Puppet Server release notes

This release was removed from general availability due to upgrade issues.
Docs for the latest available release are here.
This version is out of date. For current versions, see Puppet Enterprise support lifecycle.
Sections

Puppet Server 7.0.3

Released 9 February 2021

This release updates dependencies to include security fixes.

Puppet Server 7.0.2

Released 20 January 2021

Bug fix

  • The warning issued when the CA dir is inside the SSL dir now only prints server logs at startup and when using the puppetserver ca CLI, instead of any time a Puppet command is used. (SERVER-2934)

Puppet Server 7.0.1

Released 15 December 2020

Enhancements

  • The JRuby version has been bumped from 9.2.13.0 to 9.2.14.0. (SERVER-2925)

Bug fixes

  • The CA command line tool now correctly honors the server sections in the puppet.conf.

  • When creating the symlink between the new and legacy cadirs the symlink will now be properly owned by the puppet user. (SERVER-2917)

Puppet Server 7.0.0

Released 17 November 2020

Puppet Server 7.0 is a major release. It breaks compatibility with agents prior to 4.0 and the legacy Puppet auth.conf, moves the default location for the cadir, and changes defaults for fact caching and cipher suites. See below for more details. Caution is advised when upgrading.

New features

  • The default value for the cadir setting is now located at /etc/puppetlabs/puppetserver/ca. Previously, the default location was inside Puppet's own ssldir at /etc/puppetlabs/puppet/ssl/ca. This change makes it safer to delete Puppet'sssldir without accidentally deleting your CA certificates.

  • The puppetserver CA CLI now provides a migrate command to move the CA directory from the Puppet confdir to the puppetserver confdir. It leaves behind a symlink on the old CA location, pointing to the new location at /etc/puppetlabs/puppetserver/ca. The symlink provides backwards compatibility for tools still expecting the cadir to exist in the old location. In a future release, the cadir setting will be removed entirely. (SERVER-2896)

  • The default value for the facts cache is now JSON instead of YAML. You can re-enable the old YAML terminus in routes.yaml. (PUP-10656)

  • Support for legacy Puppet auth.conf has been removed and the jruby-puppet.use-legacy-auth-conf setting no longer works. Use Puppet Server's auth.conf file instead. (SERVER-2778)

  • Puppet Server no longer services requests for legacy (3.x) Puppet endpoints. Puppet Agents before 4.0 are no longer be able to check in. (SERVER-2791)

  • This release removes default support for many cipher suites when contacting Puppet Server. The new default supported cipher suites are: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, and TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384. This change aligns open source Puppet with Puppet Enterprise. Note that this change may break on old platforms. To re-enable older cipher suites you may edit the webserver.conf. Valid cipher suite names are listed in the JDK Documentation. (SERVER-2913)

  • Puppet Server now provides an HTTP client whose API conforms to the HTTP client provided by Puppet. This new client is stored in the Puppet runtime as Puppet.runtime[:http]. (SERVER-2780)

Puppet sites use proprietary and third-party cookies. By using our sites, you agree to our cookie policy.