Open source Puppet documentation

These are the new features, resolved issues, and deprecations in this version of Puppet.

Puppet 6.1.0

Released 18 December 2018

New features

Package provider included in puppet resource default output

The puppet resource <package-name> command now includes the package provider as part of its output.

Clean certificates for remote nodes

The puppet ssl clean command now accepts a --target CERTNAME parameter to clean certificates for remote nodes configured through device.conf. PUP-9248

The systemd provider checks for new and changed units

When Puppet starts or restarts a service, the systemd provider checks to see whether the service requires a daemon reload, and reloads the systemd daemon if necessary. This ensures the service runs with the latest configuration on disk. PUP-3483

New service timeout parameter for Windows

On Windows systems, you can now specify a service timeout parameter that configures how long, in seconds, Puppet should wait when syncing service properties. PUP-9132

For example:
service { "service-name":
 enable => true,
   ensure => running,
   timeout => 45

Format strings with double quotes

You can now force strings to have double quotes when formatting strings with the function. Previously, this function dynamically determined whether to use single quotes or double quotes for the string.

To force double quotes, specify the alternative format flag # when you specify the string format. PUP-9344

Service support for systemd on Linux Mint 18 and newer

This release adds support for services on Linux Mint 18 and newer, which use the init systemd instead of upstart for services. PUP-9326

Parser validation finds and reports syntax issues in heredocs

Heredoc syntax checking is now performed during validation, unless the heredoc contains any interpolated expressions. This includes manifest and EPP template syntax checks. Heredocs with interpolation are checked during evaluation. Prior to this release, heredoc syntax checks were run only during evaluation.

By default, heredocs are treated as text unless otherwise specified with the end-of-text tag, such as @(EOT:json), @(EOT:pp), or @(EOT:epp). To check syntax in heredocs, run puppet parser validate. PUP-9257

Resolved issues

Improved handling of incompletely configured services

Puppet now treats incomplete services the same way as nonexistent services, returning enabled => false and ensure => :stopped in either case. If you try to set ensure => running or enabled => true on an incomplete or nonexistent service, Puppet raises an error. PUP-9240

Refreshed resource status now included in event report

This release fixes an issue where refreshed resources, such as reboot or some execs, did not create a status event in the event report. PUP-9339

Catalog compilation error fixed

When compiling a catalog, Puppet sometimes raised the error "Attempt to redefine entity." This issue has been fixed with an update to the internal logic. PUP-8002

The exec provider supports empty environment variables

Prior to this release, the exec provider did not support empty environment variables. If an empty environment variable is set on the system, Puppet temporarily overwrites it during execution.. PUP-1209

Puppet recognizes tmpfs support for SELinux labels

SELinux utilities within the Puppet codebase now recognize that the tmpfs supports extended attributes and SELinux labels. The query selinux_label_support? returns true for a file mounted on tmpfs. PUP-9330

Fixed recognition of short form Arrays and Hashes

This release fixes a regression in the string formatting rules that caused a short form for an Array or Hash to not be recognized. For example, String([1,[2,3],4], '%#a") would not format with indentation, but would format the long form String([1,[2,3],4], {Array => { format => '%#a"}}). Now the short form works for Array and Hash as intended. PUP-9329

puppet ssl clean now deletes local certificate requests

This release fixes an issue where the puppet ssl clean command did not correctly delete local certificate requests. PUP-9327

Resolved Timestamp and Timespan data type errors

Prior to this release, the data types Timestamp and Timespan raised errors if time range was specified with Integer or Float values. These data types now support time ranges specified with these values. PUP-9310


Certificate authority subcommands and v1 CA HTTP API

Certificate authority subcommands have been removed from Puppet, including: cert, ca, certificate, certificate request, and certificate_revocation_list. Use puppetserver ca and puppet ssl instead. PUP-8998

As a part of the larger CA rework, the v1 CA HTTP API is removed (everything under the ca url /v1) PUP-3650

Ruby certificate authority 

Puppet no longer has a Ruby CA. All CA actions now rely entirely on the Clojure implementation in Puppet Server. It can be interacted with by means of the CA API and the puppetserver ca command, which leverages the API using subcommands like those provided by puppet certPUP-8912

Trusted server facts

Trusted server facts are always enabled and have been deprecated since 5.0. This removes the setting and conditional logic. PUP-8530

write_only_yaml node terminus

The write_only_yaml node terminus was used to “determine the list of nodes that the master knows about” and predated widespread PuppetDB adoption. The write_only_yaml has been deprecated since 4.10.5, and this commit removes it. Note this should result in a Puppet Server speedup as it no longer will need to serialize node data as YAML to disk during a compile. PUP-8528

LDAP node terminus

The LDAP node terminus has been removed. PUP-7601

computermacauthorization, and mcx types and providers

The computermacauthorization, and mcx types and providers have been moved to the macdslocal_core module. It is not repackaged into puppet-agent in the 6.0 series.

Nagios types

The Nagios types no longer ship with Puppet, and are now available as the puppetlabs/nagios_core module from the Forge.

Cisco network devices

The Cisco network device types no longer ship with Puppet. These types and providers have been deprecated in favor of the puppetlabs/cisco_ios module, which is available on the Forge. PUP-8575

:undef in types and providers

In previous versions, values from manifests assigned to resource attributes that contained undef values nested in arrays and hashes would use the Ruby symbol :undef to represent those values. When using puppet apply types and providers would see those as :undef or as the string “undef” depending on the implementation of the type. When using a master, the same values were correctly handled. In this version, Ruby nil is used consistently for this. (Top level undef values are still encoded as empty string for backwards compatibility). PUP-9112

puppet module build command

To reduce the amount of developer tooling installed on all agents, this version of puppet removes the puppet module build command. To continue building module packages for the Forge and other repositories, install Puppet Development Kit (PDK). PUP-8763

pcore_type and pcore_value

The earlier experimental -rich_data format used the tags pcore_type and pcore_value, these are now shortened to __ptype and __pvalue respectively. If you are using this experimental feature and have stored serializations you need to change them or write them again with the updated version. PUP-8597


Webrick support (previously deprecated) has been removed. To run Puppet as a server you must use Puppet Server. PUP-8591)

puppet master command

The puppet master command and its subcommands have been removed. Instead, use a  puppet-config command. PE-24280

–strict flag in puppet module 

The –strict flag in puppet module has been removed. The default behavior remains intact, but the tool no longer accepts non-strict versioning (such as release candidates and beta versions). PUP-8558

Select settings

The following settings have been removed:
  • The previously deprecated configtimeout setting has been removed in favor of the http_connect_timeout and http_read_timeout setting. PUP-8534

  • The unused ignorecache setting has been removed. PUP-8533

  • The previously deprecated pluginsync setting has now been removed. The agent’s pluginsync behavior is controlled based on whether it is using a cached catalog or not. PUP-8532

  • The deprecated app_management setting has now been removed. Previously, this setting was ignored, and always treated as though it was set to be on. PUP-8531

  • The deprecated ordering setting has been removed, and catalogs now always have the ordering previously provided by the manifest value of this setting. PUP-6165

  • Settings related to the rack webserver from Puppet, including binaddress and masterhttplog. PUP-3658

String duplication in 3x runtime converter

Types and provider implementations must not mutate the parameter values of a resource. With this release, it is more likely that the parameters of a resource have frozen (that is, immutable) string values and any type or provider that directly mutates a resource parameter may fail. Previously, every resource attribute was copied to not make application break even if they did mutate. Look for use of gsub! in your modules and replace logic with non-mutating version, or operate on a copy of the value. All authors of Forge modules having this problem have been notified. PUP-7141

Puppet.newtype method

The deprecated Puppet.newtype method (deprecated since 2011) has now been removed. (PUP-7078)

Certificate handling commands deprecated but not removed

The following subcommands were deprecated in a previous version and slated for removal in this version. While these subcommands are still deprecated, they have not yet been removed.
  • ca_name
  • cadir
  • cacert
  • cakey
  • capub
  • cacrl
  • caprivatedir
  • csrdir
  • signeddir
  • capass
  • serial
  • autosign
  • allow_duplicate_certs
  • ca_ttl
  • cert_inventory
Back to top