Continuous Delivery for PE release notes

Sections

These are the new features, enhancements, resolved issues, and deprecations for the Continuous Delivery for Puppet Enterprise (PE) 3.x release series.

To upgrade to the Continuous Delivery for PE 3.x series from a version in the 2.x series, see Upgrading to 3.x.

Version 3.4.1

Released 23 March 2020

Resolved in this release:
  • Webhook-triggered jobs no longer fail for GitLab users.

Version 3.4.0

Released 18 March 2020

New in this release:
  • Use any node with a Puppet agent installed as job hardware. You can now run your Continuous Delivery for PE jobs on any node with a Puppet agent installed. For instructions on configuring new job hardware, see Configure job hardware running a Puppet agent. For instructions on migrating your existing job hardware servers, see Migrate job hardware.
    Note: To successfully configure a Puppet agent node, you must install the puppetlabs-cd4pe_jobs module and ensure the Continuous Delivery user role in PE can run the cd4pe_jobs::run_cd4pe_job task. See the documentation linked above for instructions.
  • Cancel an in-progress impact analysis task. You can now cancel any scheduled or in-progress impact analysis task from the impact analysis details page.
  • Usability improvements. Version 3.4.0 introduces several improvements to the design and usability of the web UI, including:
    • Clearer messaging in impact analysis reports and the removal of unhelpful "diff is too large" messages.
    • Deployments are no longer labeled FAILED when a deployment approval request is declined.
    • The Control Repos page now show 10 control repos per page, and the Modules page now shows 10 modules per page.
    • For deployments that require approval, the Approve and Decline buttons now vanish after an approval decision is provided.
    • Deployments that are awaiting approval now show a PENDING APPROVAL label instead of a RUNNING label in the Events timeline.
    • You can now enter either an IP address or hostname in the Puppet Enterprise Console Address field when adding new PE credentials.
  • Logging improvements. Version 3.4.0 introduces several improvements to the Continuous Delivery for PE logs, including:
    • LDAP queries and replies are now included in the logs.
Resolved in this release:
  • The GitHub access_token query parameter, which has been deprecated by GitHub, is no longer used by Continuous Delivery for PE in requests to the GitHub API.
  • If the value of a port parameter in the puppet_enterprise class in the PE Infrastructure node group is set as a string, automatic integration of PE no longer fails.
  • All events in a stage of a pipeline run no longer show the same timestamp.
  • Version 3.4.0 resolves CVE-2020-7944. When you add a new resource or class with sensitive parameters, impact analysis reports redact the plain text values of the sensitive parameters.
Deprecated in this release:
  • Support for the Continuous Delivery agent on job hardware. As part of our effort to simplify the Continuous Delivery for PE setup process and prioritize the tools PE users already have in place, support for the Continuous Delivery agent is deprecated in version 3.4.0, and will be removed in a future release. For more information, see Migrate job hardware.
Removed in this release:
  • Support for Puppet Enterprise version 2019.1. PE 2019.1 has reached the end of its support lifecycle.
  • Hardware Agents. As part of the deprecation of the Continuous Delivery agent, we've removed the Hardware Agents page from Settings.

Version 3.3.0

Released 19 February 2020

New in this release:
  • Include Bolt tasks in custom deployment policies. You can now include Bolt tasks in the custom deployment policies you run in your Continuous Delivery for PE pipelines. If necessary, you can disable tasks by setting enable_pe_plans: false in the config section of the .cd4pe.yaml file for the impacted control repo or module. For more on tasks, see Tasks and plans in PE.
    CAUTION: Custom deployment policies are a beta feature. As such, they may not be fully documented or work as expected; please explore them at your own risk.
  • Logging improvements. Version 3.3.0 introduces several improvements to the Continuous Delivery for PE logs, including:
    • Information about control repo activities is now included in the logs.
    • Impact analysis information about file changes, module changes, and changed Hierakeys is now included in the logs.
    • To reduce unnecessary noise in the logs, log messages regarding dependency checking during pipeline runs are no longer included unless the logging level is increased to TRACE.
    For more about the Continuous Delivery for PE logs, see Troubleshooting.
Resolved in this release:
  • Impact analysis reports that include Hiera data changes no longer include information on nodes impacted by the Hiera data change that are outside the selected environment.
  • Module deployments using the feature branch policy no longer trigger the control repo pipeline associated with the feature branch policy.
  • If a custom Docker image in the format <IMAGE>:<VERSION> is included in a job, webhooks for that job now fire correctly.

Version 3.2.1

Released 5 February 2020

Resolved in this release:
  • CVE-2020-7238. This Netty vulnerability has been resolved.

Version 3.2.0

Released 4 February 2020

New in this release:
  • Feature branch deployment policy support for modules managed as code. Deployments using the feature branch deployment policy can now be included in a module regex branch pipeline that is managed with a .cd4pe.yaml file.
  • Store custom deployment policies in /site. Continuous Delivery for PE now looks for custom deployment policies in the /site directory of your control repo as well as in the /module and /site-module directories.
  • Usability improvements. Version 3.2.0 introduces several improvements to the design and usability of the web UI, including:
    • When LDAP is enabled, the login screen asks for an LDAP username instead of an email address. This LDAP username maps to the User attribute setting from your LDAP configuration.
    • The YAML code validation tool shows an error message if your pipeline's YAML code includes an invalid regular expression.

Resolved in this release:

  • The deployment_policy_branch parameter is now correctly applied when it is included in a .cd4pe.yaml file.
  • Approval request emails are now delivered to members of the approval group.
  • An appropriate message is shown in the web UI when a deployment approval request is declined.

Version 3.1.1

Released 28 January 2020

Resolved in this release:
  • CVE-2019-16869. This Netty vulnerability has been resolved.

Version 3.1.0

Released 22 January 2020

New in this release:
  • Delete users. Super users and the root user can now permanently delete user accounts from your Continuous Delivery for PE installation. Perform this action with caution: deleting a user also deletes all artifacts created by that user in Continuous Delivery for PE, including workspaces, jobs, integrations, pipelines, control repos, and module repos. For more information, see Delete a user.
  • Impact analysis includes Hiera data referenced in root-level hiera.yaml files. Impact analysis reports now include changes to the Hiera data housed in locations referenced in the hiera.yaml file located at the root level of your control repo or module repo. If your control repo or module repo does not include a hiera.yaml file at the root level, Continuous Delivery for PE will fall back to analyzing Hiera changes in the /data and /hieradata directories.
  • Usability improvements. Version 3.1.0 introduces several improvements to the design and usability of the web UI, including:
    • Better handling of long pipeline names.
    • Clearer messaging when creating a regex branch pipeline.
    • Validation of the selected Docker image name when a new Docker-based job is created.
    • An improved experience and clearer error message if a deployment fails because the target environment node group contains no nodes.
Resolved in this release:
  • Impact analysis tasks can now be included in a module pipeline that is managed with a .cd4pe.yaml file.
  • If a code manager task fails during a deployment attempt, the deployment details page now shows a FAILED status for that event instead of a DONE status.
  • Newly created Docker-based jobs now use the correct default Docker image name.
  • A duplicate description field is no longer present when you configure a manual deployment for a module.
  • The associated control repo is automatically selected when you create an impact analysis stage in a module's pipeline.
  • A deployment to a protected environment no longer shows a PENDING status after the deployment is approved.
  • A Bolt error no longer occurs if a deployment using the temporary branch deployment policy is cancelled prior to the approval step.
  • When Continuous Delivery for PE fails to correctly parse a .cd4pe.yaml file, it logs the parsing error in the application logs and displays it in the web UI.
  • The status of Puppet runs is now correctly displayed on each deployment's details page.
Security notice:
  • CVE-2019-16869 is detectable in version 3.1.0. A security scanner may detect a Netty vulnerability with a 5.0 CVSS score in Continuous Delivery for PE. However, Continuous Delivery for PE does not exercise the vulnerable code path and so is not vulnerable.
Deprecated in this release:
  • Support for MySQL and DynamoDB external databases. As part of our effort to streamline the installation process and ensure Continuous Delivery for PE meets performance standards, support for MySQL and Amazon DynamoDB external databases is deprecated in version 3.1.0, and will be removed in a future release. Before support ends, we'll provide information about how to migrate your external database to a supported option.

Version 3.0.2

Released 19 December 2019

Resolved in this release:
  • Deployments failed for any module regex branch deploying to a PE instance using prefixed environments where the selected prefix was "No prefix."
    Note: If you created a deployment of this type while using Continuous Delivery for PE version 3.0.0 or 3.0.1, you must delete and recreate the deployment for it to work properly.
  • In control repo regex branch pipelines that were converted to management with code, deployments using the feature branch deployment policy failed validation.
  • Module deployments could not be canceled.
  • Control repo and module regex branch pipelines that are managed with code did not trigger correctly.
  • Environment prefixes were not added to target environment names in deployments using the feature branch deployment policy from control repos. As a result, these deployments were not completed correctly.
  • When a root or super user updated the Docker image used as global shared job hardware, the updated image was not used for jobs running on the shared job hardware.

Version 3.0.1

Released 16 December 2019

Resolved in this release:
  • If you attempted to manage a pipeline as code that included a deployment using the feature branch policy, a Parameter specified as non-null is null error occurred and the pipeline did not successfully transition to management with code.
  • Continuous Delivery for PE did not correctly default to looking for custom deployment policy files on the Production branch if a branch had not been set explicitly.

Version 3.0.0

Released 11 December 2019

New in this release:
  • Construct and manage your pipelines as code. You now have the option to use a .cd4pe.yaml file housed in your control repo or module repo to construct, update, and manage your pipelines. Managing pipelines with code creates a version-controlled record of pipeline changes over time. For more information, see Constructing pipelines from code.
  • View Hiera changes in impact analysis reports. When you update a YAML file in your Hiera data directory, impact analysis reports will now report what systems will be impacted and how their desired state will change. For the first version of this feature, Continuous Delivery for PE analyzes changes in /data and /hieradata directories in your control repo or module.
    Important: Hiera changes in impact analysis reports are only supported on PE 2019.2.0 and newer versions.
  • Usability improvements. Version 3.0.0 introduces several improvements to the design and usability of the web UI, including:
    • A redesigned deployment details view featuring a new sequential list of the events that make up a deployment, with details about each event.
    • An updated pipelines design with clearer controls and a refreshed color palette.
    • A new Manual actions selector used for initiating on-demand impact analysis reports, deployments, or pipeline runs.
  • Improved deployment approval messaging. The message sent to designated deployment approvers now contains more information about the proposed deployment, including the URL of the module or control repo, the name of the user who initiated the deployment, the name of the pipeline, and a list of the commits included in the deployment.
  • Fewer stacktrace exceptions included in log files. We've reduced the number of stacktrace exceptions that resulted from checking for dependencies and approvals. You'll no longer see long stacktrace errors for the following:
    com.puppet.pipelines.cdpe.cdpeTaskUtils.CDPETaskInterruptedException: Dependency check attempt maxtime exceeded.
    com.puppet.pipelines.cdpe.cdpeTaskUtils.CDPETaskInterruptedException: Approval check attempts maxiumum exceeded. Thread should yeild and try again.
Special beta feature in this release:
  • Custom deployment policies. We've learned from our users that the deployment policies built into Continuous Delivery for PE don't always align with the deployment work you need to do. In response, we're introducing the ability to compose your own set of steps for deploying Puppet code. For more information, see Creating custom deployment policies.
    CAUTION: Custom deployment policies are a beta feature. As such, they may not be fully documented or work as expected; please explore them at your own risk.
Resolved in this release:
  • The name of the default Docker container is now consistently shown in the Docker Image Name field on the job creation page if no other Docker image is defined.
Security notices:
  • CVE-2019-16869 is detectable in version 3.0.0. A security scanner may detect a Netty vulnerability with a 7.5 CVSS score in Continuous Delivery for PE. However, Continuous Delivery for PE does not exercise the vulnerable code path and so is not vulnerable.
  • Sonatype-2019-0115 is detectable in version 3.0.0. This vulnerability is detected by the Sonatype Nexus scanner. However, Continuous Delivery for PE does not use the library that triggers the vulnerability and so is not vulnerable.
Removed in this release:
  • Incremental branch and blue-green branch deployment policies. We've removed the incremental branch and blue-green branch deployment policies. If your pipeline included a deployment using one of these policies, the deployment has been removed from the pipeline. These policies were deprecated in Continuous Delivery for PE version 2.7.0.
  • Module deployment reports. We've removed this feature from version 3.x.
How helpful was this page?
Puppet sites use proprietary and third-party cookies. By using our sites, you agree to our cookie policy.