Continuous Delivery for PE known issues

These are the known issues for the Continuous Delivery for PE 4.x release series.

Impact analysis tasks fail when using the satellite_pe_tools module

When using the satellite_pe_tools module with Continuous Delivery for PE, impact analysis tasks fail with a "Internal Server Error: org.jruby.exceptions.RuntimeError: (Error) PuppetDB not configured, please provide facts with your catalog request" error. This issue occurs because the API endpoint used to collect facts during impact analysis tasks errors if the fact_terminus parameter is set to satellite or any value other than puppetdb. This issue is resolved in the versions of Puppet Server included in PE versions 2021.4 and 2019.8.9.

Impact analysis tasks fail when using Puppet Enterprise versions 2021.2 or 2019.8.7

Impact analysis fails with a R10K::Module::Forge cannot handle option ‘default_branch_override’ error. If you're using PE version 2021.2 or 2019.8.7, you must update the pe-r10k package by following the instructions in this Puppet Support article to continue to use impact analysis. After you update the package, you can update to future versions of PE using the installer as normal.

Preflight check failure when using Puppet Application Manager versions 1.19 or 1.20

Puppet Application Manager versions 1.19 and 1.20 display an Analyzer Failed: invalid analyzer error during the preflight checks when deploying a new version of Continuous Delivery for PE. This error relates to analyzers supported by version 1.24 and newer versions of the Puppet Application Manager. The error can be safely ignored. To resolve the failure and take advantage of the new preflight checks, upgrade Puppet Application Manager to the latest version.

Deployments might time out on node groups with complex rules

When using a built-in deployment policy other than the eventual consistency policy to deploy changes to a node group with highly complex rules, the deployment times out in some cases.

A PE instance cannot be integrated if dns_alt_names is not set on the master certificate

If the Puppet master certificate for your PE instance does not have dns_alt_names configured, attempting to integrate the instance with Continuous Delivery for PE fails with a We could not successfully validate the provided credentials against the Code Manager Service error. The master certificate must be regenerated before PE is integrated with Continuous Delivery for PE. For instructions, see Regenerate master certificates in the PE documentation.

Jobs fail when using chained SSL certificates on Windows

If you are using Continuous Delivery for PE with SSL configured to use chained certificates, attempts to run jobs on Windows job hardware will fail.

Purging unmanaged firewall rules with the puppetlabs-firewall module deletes required firewall settings

If your Continuous Delivery for PE node uses the puppetlabs-firewall module to manage its firewall settings, and if a resources { 'firewall': purge => true } metaparameter is set on the node or at a higher level, Puppet will remove the unmanaged Docker firewall rules Continuous Delivery for PE requires to run successfully. To work around this issue, disable unmanaged firewall rule purging for your Continuous Delivery for PE node by changing the metaparameter to resources { 'firewall': purge => false }.

Custom deployment policies aren't initially shown for new control repos

When your first action in a newly created control repo is to add a deployment to a pipeline, any custom deployment policies stored in the control repo aren't shown as deployment policy options. To work around this issue, click Built-in deployment policies, then Custom deployment policies to refresh the list of available policies.