- If you’re upgrading from Puppet 4.x
- Puppet 5.3.2
- New feature: Puppet agents can retry requests on a configurable delay if Puppet Server is busy
- New feature: End-entity certificate revocation checking
- Regression fix: Allow trailing commas when specifying a type alias
- Bug fix: Heredocs closed by -END removes only the last trailing newline in a heredoc as expected
This page lists the changes in Puppet 5.3 and its patch releases. You can also view current known issues in this release.
Puppet’s version numbers use the format X.Y.Z, where:
- X must increase for major backward-incompatible changes
- Y can increase for backward-compatible new functionality or significant bug fixes
- Z can increase for bug fixes
If you’re upgrading from Puppet 4.x
Read the Puppet 5.0 release notes, because they cover breaking changes since Puppet 4.10.
Released October 5, 2017.
This is a bug-fix release of Puppet Platform that adds a new
puppet.conf setting to disable some internationalized strings for improved performance.
New feature: Disabling internationalized strings
Puppet 5.3.2 adds the optional Boolean
disable_i18n setting, which you can configure in
puppet.conf. If set to
true, Puppet disables translated strings in log messages, reports, and parts of the command-line interface. This can improve performance, especially if you don’t need all strings translated from English. This setting is
false by default in open source Puppet.
Released October 2, 2017.
This is a feature, bug-fix, and improvement release in the Puppet 5 series. Puppet 5.3.0 was not packaged for release.
New feature: Puppet agents can retry requests on a configurable delay if Puppet Server is busy
When a group of Puppet agents start their Puppet runs together, they can form a “thundering herd” capable of exceeding Puppet Server’s available resources. This results in a growing backlog of requests from Puppet agents waiting for a JRuby instance to become free before their request can be processed. If this backlog exceeds the size of the Server’s Jetty thread pool, other requests (such as status checks) start timing out. (For more information about JRubies and Server performance, see Applying metrics to improve performance.)
In previous versions of Puppet Server, administrators had to manually remediate this situation by separating groups of agent requests, for instance through rolling restarts. In Server 5.1.0, administrators can optionally have Server return a 503 response containing a
Retry-After header to requests when the JRuby backlog exceeds a certain limit, causing agents to pause before retrying the request.
Both the backlog limit and
Retry-After period are configurable, as the
max-retry-delay settings respectively under the
jruby-puppet configuration in puppetserver.conf. Both settings’ default values do not change Puppet Server’s behavior compared to Server 5.0.0, so to take advantage of this feature in Puppet Server 5.1.0, you must specify your own values for
max-retry-delay. For details, see the puppetserver.conf documentation. Also, Puppet agents must run Puppet 5.3.1 or newer to respect such headers.
New feature: End-entity certificate revocation checking
Puppet 5.3.1 can be configured to perform end-entity certificate revocation checking.
certificate_revocation setting in the
[main] section of
puppet.conf (or specified on the command line) now supports being set to
leaf. When set to
chain (equivalent to
true, and the default setting in 5.3.1), Puppet checks every certificate in the chain against the certificate revocation list (CRL). When set to
leaf, CRL checks are limited to the end-entity certificate. This allows for basic revocation checking when using an intermediate CA certificate with Puppet.
Regression fix: Allow trailing commas when specifying a type alias
Puppet 5.2.0 would falsely report a syntax error when including an optional trailing comma in a type alias specification, such as
type X = Variant\[Integer,]. Puppet 5.3.1 resolves this regression by allowing trailing commas as expected.
Bug fix: Heredocs closed by -END removes only the last trailing newline in a heredoc as expected
When a heredoc ended with a dash-prefixed tag (such as
-END) to indicate that the final newline should be removed from the result, not only did Puppet remove the last newline, but it also reduced all multiple empty lines into single empty lines across the entire heredoc. Puppet 5.3.1 resolves this issue by removing only the single last trailing newline as expected.