Patch management

You can now manage patches on *nix and Windows nodes in the Patch Management section of the console. After setting up patching node groups, you can view the patch status for your nodes, filter available patches by type and operating system, and run a pre-filled task to apply patches to selected nodes from the Patches page. For information on configuring patch management and applying patches, see Managing patches.

Lockless code deploys

Using Code Manager, you can now optionally deploy code to versioned code directories rather than the live code directory. This change enables Puppet Server to continue serving catalog requests even as you deploy code.

You can enable lockless code deploys by setting puppet_enterprise::profile::master::versioned_deploys to true. For more information about lockless code deploys, see Deploy code without blocking requests to Puppet Server.

Improvements to puppet infrastructure upgrade commands

When you specify more than one compiler to upgrade, the puppet infrastructure upgrade compiler command now upgrades all compilers at the same time, rather than sequentially. Additionally, with both the compiler and replica upgrade commands, you can now specify the location of an authentication token other than the default. For example: puppet infrastructure upgrade compiler --token-file=<PATH_TO_TOKEN>.

More secure code deploys

Permissions for the Puppet code directory are now managed by file sync directly, instead of relying on symlinks. This change improves security during code deployment.

Logging for puppet infrastructure commands that use the orchestrator

A new log file located at /var/log/puppetlabs/installer/orchestrator_info.log contains run details about puppet infrastructure commands that use the orchestrator, including the commands to provision and upgrade compilers, convert legacy compilers, and regenerate agent and compiler certificates.

Improved error handling for plans

Before running plans, the built-in check for node connectivity now provides more descriptive error messages, such as host key verification failures.

Unspecified default values for tasks and plans are supplied automatically

New scheduling options in the console

You can now specify scheduled tasks and Puppet jobs to run every two weeks or every four weeks.

Plan support for apply() on pcp transports

Plans now support using the apply_prep() function and blocks of Puppet code within calls to apply(). The feature is only available on targets connected to PE using the PCP transport and does not work on nodes connected over SSH or WinRM.

Support for new options in the command/deploy endpoint

Platform support

This version adds support for these platforms

Razor removed

Support for bolt.yaml settings in plans removed

Settings from bolt.yaml are no longer read from the environment directory. The modulepath setting is only configurable from environment.conf.

Platforms removed

Support for these platforms is removed in this release:

Upgrade removed custom classification rules from PE Master node group

Custom rules that you used to classify compilers in the PE Master node group were removed upon upgrade, or when you ran puppet infrastructure configure.

Upgrade failed with a Could not retrieve facts error

Could not retrieve facts ... undefined method `split' for nil:NilClass (Puppet::Error)from /opt/puppetlabs/installer/lib/ruby/gems/2.5.0/gems/facter-4.0.20/lib/custom_facts/util/loader.rb:125:in `load'

Upgrading a replica could temporarily lock the agent on the master

If you tried to run Puppet on your master before the puppet infrastructure upgrade replica command completed, you could encounter an error that a Puppet run was already in progress.

FIPS installs didn't fully support cert chain validation

In FIPS environments, RBAC could not connect to LDAP using a pem or jks file.

Command to remove old PostgreSQL versions failed on Ubuntu

When run on Ubuntu nodes, the puppet infrastructure run remove_old_postgresql_versions command failed, erroneously reporting that PostgreSQL wasn't installed.

Enabling a replica could fail immediately after provisioning

When running puppet infrastructure provision replica --enable, the command could fail after the replica was provisioned but before it was enabled if services on the replica were still starting up. The command now waits for services to start and verifies that replication has completed before enabling the replica.

Ubuntu 20.04 couldn't be installed with PE package management

Ubuntu 20.04 wasn't available for installation as a pe_repo class, even though it was a supported agent platform.

Loading plan lists crashed console services

When plan run results were large, the console crashed due to high memory usage on the Plan details page. An optional results query parameter has been added to the GET/plan_jobs endpoint. This parameter keeps you from experiencing high memory usage in the console when loading results for large plan runs.

Default value for tasks and plans dropped in middleware

When a task had a default value of false or null, the console metadata panel did not display the default value.

Event inspector displayed wrong table types

Browsing the event inspector sometimes created inconsistencies in tables and errors in table links.