resolve correctly, by checking the /etc/openwrt_version file
    • General Linux facts will generally resolve as expected.
  • Packages:
    • The new opkg provider can install packages and dependencies from the system repositories (set in /etc/opkg.conf), can ensure specific package versions, and can install packages from files.
  • Services:
    • The new openwrt provider can enable/disable services on startup, as well as ensuring started/stopped states. Since OpenWRT init scripts don’t have status commands, it uses the system process table to detect status; if a service’s process name doesn’t match the init script name, be sure to specify a status or pattern attribute in your resources.

(Issue 19877)

External CA Support

Special thanks to: Dustin Mitchell.

We now officially support using an external certificate authority with Puppet. See the documentation linked above for complete details.

If you were stalled on 2.7.17 due to bug 15561, upgrading to 3.2 should fix your problems.

(Issues 15561, 17864, 19271, and 20027)

Modulo Operator

Special thanks to: Erik Dalén.

The new % modulo operator will return the remainder of dividing two values.

(Issue 18950)

Better Profiling and Debugging of Slow Catalog Compilations

Special thanks to: Andy Parker and Chris Price.

If you set the profile setting to true in an agent node’s puppet.conf (or specify --profile on the command line), the puppet master will log additional debug-level messages about how much time each step of its catalog compilation takes.

If you’re trying to profile, be sure to check the --logdest and --debug command-line options on the master — debug must be on, and messages will go to the log destination, which defaults to syslog. If you’re running via Passenger or another Rack server, these options will be set in the config.ru file.

To find the msessages, look for the string PROFILE in the master’s logs — each catalog request will get a unique ID, so you can tell which messages are for which request.

(Issue 17190)

General Improvements and Fixes

Splay Fixes for Puppet Agent

The splay setting promised relief from thundering-herd problems, but it was broken; the agents would splay on their first run, then they’d all sync up on their second run. That’s fixed now.

(Issues 14766 and 18211)

Cron Fixes

Special thanks to: Felix Frank, Stefan Schulte, and Charlie Sharpsteen.

The cron resource type is now much better behaved, and some truly ancient bugs are fixed.

(Issues 593, 656, 1453, 2251, 3047, 5752, 16121, 16809, 19716, and 19876)

Module Tool Improvements

The puppet module command no longer misbehaves on systems without GNU tar installed, and it works on Windows now.

(Issues 11276, 13542, 14728, 18229, 19128, 19409, and 15841)

The calling_module and calling_class pseudo-variables were broken, and automatic parameter lookup would die when it found false values. These bugs are both fixed.

(Issues 14985 and 17474)

Special thanks to: Chris Boot.

In older versions, a source => puppet:///..... URI pointing to a symlink on the puppet master would fail annoyingly. Now Puppet follows the symlink and serves the linked content.

(Issue 7680)

Puppet Apply Writes Data Files Now

Special thanks to: R.I. Pienaar.

Puppet apply now writes the classes file and resources file. If you run a masterless Puppet site, you can now integrate with systems like MCollective that use these files.

(Issue 14544)

All 3.2.0 Changes

See here for a list of all non-trivial changes for the 3.2.0 release.

Puppet 3.1.1

Puppet 3.1.1 is a security release addressing several vulnerabilities discovered in the 3.x line of Puppet. These vulnerabilities have been assigned Mitre CVE numbers CVE-2013-1640, CVE-2013-1652, CVE-2013-1653, CVE-2013-1654, CVE-2013-1655 and CVE-2013-2275.

All users of Puppet 3.1.0 and earlier are strongly encouraged to upgrade to 3.1.1.

Puppet 3.1.1 Downloads

See the Verifying Puppet Download section at: https://projects.puppetlabs.com/projects/puppet/wiki/Downloading_Puppet

Please report feedback via the Puppet Labs Redmine site, using an affected puppet version of 3.1.1: http://projects.puppetlabs.com/projects/puppet/

Puppet 3.1.1 Changelog

  • Andrew Parker (3):
    • (#14093) Cleanup tests for template functionality
    • (#14093) Remove unsafe attributes from TemplateWrapper
    • (#14093) Restore access to the filename in the template
  • Jeff McCune (2):
    • (#19151) Reject SSLv2 SSL handshakes and ciphers
    • (#19531) (CVE-2013-2275) Only allow report save from the node matching the certname
  • Josh Cooper (7):
    • Fix module tool acceptance test
    • Run openssl from windows when trying to downgrade master
    • Remove unnecessary rubygems require
    • Don’t assume puppetbindir is defined
    • Display SSL messages so we can match our regex
    • Don’t require openssl client to return 0 on failure
    • Don’t assume master supports SSLv2
  • Justin Stoller (6):
    • Acceptance tests for CVEs 2013 (1640, 1652, 1653, 1654,2274, 2275)
    • Separate tests for same CVEs into separate files
    • We can ( and should ) use grep instead of grep -E
    • add quotes around paths for windows interop
    • remove tests that do not run on 3.1+
    • run curl against the master on the master
  • Moses Mendoza (1):
    • Update PUPPETVERSION for 3.1.1
  • Nick Lewis (3):
    • (#19393) Safely load YAML from the network
    • Always read request body when using Rack
    • Fix order-dependent test failure in network/authorization_spec
  • Patrick Carlisle (3):
    • (#19391) (CVE-2013-1652) Disallow use_node compiler parameter for remote requests
    • (#19392) (CVE-2013-1653) Validate instances passed to indirector
    • (#19392) Don’t validate key for certificate_status
  • Pieter van de Bruggen (1):
    • Updating module tool acceptance tests with new expectations.

Puppet 3.1.0

For a full description of all the major changes in Puppet 3.1, please see the list of new features in Puppet 3.1.

All Bugs Fixed in 3.1.0

Use the Puppet issue tracker to find every bug fixed in a given version of Puppet.

Puppet 3.0.2

3.0.2 Target version and resolved issues: https://projects.puppetlabs.com/versions/337

Puppet 3.0.1

3.0.1 Target version and resolved issues: https://projects.puppetlabs.com/versions/328

Puppet 3.0.0

For a full description of the Puppet 3 release, including major changes, backward incompatibilities, and focuses of development, please see the long-form Puppet 3 “What’s New” document.

All Bugs Fixed in 3.0

Use the Puppet issue tracker to find every bug fixed in a given version of Puppet.

↑ Back to top