These are the new features, enhancements, resolved issues, and deprecations in this version of PE.
A new values API reports details about automated changes that PE makes to nodes, and provides an estimate of time freed by each type of change based on intelligent defaults or values you provide. You can also specify an average hourly salary and see an estimate of cost savings for all automated changes.
Console navigation and workflow improvements
- The Classification page was renamed Node groups.
- The setup page was renamed Admin.
- There is a new Inventory section in the sidebar, which contains the Nodes, Node groups, and Packages pages.
- The Inventory page was removed. To add nodes to inventory, click Add nodes in the upper right corner of the Nodes page.
- There is a new Access control page, which contains tabs for Users, User roles, User groups, and External directory.
- The Configuration tab was broken out into two tabs: Classes and Configuration data. The Classes tab is for declaring classes and setting parameters while the Configuration data tab is for setting parameters without declaring classes.
- There is a New in 2019.8 page in the sidenav, which lists console-related release notes. It will be updated after each z release and is visible for the first two weeks after a release.
Compiler conversion runs in parallel
When you convert all compilers at one time with
infrastructure run convert_legacy_compiler all=true, the process is now
noticeably faster due to streamlining in when Puppet
runs occur on target hosts.
Console displays enum and boolean plan parameter values in select menu
You can select plan parameters that are boolean or enum types from a drop down menu in the Value field.
Updates to metrics endpoints
Access to endpoints under /metrics are now controlled by
trapperkeeper-authorization and configured in the Puppet Server
file. The default rule allows remote access with a valid Puppet certificate.
Setting the v2 metrics endpoint to debug no longer displays debug messages from Jolokia. In order to see debugging messages, set a configuration value in addition to the usual logback changes.
Deprecations and removals
Application orchestration features in the Puppet language
- Resource kinds:
- Environment catalog REST API
Upgrading Windows agents using the puppet_agent module could restart non-Puppet services
If you're using a log aggregator, upgrading Windows agents using the puppet_agent module could cause non-Puppet services to restart.
Upgrading agents using the puppet_agent module could produce non-breaking errors
Upgrading agents from versions 6.14 or 6.15 using the puppet-agent module could
produce errors about an unavailable file resource or unknown HTTP resource. These
errors occurred only during the initial Puppet agent
run, when the agent was still using versions 6.14 or 6.15 with an updated master.
The error resolved after the
Pre-upgrade check produced inaccurate errors on standalone PE-PostgreSQL nodes
## Pre-Upgrade Checks Warning: Puppet agent is not running. Error: No configuration file found at /etc/puppetlabs/client-tools/services.conf. This file is installed automatically on Puppet Server nodes. Make sure you are running the command on a primary master, primary master replica, or compile master. Error: Try 'puppet infrastructure help status' for usage
The error occurred because the pre-upgrade check verified services running on the master which were not present on standalone PE-PostgreSQL nodes.
Upgrade could fail with custom structured facts
If you use custom facts that use structured facts, upgrade could fail with an error related to your custom fact, for example: undefined method '' for nil:NilClass (Puppet::Error).
Upgrade commands failed if PXP agents were configured to connect to load balancers
In installations with load balancers, the
upgrade commands could fail if the PXP
agent on infrastructure nodes connected to load balancers instead of to the master.
The upgrade plan now verifies configuration and prompts you to fix any issues before
continuing with the upgrade.
Compiler upgrade could fail to upgrade Puppet Server
puppet infrastructure upgrade compiler command
could fail to upgrade Puppet Server depending on how the
catalog was built for performing the upgrade.
all legacy compilers failed in
disaster recovery installations
With disaster recovery enabled, the command to convert legacy compilers with the
Converting legacy compilers failed with autosigning enabled
puppet infrastructure run convert_legacy_compiler
with autosigning enabled caused the conversion to fail during certificate
Converting legacy compilers could fail with DNS alternative names
dns_alt_names were specified in the
[agent] section of
puppet infrastructure run
convert_legacy_compiler command failed because it didn't recognize the
alternative names. As a temporary workaround, we recommended moving
dns_alt_names to the
[main] section of
puppet.conf on the
compilers to be converted, however
[agent] is the
preferred section to specify this parameter. The compiler conversion command now
recognizes DNS alternative in either the
[main] section of
Missing package dependencies for SUSE Linux Enterprise Server agent nodes
On agent nodes running SUSE Linux Enterprise Server 15, the
libyaml-cpp package and operating system packages
libboost_ were no longer bundled with
Puppet agent, and also might not have been
included in the operating system.
Command to regenerate agent certificates didn't work with nodes behind a load balancer
In large and extra-large installations with load balancers, the command
puppet infrastructure run regenerate_agent_certificate
failed because compilers didn't have the tasks needed to run the command, and agent
nodes don't communicate directly with the
With lockless code deploy enabled, deleted branches could increase disk use
If you deleted a branch from your control repository with lockless deploys enabled, some artifacts could remain on disk and increase your disk use.
With lockless code deploy enabled, deploying with
--wait could produce an erroneous timeout
Deploying code from the command line or API with the
--wait flag produced a timeout error, even though the code deploy
blackout_windows parameter in
pe_patch class couldn't handle time zones with negative
If you used a negative value to offset the timezone when setting the
blackout_windows parameter for patching node groups, the
pe_patch fact would return an error.
pe_patch fact wouldn't generate if there was
a parsing error
pe_patch fact couldn't be generated if there was
an error when parsing the latest cached catalog for the node. Additionally, if you
did not have
puppetlabs-stdlib installed, packages
that were fixed to a particular version in the node's catalog were not recognized by
Node search input didn't respond to Enter key
The node name search bar on the Nodes page in the console didn't respond to the Enter key to search for a node and you had to select Submit manually. You can now use Enter to search for nodes.
Console radiator bars had a width of zero
In the console, the colored bars in the radiator were broken and didn't show the correct layout. The radiator has been fixed.
You can now manage patches on *nix and Windows nodes in the Patch Management section of the console. After setting up patching node groups, you can view the patch status for your nodes, filter available patches by type and operating system, and run a pre-filled task to apply patches to selected nodes from the Patches page. For information on configuring patch management and applying patches, see Managing patches.
Lockless code deploys
Using Code Manager, you can now optionally deploy code to versioned code directories rather than the live code directory. This change enables Puppet Server to continue serving catalog requests even as you deploy code.
You can enable lockless code deploys by setting
true. For more information about lockless code deploys, see
Deploy code without blocking requests to Puppet Server.
puppet infrastructure upgrade
When you specify more than one compiler to upgrade, the
upgrade compiler command now upgrades all compilers at the same time,
rather than sequentially. Additionally, with both the compiler and replica upgrade
commands, you can now specify the location of an authentication token other than the
default. For example:
puppet infrastructure upgrade compiler
More secure code deploys
Permissions for the Puppet code directory are now managed by file sync directly, instead of relying on symlinks. This change improves security during code deployment.
puppet infrastructure commands that
use the orchestrator
A new log file located at
/var/log/puppetlabs/installer/orchestrator_info.log contains run
puppet infrastructure commands that
use the orchestrator, including the commands to provision and upgrade compilers,
convert legacy compilers, and regenerate agent and compiler
Improved error handling for plans
Before running plans, the built-in check for node connectivity now provides more descriptive error messages, such as host key verification failures.
Unspecified default values for tasks and plans are supplied automatically
optionalin the console.
New scheduling options in the console
You can now specify scheduled tasks and Puppet jobs to run every two weeks or every four weeks.
Plan support for
apply() on pcp
Plans now support using the
apply_prep() function and
blocks of Puppet code within calls to
apply(). The feature is only available on targets
connected to PE using the PCP transport and does not
work on nodes connected over SSH or WinRM.
Support for new options in the command/deploy endpoint
This version adds support for these platforms
- macOS 10.15
Deprecations and removals
Razor removedRazor has been removed from PE in this release. If you want to continue using Razor, you can use the open source version of the tool.
bolt.yaml settings in plans
bolt.yaml are no longer read from the
environment directory. The
modulepath setting is
only configurable from
Support for these platforms is removed in this release:
- Enterprise Linux 6
- Ubuntu 16.04
Upgrade removed custom classification rules from PE Master node group
Custom rules that you used to classify compilers in the PE Master
node group were removed upon upgrade, or when you ran
Upgrade failed with a Could not retrieve facts error
Could not retrieve facts ... undefined method `split' for nil:NilClass (Puppet::Error)from /opt/puppetlabs/installer/lib/ruby/gems/2.5.0/gems/facter-4.0.20/lib/custom_facts/util/loader.rb:125:in `load'
Upgrading a replica could temporarily lock the agent on the master
If you tried to run Puppet on your master before the
puppet infrastructure upgrade replica command
completed, you could encounter an error that a Puppet
run was already in progress.
FIPS installs didn't fully support cert chain validation
In FIPS environments, RBAC could not connect to LDAP using a
Command to remove old PostgreSQL versions failed on Ubuntu
When run on Ubuntu nodes, the
puppet infrastructure run remove_old_postgresql_versions command
failed, erroneously reporting that PostgreSQL wasn't
Enabling a replica could fail immediately after provisioning
puppet infrastructure provision replica --enable, the
command could fail after the replica was provisioned but before it was enabled if
services on the replica were still starting up. The command now waits for services
to start and verifies that replication has completed before enabling the
Ubuntu 20.04 couldn't be installed with PE package management
Ubuntu 20.04 wasn't available for installation as a
pe_repo class, even though it was a supported
Loading plan lists crashed console services
When plan run results were large, the console crashed due to high memory usage on the
Plan details page. An optional results query parameter
has been added to the
GET/plan_jobs endpoint. This
parameter keeps you from experiencing high memory usage in the console when loading
results for large plan runs.
Default value for tasks and plans dropped in middleware
When a task had a default value of
null, the console metadata panel did not display the
Event inspector displayed wrong table types
Browsing the event inspector sometimes created inconsistencies in tables and errors in table links.