These are the new features, resolved issues, and deprecations in this version of Puppet.
Released 1 July 2019
--evaltrace option now shows total number of resources to be evaluated
--evaltrace argument, used with the puppet
agent and puppet apply commands, now returns the
number of resources evaluated and the total number of resources to be evaluated.
This option is useful for showing which resource in the catalog is being evaluated
and the progress through the current catalog. PUP-9465
Provider autoloading issue fixed
In the 6.5.0 release, Puppet was unable to autoloading providers on some systems. This issue has been fixed. PUP-9794
pip provider error fixed
In the 6.5.0 release, Puppet encountered an undefined
method error when running the
pip provider. This issue has been
puppet agent --fingerprint returns the CSR hash
When you run the
puppet agent --fingerprint command, if the agent
doesn't have a client cert yet, thePuppet returns the
SHA256 digest of the certificate request (CSR). This functionality was broken as of
Puppet 6.4.0, and is now fixed. PUP-9720
Recurring Puppet runs exited on some SSL bootstrap errors
Recurring Puppet runs wait a specified amount of time while bootstrapping the SSL system, and then retry if an error is encountered. This behavior was broken as of Puppet 6.4.0, and this release restores the behavior.
The wait interval is controlled by the
waitforce setting. One-time
Puppet runs such as
puppet agent --onetime do not retry, and
instead exit when the first error occurs. PUP-9717
Lockfile retained old PID, causing agent failure
This release fixes an issue where if a Puppet run is killed, the lockfile containing the PID that was being used for the process remains. If another process subsequently starts and uses this PID, the agent fails. Puppet now checks that the PID belongs to Puppet so it can lock the PID correctly. This fix works for Puppet even if you run it as a gem.PUP-9691
Puppet now registers OIDs in the SSL application
SSL requests might sometimes return errors because Puppet was not registering OIDs in the SSL application. This is now fixed. PUP-9746
Fine grained control of file and environment timeouts deprecated
Fine grained control of file and environment timeouts is deprecated. Instead, use
unlimited to control default caching behavior and the environment-cache endpoint in Puppet Server's administrativeAPI to expire the cache as needed.
SublocatedExpression class is no longer generated by the parser. The
SublocatedExpressionclass itself will be removed from Puppet in a future release.
Certificate authority subcommands and v1 CA HTTP API
Certificate authority subcommands have been removed from Puppet, including:
certificate request, and
puppetserver ca and
puppet ssl instead.
As a part of the larger CA rework, the v1 CA HTTP API is removed (everything under the ca url /v1). PUP-3650
For details on changes and the new commands, see our documentation about certificates and SSL.
Ruby certificate authority
Puppet no longer has a Ruby CA. All CA actions now rely entirely on the Clojure implementation in Puppet Server. It can be interacted with by means of the CA API and the
puppetserver ca command, which leverages the API using subcommands like those provided by
Trusted server facts
Trusted server facts are always enabled and have been deprecated since 5.0. This removes the setting and conditional logic. PUP-8530
write_only_yaml node terminus
write_only_yaml node terminus was used to “determine the list of nodes that the master knows about” and predated widespread PuppetDB adoption. The
write_only_yaml has been deprecated since 4.10.5, and this commit removes it. Note this should result in a Puppet Server speedup as it no longer needs to serialize node data as YAML to disk during a compile.
LDAP node terminus
The LDAP node terminus has been removed. PUP-7601
mcx types and providers
mcx types and providers have been moved to the
macdslocal_core module. It is not repackaged into puppet-agent in the 6.0 series.
The Nagios types no longer ship with Puppet, and are now available as the
puppetlabs/nagios_core module from the Forge.
Cisco network devices
The Cisco network device types no longer ship with Puppet. These types and providers have been deprecated in favor of the
puppetlabs/cisco_ios module, which is available on the Forge.
:undef in types and providers
In previous versions, values from manifests assigned to resource attributes that contained undef values nested in arrays and hashes would use the Ruby symbol
:undef to represent those values. When using
puppet apply types and providers would see those as
:undef or as the string “undef” depending on the implementation of the type. When using a master, the same values were correctly handled. In this version, Ruby nil is used consistently for this. (Top level undef values are still encoded as empty string for backwards compatibility).
puppet module build command
To reduce the amount of developer tooling installed on all agents, this version of puppet removes the
puppet module build command. To continue building module packages for the Forge and other repositories, install
Puppet Development Kit (PDK).
The earlier experimental
-rich_data format used the tags
pcore_value, these are now shortened to
__pvalue respectively. If you are using this experimental feature and have stored serializations you need to change them or write them again with the updated version.
Webrick support (previously deprecated) has been removed. To run Puppet as a server you must use Puppet Server. PUP-8591)
puppet master command
–strict flag in puppet module
–strict flag in
puppet module has been removed. The default behavior remains intact, but the tool no longer accepts non-strict versioning (such as release candidates and beta versions).
The previously deprecated
configtimeoutsetting has been removed in favor of the
ignorecachesetting has been removed. PUP-8533
The previously deprecated
pluginsyncsetting has now been removed. The agent’s pluginsync behavior is controlled based on whether it is using a cached catalog or not. PUP-8532
app_managementsetting has now been removed. Previously, this setting was ignored, and always treated as though it was set to be on. PUP-8531
orderingsetting has been removed, and catalogs now always have the ordering previously provided by the
manifestvalue of this setting. PUP-6165
- Settings related to the rack webserver from Puppet, including
String duplication in 3x runtime converter
Types and provider implementations must not mutate the parameter values of a resource. With this release, it is more likely that the parameters of a resource have frozen (that is, immutable) string values and any type or provider that directly mutates a resource parameter may fail. Previously, every resource attribute was copied to not make application break even if they did mutate. Look for use of
gsub! in your modules and replace logic with non-mutating version, or operate on a copy of the value. All authors of Forge modules having this problem have been notified.
Puppet.newtype method (deprecated since 2011) has now been removed. (
Certificate handling commands deprecated but not removed