This page lists known issues for Puppet and Puppet services in Puppet Enterprise.
This version of PE includes Puppet version 4.10.8. Refer to the Puppet release notes for more information.
bbe This version of PE includes Puppet agent version 1.10.8. Refer to the Puppet agent release notes for more information.
After installing PE, the commands in the PE client tools will not be available on the PATH until you restart your shell.
Due to changes in the Puppet DSL for Application Orchestration, the following words have been reserved in the Puppet language:
Like all reserved words, you can’t use these as unquoted strings or as names for classes, defined types, resource types, or custom functions.
If enable Application Orchestration and use these words, you’ll encounter a parser error.
environment.confnot valid in PE 2015.2
If you enabled the Puppet 4 language parser in PE 3.8.x by setting
parser=future in any
environment.conf files, you’ll see warning messages during your upgrade, as this setting is no longer valid. After you upgrade, remove this setting from any
enable_future_parserparameter after upgrading
If you enabled the Puppet 4 language parser in PE 3.8 via the console, Hiera, or a third-party classification tool, after upgrading you must use the console to remove the
enable_future_parser paramater from the
puppet_enterprise::profile::master class, as this parameter is deprecated.
/opt/staging/is no longer used
In PE 2015.2, the
/opt/staging/ directory is no longer used. Because users may have used either the
nanliu-staging modules, we did not delete the directory. If you are not using the directory, it is safe to delete it.
lsbmajdistreleasefact affects some manifests
In Facter 2.2.0, the
lsbmajdistrelease fact changed its value from the first two numbers to the full two-number.two-number version on Ubuntu systems. This might break manifests that were based on the previous behavior. For example, this fact changed from:
This change affects Ubuntu and Amazon Linux.
allow_no_actionpolicyparameter to enforce MCollective action policies
The MCollective ActionPolicy plugin is installed by default in PE. Within the configuration of MCollective, there is a setting that can be used to enforce the use of this ActionPolicy. By default this setting (
plugin.actionpolicy.allow_unconfigured) is hardcoded to
1. Unfortunately this prevents you from enforcing the use of configured Action Policies.
To change this setting, use the PE console to edit the value of the
allow_no_actionpolicy parameter of the
puppet_enterprise::profile::mcollective::agent class located in the PE MCollective node group. To allow ActionPolicy, enter
"0". (Be sure to use quote marks, as Puppet expects a string for this value.)
Enabling ActiveMQ’s use of the NIO protocol in PE can improve the speed at which messages are sent across your deployment. However, when this is enabled, any parameters that you define for which SSL protocols to use will be ignored, and SSL version 3 will be enabled. Apache has fixed this bug, but they have not yet released a version of ActiveMQ that contains the fix. For more information, refer to their public ticket.
Considering security over performance, PE 2015.2 ships with NIO disabled. You can enable it with the following procedure:
puppet_enterprise::profile::amq::brokerin the list of classes.
openwire_protocol, and in the value field add nio+ssl.
stomp_protocol, and in the value field add stomp+nio+ssl.
site.ppmust be duplicated for each environment
You can no longer have a universal or global
site.pp. The default main filebucket is configured as a resource default in
site.pp. This means that
site.pp must be duplicated for each environment. See the Puppet environments documentation for more information.
puppet module list --treeshows incorrect dependencies after uninstalling modules
If you uninstall a module with
puppet module uninstall <module name> and then run
puppet module list --tree, you will get a tree that does not accurately reflect module dependencies.
When attempting to use the PMT on Solaris 10, you’ll get an error like the following:
Error: Could not connect via HTTPS to https://forgeapi.puppetlabs.com Unable to verify the SSL certificate The certificate may not be signed by a valid CA The CA bundle included with OpenSSL may not be valid or up to date
This error occurs because there is no CA-cert bundle on Solaris 10 to trust the Puppet Forge certificate. To work around this issue, we recommend that you download directly from the Forge website and then use the Puppet module tool to install from a local tarball.