Puppet Enterprise 2019.0

  1. Installation and upgrade known issues
    1. Upgrade failures cause the pe-installer package to uninstall
    2. pe_bootstrap module fails to install agents if cacert_content parameter is supplied when executing task through the console 
    3. Reinitializing a replica after upgrade fails
    4. PE upgrade to 2019.0.2 crashes for Continuous Delivery for Puppet Enterprise users with impact analysis enabled
    5. Web-based installation requires a second Puppet run to fully install PE services
  2. High availability known issues
    1. Reinitializing a replica after upgrade fails
    2. Enabling a new replica using a previous master fails with autosign enabled
  3. Orchestration services known issues
    1. Orchestrator fails when rerunning tasks on agentless nodes
  4. Permissions known issues
    1. Setting node group environment requires Edit configuration data permission
  5. SSL and certificate known issues
    1. Regenerating master certificates fails if the command conflicts with automatic backups
    2. Regenerating agent certificates fails with autosign enabled
  6. Code management known issues
    1. Default SSH URL with TFS fails with rugged error
    2. GitHub security updates may cause errors with shellgit
    3. Timeouts when using --wait with large deployments or geographically dispersed compile masters
    4. r10k with the Rugged provider can develop a bloated cache
    5. Code Manager and r10k do not identify the default branch for module repositories
    6. After an error during the initial run of file sync, Puppet Server won't start
    7. Puppet Server crashes if file sync can't write to the live code directory
  7. Backup and restore known issues
    1. Backup fails with File changed as we read it error
    2. Restore fails if /tmp folder is too small
    3. Restore resets master DNS altnames
    4. Restoring the pe-rbac database fails with the puppet-backup restore command
    5. puppet-backup fails if gems are missing from the master's agent environment
  8. Internationalization known issues
    1. ASCII limitations
    2. Ruby can corrupt the path fact and environment variable on Windows

These are the known issues in PE 2019.0.

Tip: We cleaned up known issues in this version of the PE docs, removing obsolete issues and incorporating workarounds for issues we can't or won't fix into relevant sections of the docs. 

Installation and upgrade known issues

These are the known issues for installation and upgrade in this release.

Upgrade failures cause the pe-installer package to uninstall

If any failure occurs during your upgrade of PE, the pe-installer package is automatically uninstalled. To work around this issue, use your package manager to manually reinstall the pe-installer package from the tarball of the release you're upgrading from, and restart the upgrade.

pe_bootstrap module fails to install agents if cacert_content parameter is supplied when executing task through the console 

Running the the pe_bootstrap::linux task in the console and supplying the cacert_content parameter for a secure agent installation mangles the ca.pem certificate file, preventing the installation script from downloading dependencies needed to install the agent. As a workaround, when you supply cacert_content parameters, surround them in double quotes with newlines replaced by \n.

Reinitializing a replica after upgrade fails

When upgrading a replica, the reinitialize command hangs and fails after five minutes depending on the order of services in your /etc/puppetlabs/client-tools/services.conf file. As a workaround, edit the services.conf file to remove the replica's hash entry from the services array. The file is read-only, so you must force the change. The services.conf file will be repaired by the next Puppet run on the replica.

PE upgrade to 2019.0.2 crashes for Continuous Delivery for Puppet Enterprise users with impact analysis enabled

If you installed Continuous Delivery for Puppet Enterprise (PE) and enabled impact analysis using the puppetlabs-cd4pe module version 1.0.3 or earlier, PE crashes with a Unit pe-puppetserver.service has failed. error when upgraded to version 2019.0.2. To avoid this issue, upgrade the puppetlabs-cd4pe module to version 1.0.4 before upgrading PE to 2019.0.2. To fix the error after upgrading to 2019.0.2, disable impact analysis and upgrade the module to version 1.0.4.

Web-based installation requires a second Puppet run to fully install PE services

Web-based installation includes a single, initial Puppet run, but a second Puppet run is required in order to populate services.conf. Until a second Puppet run completes, the Puppet service status in the console reports that one or more services isn't accepting requests.

High availability known issues

These are the known issues for high availability in this release.

Reinitializing a replica after upgrade fails

When upgrading a replica, the reinitialize command hangs and fails after five minutes depending on the order of services in your /etc/puppetlabs/client-tools/services.conf file. As a workaround, edit the services.conf file to remove the replica's hash entry from the services array. The file is read-only, so you must force the change. The services.conf file will be repaired by the next Puppet run on the replica.

Enabling a new replica using a previous master fails with autosign enabled

The puppet infrastructure run enable_ha_failover command, which lets you enable a failed master as a new replica, includes a step for signing the node's certificate. With autosign enabled, an unsigned certificate can't be found, and the command errors out. As a workaround, temporarily disable autosign before running puppet infrastructure run enable_ha_failover.

Orchestration services known issues

These are the known issues for the orchestration services in this release.

Orchestrator fails when rerunning tasks on agentless nodes

When you rerun tasks from the Job details page, target nodes that do not have the Puppet agent installed are miscategorized as PuppetDB nodes. This causes the orchestrator to fail on those nodes.

Permissions known issues

These are the known issues for user permissions and user roles in this release.

Setting node group environment requires Edit configuration data permission

To allow a user role to set a node group environment, you must add the permission Edit configuration data in addition to Set environment . The permission Set environment alone is not enough to allow a user to change the environment.

SSL and certificate known issues

These are the known issues for SSL and certificates in this release.

Regenerating master certificates fails if the command conflicts with automatic backups

The puppet infrastructure run regenerate_master_certificate command fails if it runs at the same time as automatic configuration backups, triggering an error about pre-existing key files. As a workaround, re-run the regenerate_master_certificate command.

Regenerating agent certificates fails with autosign enabled

The puppet infrastructure run regenerate_agent_certificate command includes a step for signing the node's certificate. With autosign enabled, an unsigned certificate can't be found, and the command errors out. As a workaround, temporarily disable autosign before running puppet infrastructure run regenerate_agent_certificate.

Code management known issues

These are the known issues for Code Manager, r10k, and file sync in this release.

Default SSH URL with TFS fails with rugged error

Using the default SSH URL with Microsoft Team Foundation Server (TFS) with the rugged provider causes an error of "unable to determine current branches for Git source." This is because the rugged provider expects an @ symbol in the URL format.

To work around this error, replace ssh:// in the default URL with [email protected]

For example, change:
ssh://tfs.puppet.com:22/tfs/DefaultCollection/Puppet/_git/control-repo
to
[email protected]:22/tfs/DefaultCollection/Puppet/_git/control-repo

GitHub security updates may cause errors with shellgit

GitHub has disabled TLSv1, TLSv1.1 and some SSH cipher suites, which may cause automation using older crypto libraries to start failing. If you are using Code Manager or r10k with the shellgit provider enabled, you might see negotiation errors on some platforms when fetching modules from the Forge. To resolve these errors, switch your configuration to use the rugged provider, or fix shellgit by updating your OS package.

Timeouts when using --wait with large deployments or geographically dispersed compile masters

Because the --wait flag now deploys code to all compile masters before returning results, some deployments with a large node count or compile masters spread across a large geographic area might experience a timeout. Work around this issue by adjusting the timeouts_sync parameter.

r10k with the Rugged provider can develop a bloated cache

If you use the Rugged provider for r10k, repository pruning is not supported. As a result, if you use many short-lived branches, over time the local r10k cache can become bloated and take up significant disk space.

If you encounter this issue, run git-gc periodically on any cached repo that is using a large amount of disk space in the cachedir. Alternately, use the shellgit provider, which automatically garbage collects the repos according to the normal Git CLI rules.

Code Manager and r10k do not identify the default branch for module repositories

When you use Code Manager or r10k to deploy modules from a Git source, the default branch of the source repository is always assumed to be master. If the module repository uses a default branch that is not master, an error occurs. To work around this issue, specify the default branch with the ref: key in your Puppetfile.

After an error during the initial run of file sync, Puppet Server won't start

The first time you run Code Manager and file sync on a master, an error can occur that prevents Puppet Server from starting. To work around this issue:

  1. Stop the pe-puppetserver service.
  2. Locate the data-dir variable in /etc/puppetlabs/puppetserver/conf.d/file-sync.conf.
  3. Remove the directory.
  4. Start the pe-puppetserver service.

Repeat these steps on each master exhibiting the same symptoms, including the master of masters and any compile masters.

Puppet Server crashes if file sync can't write to the live code directory

If the live code directory contains content that file sync didn’t expect to find there (for example, someone has made changes directly to the live code directory), Puppet Server crashes.

The following error appears in puppetserver.log:

2016-05-05 11:57:06,042 ERROR [clojure-agent-send-off-pool-0] [p.e.s.f.file-sync-client-core] Fatal error during file sync, requesting shutdown.
org.eclipse.jgit.api.errors.JGitInternalException: Could not delete file /etc/puppetlabs/code/environments/development
        at org.eclipse.jgit.api.CleanCommand.call(CleanCommand.java:138) ~[puppet-server-release.jar:na]

To recover from this error:

  1. Delete the environments in code dir: find /etc/puppetlabs/code -mindepth 1 -delete.
  2. Start the pe-puppetserver service: puppet resource service pe-puppetserver ensure=running
  3. Trigger a Code Manager run by your usual method.

Backup and restore known issues

These are the known issues for backup and restore in this release.

Backup fails with File changed as we read it error

If file sync tries to change files while the backup command is archiving files, the backup command errors and fails.

Restore fails if /tmp folder is too small

When restoring a master using puppet backup restore, the /tmp folder is always used as the temporary location for unpacking PostgreSQL dumps. If /tmp doesn't have enough space to hold these dumps, the restore fails. Additionally, attempting to use a different temp directory by setting the TMPDIR environment variable does not work correctly.

Restore resets master DNS altnames

When restoring a master using puppet backup restore, pe_install::puppet_master_dnsaltnames is reset as an array with only the certname of the restore host. As a workaround, after the restore is complete, modify pe_install::puppet_master_dnsaltnames in pe.conf as needed, then complete the monolithic master certificate regeneration process.

 

Restoring the pe-rbac database fails with the puppet-backup restore command

When restoring the pe-rbac database, the restore process exits with errors about a duplicate operator family, citext_ops.

To work around this issue: 
  1. Log into your existing PostgreSQL instance: 
    sudo su - pe-postgres -s /bin/bash -c "/opt/puppetlabs/server/bin/psql pe-rbac"
  2. Issue these commands: 
    ALTER EXTENSION citext ADD operator family citext_ops using btree; 
    ALTER EXTENSION citext ADD operator family citext_ops using hash
  3. Exit the PostgreSQL shell and re-run the backup utility.

puppet-backup fails if gems are missing from the master's agent environment

The puppet-backup create command might fail if any gem installed on the Puppet Server isn't present on the agent environment on the master. If the gem is either absent or of a different version on the master's agent environment, you get the error "command puppet infrastructure recover_configuration failed".

To fix this, you must install any missing or incorrectly versioned gems on the master's agent environment. To find which gems are causing the error, check the backup logs for any gem incompatibility issues with the error message. PE creates backup logs as a report.txt whenever you run a puppet-backup command.

To see what gems and their versions you have installed on your Puppet Server, run the command puppetserver gem list . To see what gems are installed in the agent environment on your master, run /opt/puppetlabs/puppet/bin/gem list.

Internationalization known issues

These are the known issues for internationalization and UTF-8 support in this release.

ASCII limitations

Certain elements of Puppet and PE are limited to ASCII characters only, or work best with ASCII characters, including:
  • Names for environments, variables, classes, resource types, modules, parameters, and tags in the Puppet language.

  • File names, which can generate errors when referenced as a source in a file resource or concat fragment.

  • The title and namevar for certain resource types, on certain operating systems. For example, the user and group resources on RHEL and CentOS may contain only ASCII characters in title and namevar.

  • The console password.

Ruby can corrupt the path fact and environment variable on Windows

There is a bug in Ruby that can corrupt the environment variable names and values. This bug causes corruption for only some codepages. This bug might be triggered when environment names or values contain UTF-8 characters that can't be translated to the current codepage.

The same bug can cause the path fact to be cached in a corrupt state.

Back to top
The page rank or the 1 our of 5 rating a user has given the page.
The email address of the user submitting feedback.
The URL of the page being ranked/rated.