- New features in PE 2017.2.4
- Enhancements in PE 2017.2.4
- New features in PE 2017.2.3
- Enhancements in PE 2017.2.3
- New features in PE 2017.2.2
- Enhancements in PE 2017.2.2
- New features in PE 2017.2
- Enhancements in PE 2017.2
- Deprecations and removals in PE 2017.2
- Related release notes
This page describes new features, enhancements, and deprecations in this Puppet Enterprise (PE) release.
For more information about this release, see:
Tip: This PE release contains several components that have additional release notes. Refer to Related release notes for more information.
New features in PE 2017.2.4
Enhancements in PE 2017.2.4
Purge nodes without a restart
You can now purge nodes without running Puppet on your master and reloading it. However, if you use compile masters, you must still run Puppet on all compile masters in order to revoke a node’s certificate and have the change take effect.
Windows agent installation secured with manually-transferred cert
You can now securely install Windows agents by installing using a certificate.
New Puppet agent platforms
This release adds support for the Puppet agent on Debian 9 (Stretch).
New features in PE 2017.2.3
Enhancements in PE 2017.2.3
Secured database connections
Connections to PE databases can now be made only with certificates. Usernames and passwords are no longer allowed by default.
PuppetDB now uses 14 days for a default “time-to-live” value (
node-purge-ttl) before it deletes nodes that have been deactivated or expired. This default can be changed as needed.
New Puppet agent platforms
PE now supports Puppet agents on the following new platforms:
- Ubuntu 16.04 (ppc64le)
- Enterprise Linux 7 (ppc64le)
- Amazon Linux 2017.03 (using packages for RHEL 6)
New features in PE 2017.2.2
Enhancements in PE 2017.2.2
Secured agent installation with a manually transferred certificate
On Redhat, Ubuntu, SLES, Solaris, and AIX platforms, if you manually transfer CA certificates to agents and install using the
--cacert flag to point to the master CA, subsequent downloads invoked by the installation script are now secured.
Classifier node-check-in purge optimization
The PE classifier node-check-in purge has been optimized for speed and performance.
Garbage collection of completed code deployments
We’ve added a new Code Manager parameter,
deploy-ttl. This parameter specifies the length of time completed deployments are retained before garbage collection, which is important to ensuring consistent Code Manager performance over time.
New features in PE 2017.2
Orchestrator in the console
You can now set up orchestrator jobs in the console. You can create node lists, either static or using Puppet Query Language, on which to run Puppet.
With orchestrator integrated into the console, you can set up jobs with ease, and use the console’s reporting and infrastructure monitoring tools to review jobs and dig deeper into node run results.
See Running jobs in the console for details.
Packages inventory in the console
View an inventory of all packages installed on your nodes, and learn which nodes are using each package version. Use this data when determining which nodes are impacted by packages eligible for maintenance updates, security patches, and license renewals. Package inventory reporting is available for all nodes with a Puppet agent installed, including systems that are not actively managed by Puppet.
Package data collection is turned off by default. To turn on package data collection and use this feature, see Viewing all packages in use.
PE is now available in Japanese
As part of our ongoing commitment to PE users in Japan, PE 2017.2 features Version 1 of Puppet Enterprise (Japanese).
Version 1 of Puppet Enterprise (Japanese) includes a Japanese GUI, and localization of the following services and resources into Japanese.
- Messages and responses in the Classifier, Role-Based Access Control (RBAC), Activity, and Orchestrator services. These messages are displayed when you query the API endpoints for each service.
- Instructions and messages in the PE web-based installer.
- Messages displayed when using the Orchestrator command line tool.
- The Puppet Forge home page.
- The Beginner’s Guide to Modules.
- The Puppet Language Style Guide.
- Module READMEs and descriptions for seven Puppet-supported modules (NTP, SQL Server, Stdlib, AWS, Tomcat, MySQL, and Tagmail). View the Japanese READMEs on the Puppet Forge by setting your browser language preference to Japanese. You can also find them in your modules directory. The default location is ./readmes/README_ja_JP.md.
- User documentation for Roles and profiles, PE overview pages, and PE release notes.
Puppet Enterprise (Japanese) is included in the same tarball as the English version of PE. To view the PE installer, console, and the Puppet Forge in Japanese, set your web browser language preference to Japanese. To view API messages and command line tool messages in Japanese, set your system locale preference to Japanese. If you already have your browser and system preferences set to Japanese, the Japanese strings are displayed automatically.
We have also improved UTF-8 character encoding support in PE and in the Puppet components and services that are used with PE.
Enhancements in PE 2017.2
Console and console services enhancements
The console now redirects to HTTPS when you attempt to connect over HTTP. The pe-nginx webserver now listens on port 80 by default.
You can disable the HTTPS redirect in Hiera.
Previously, the node classifier service stored a check-in for each node when its classification was requested. The check-in included an explanation of how the node matched the rule of every group it was classified into. This functionality created performance issues when managing a large deployment of nodes. The check-in storage is still available, but it’s now disabled (
false) by default.
You can enable this by setting
truein the console.
In this release, you can determine the amount of time that should pass after a node sends its last report before it is considered unresponsive. Set an integer to specify the value in seconds. The default is 3600 seconds (one hour).
puppet_enterprise::console_services::no_longer_reporting_cutoffin the console.
ping_intervalsetting controls how long PXP agents will ping PCP brokers. If the agents don’t receive responses, they will attempt to reconnect. The default is 120 seconds (two minutes).
puppet_enterprise::pxp_agent::ping_intervalin the console.
We’ve redesigned the console’s navigation pane, and reduced its width by half.
Quickly access the run report associated with a particular event by using the View run report link that now appears on the Events detail page.
The fact value filters on the Overview and Reports pages now display warning messages if you attempt to use an invalid regular expression, invalid string operator, or empty fact name.
Puppet orchestrator enhancements
The Puppet orchestrator communicates with PCP brokers on compile masters on port 8143 and sends job-related messages to the brokers, which are then relayed by the brokers to PXP agents. As you add compile masters, you’re able to scale the number of PCP brokers that can send orchestration messages to agents. See Configure compile masters for orchestration scale for instructions.
In High Availability installations, you can now configure PXP agents to communicate with compile masters, instead of just the master or replica, using the new
Use the PXP agent log file to debug issues with the Puppet orchestrator. You can change its location from the default as needed.
pe-puppetserverservice now defaults to an open file limit of
12000to support orchestrator scale with PCP brokers.
Code Manager enhancements
We’ve added a new flag,
--dry-run, to the
puppet-codecommand. When you run
puppet-codewith this flag, it tests connections to your control repos and returns a consolidated list of all environments in the control repos.
The behavior of the
--waitflag used with the
puppet-codecommand has been updated to improve accuracy and completeness of reporting. Previously,
--waitreturned results after deploying code to the code-staging directory. The flag now waits for file sync to also deploy code to the live code directory on all compile masters before returning results.
Due to this updated behavior, running
--waittakes a minimum of 10 seconds longer than in previous PE versions. In deployments that are geographically dispersed or have a large quantity of environments, completing code deployment can take up to several minutes.
Puppet Enterprise collects data about your PE installation and sends it to Puppet so we can improve our product. In addition to previously collected analytics, we now also collects basic information about:
- Puppet Server performance
- Cloud platform and hypervisor use
- Use of MCollective and non-default user roles
- JVM memory usage
- Certificate autosign setting
For details about what data we collect and how to opt out, see Puppet Enterprise analytics data collection.
For those with security compliance needs, PE now supports disabling TLSv1. Services in PE support TLS versions 1, 1.1, and 1.2.
The MCollective package agent plug-in helps you install packages from any source (including a URL) and does not require that the packages are signed. This provides a
peadminuser the ability to execute arbitrary code on any MCollective server.
A default action policy has been put into place in PE that disallows using the package
purgeactions. The policy can be modified and additional action policies can be added using the
puppet_enterprise::profile::mcollective::agent::allowed_actionsparameter to specify agent plug-ins you want to apply an action policy to, and a list of the actions you want to explicitly allow.
MCollective client keys are now labeled sensitive and will not be stored in PuppetDB.
- This version adds support for the Razor client on Windows 2016 Servers and adds new Puppet-supported tasks for SLES 11 and 12 and Windows 2016.
Previously, compile masters downloaded agent packages from puppet.com to make them available for agent installs, meaning they had to reach the internet to retrieve those packages. Compile masters now retrieve agent packages directly from the master of masters.
Java garbage collection logs can help you diagnose performance issues with JVM-based PE services. Garbage collection logs are now enabled by default in PE, and the results are captured in the support script, but you can disable them if you need to.
To help with troubleshooting, you can customize the MCollective client logging level either in the console or in
errorinstead of the default
Deprecations and removals in PE 2017.2
We’ve removed the previously unsupported option to disable file sync while Code Manager remains enabled.
This release deprecates the
file_sync_auto_commitCode Manager parameters. PE ignores these parameters and raises a warning if you have set them.
Platforms reaching end of support
RHEL 4, Fedora 23, and Ubuntu 12.04 have reached end-of-life (EOL).
Refer to the system requirements for a list of platforms that will soon be EOL.
Refer to the Puppet Enterprise support life cycle for a list of support dates for our latest versions.
Related release notes
Puppet release notes
This version of PE includes Puppet version 4.10.8. Refer to the Puppet release notes for more information.
Puppet agent release notes
This version of PE includes Puppet agent version 1.10.8. Refer to the Puppet agent release notes for more information.
PuppetDB release notes
This version of PE includes PuppetDB version 4.4.2. Refer to the PuppetDB release notes for more information.
Puppet Server release notes
This version of PE includes Puppet Server version 2.7.3. Refer to the Puppet Server release notes for more information.