- If you’re upgrading from Puppet 4.x
- Puppet 5.3.3
- Puppet 5.3.2
- New feature: Puppet agents can retry requests on a configurable delay if Puppet Server is busy
- New feature: End-entity certificate revocation checking
- Regression fix: Allow trailing commas when specifying a type alias
- Bug fix: Heredocs closed by -END removes only the last trailing newline in a heredoc as expected
This page lists the changes in Puppet 5.3 and its patch releases. You can also view current known issues in this release.
Puppet’s version numbers use the format X.Y.Z, where:
- X must increase for major backward-incompatible changes
- Y can increase for backward-compatible new functionality or significant bug fixes
- Z can increase for bug fixes
If you’re upgrading from Puppet 4.x
Read the Puppet 5.0 release notes, because they cover breaking changes since Puppet 4.10.
Released November 6, 2017.
This is a bug-fix release of Puppet.
This release resolves issues with tag propagation, internationalization features and Unicode support, filebuckets, Windows reparse point path resolution, and ZFS volume creation.
Previous versions of Puppet could fail to install modules from the Puppet Forge that had many available versions. Puppet 5.3.3 resolves this issue by improving URL encoding in paginated Forge results.
Previous versions of Puppet failed to consistently initialize its internationalization functionality using the system’s locale. Puppet 5.3.3 resolves this issue, resulting in consistent presentation of localized messages when available.
Previous versions of Puppet that failed to initialize its internationalization functionality, typically due to a missing
gettextgem, would log a warning each time each module on the system was loaded. This overwhelmed logs with redundant error messages. Puppet 5.3.3 resolves this issue by logging that warning only once.
In previous versions of Puppet, backing up the same file content to a filebucket more than once could result in a mistaken error warning suggesting that the files had the same checksum value but different contents, which indicated a potential (but false) hash collision. Puppet 5.3.3 correctly handles duplicate files in a filebucket.
Previous versions of Puppet failed to propagate tags with included classes, which could break class notifications when running Puppet with tags enabled. Puppet 5.3.3 resolves this issue; refresh events are now correctly propagated to all tagged resources when running with tags, and some confusing debug and warning messages have been eliminated.
Previous versions of Puppet did not correctly resolve the path to Windows reparse points that are mount points, rather than symbolic links. This could prevent access to paths on DFS shares.
serviceprovider could fail with a stacktrace in previous versions of Puppet if the process line for any given service contained UTF-8 characters and Puppet was not running in UTF-8. Puppet 5.3.3 avoids this error by more gracefully handling these characters in order to match running services to the managed service name.
To set the
volsizeproperty when creating a ZFS volume, Puppet 5.3.3 correctly uses the
-Vflag for the
zfs createcommand, instead of the
-oflag used in previous versions.
This version of Puppet can parse Nagios files containing Unicode content more consistently than previous versions.
Released October 5, 2017.
This is a bug-fix release of Puppet Platform that adds a new
puppet.conf setting to disable some internationalized strings for improved performance.
New feature: Disabling internationalized strings
Puppet 5.3.2 adds the optional Boolean
disable_i18n setting, which you can configure in
puppet.conf. If set to
true, Puppet disables translated strings in log messages, reports, and parts of the command-line interface. This can improve performance, especially if you don’t need all strings translated from English. This setting is
false by default in open source Puppet.
Released October 2, 2017.
This is a feature, bug-fix, and improvement release in the Puppet 5 series. Puppet 5.3.0 was not packaged for release.
New feature: Puppet agents can retry requests on a configurable delay if Puppet Server is busy
When a group of Puppet agents start their Puppet runs together, they can form a “thundering herd” capable of exceeding Puppet Server’s available resources. This results in a growing backlog of requests from Puppet agents waiting for a JRuby instance to become free before their request can be processed. If this backlog exceeds the size of the Server’s Jetty thread pool, other requests (such as status checks) start timing out. (For more information about JRubies and Server performance, see Applying metrics to improve performance.)
In previous versions of Puppet Server, administrators had to manually remediate this situation by separating groups of agent requests, for instance through rolling restarts. In Server 5.1.0, administrators can optionally have Server return a 503 response containing a
Retry-After header to requests when the JRuby backlog exceeds a certain limit, causing agents to pause before retrying the request.
Both the backlog limit and
Retry-After period are configurable, as the
max-retry-delay settings respectively under the
jruby-puppet configuration in puppetserver.conf. Both settings’ default values do not change Puppet Server’s behavior compared to Server 5.0.0, so to take advantage of this feature in Puppet Server 5.1.0, you must specify your own values for
max-retry-delay. For details, see the puppetserver.conf documentation. Also, Puppet agents must run Puppet 5.3.1 or newer to respect such headers.
New feature: End-entity certificate revocation checking
Puppet 5.3.1 can be configured to perform end-entity certificate revocation checking.
certificate_revocation setting in the
[main] section of
puppet.conf (or specified on the command line) now supports being set to
leaf. When set to
chain (equivalent to
true, and the default setting in 5.3.1), Puppet checks every certificate in the chain against the certificate revocation list (CRL). When set to
leaf, CRL checks are limited to the end-entity certificate. This allows for basic revocation checking when using an intermediate CA certificate with Puppet.
Regression fix: Allow trailing commas when specifying a type alias
Puppet 5.2.0 would falsely report a syntax error when including an optional trailing comma in a type alias specification, such as
type X = Variant\[Integer,]. Puppet 5.3.1 resolves this regression by allowing trailing commas as expected.
Bug fix: Heredocs closed by -END removes only the last trailing newline in a heredoc as expected
When a heredoc ended with a dash-prefixed tag (such as
-END) to indicate that the final newline should be removed from the result, not only did Puppet remove the last newline, but it also reduced all multiple empty lines into single empty lines across the entire heredoc. Puppet 5.3.1 resolves this issue by removing only the single last trailing newline as expected.