Puppet known issues
These are the known issues in this version of Puppet.
Package collection on MacOS triggers attempt to install developer tools for Python
When running Puppet 7.8.0 on macOS, Puppet might attempt to collect Python packages, which are no longer used in macOS. An error message states that PIP packages cannot be collected, with a prompt to install associated command-line developer tools. This behavior is triggered by a stub executable present in macOS. PUP-11508
Puppet lookups fail to interpolate topscope variables when an environment is specified
In Puppet 6.26 and 7.14, the lookup
command fails to
resolve toplevel facts in hiera configs if you're using the --environment
option. For example, if you use a toplevel variable like
"nodes/%{fqdn}.yaml"
, Puppet interpolates the variable as an empty string.
As a workaround, use trusted facts or specify the fact value using the "facts" hash,
such as "%{facts.hostname}"
. This issue can be
resolved by upgrading to Puppet 7.15.0. PUP-11437
User and group management on macOS 10.14 and above requires Full Disk Access (FDA)
-
To run Puppet in a server-agent infrastructure, you must grant FDA to the
pxp-agent
. -
To run Puppet from a remote machine with SSH commands, you must grant FDA to
sshd
. -
To run Puppet commands from the terminal, you must grant FDA to
terminal.app
.
The puppet node clean
command fails for users who
have their cadir
in the legacy location
In Puppet 7, the default location of the
cadir
has moved. If you have it in the old location, most
upgrades trigger a warning when executing commands from Puppet. It causes the puppet node
clean
command to fail. PUP-10786
Hiera knockout_prefix
is ineffective in
hierarchies more than three levels deep
When specifying a deep merge behaviour in Hiera, the knockout_prefix
identifier is effective only against values in an adjacent array, and not in
hierarchies more than three levels deep. HI-223
Specify the epoch when using version ranges with the yum
package provider
When using version ranges with the yum
package
provider, there is a limitation which requires you to specify the epoch as part of
the version in the range, otherwise it uses the implicit epoch `0`. For more
information, see the RPM packaging guide. PUP-10298
Deferred functions can only use built-in Puppet types
Deferred functions can only use types that are built into Puppet (for example String
). They cannot use types from modules like stdlib
because Puppet
does not plugin-sync these types to the agent. PUP-8600
The Puppet agent installer fails when systemd is not present on Debian 9
Thepuppet-agent
package does not include sysv init scripts for
Debian 9 (Stretch) and newer. If you have disabled or
removed systemd, puppet-agent
installation and Puppet agent runs can fail. Upgrading Windows agent fails with ScriptHalted
error
Registry references to nssm.exe
were removed in PA-3263. Upgrading from a version without this update to
a version that contains it triggers a Windows
SecureRepair
sequence that fails if any of the files
delivered in the original *.msi
package are missing.
This is an issue when upgrading to one of the following Puppet agent versions: 5.5.21, 5.5.22, 6.17.0,
6.18.0, 6.19.0, 6.19.1, 6.20.0, 7.0.0, 7.1.0 or 7.3.0. To work around this issue,
put the *.msi
file for the currently installed
version in the C:\Windows\Installer
folder before
you upgrade. Starting with Puppet agent 6.21.0 and
7.4.0, the nssm.exe
registry value will be replaced
with an empty string, instead of the registry key being removed, to avoid triggering
Windows
SecureRepair
. PA-3545
The Puppet agent installer fails when systemd
is not present on Debian 9
In versions less than 7.4.0, the puppet-agent
package
does not include sysv init scripts for Debian 9
(Stretch) and newer. If you had disabled or removed systemd
, the puppet-agent
installation
and agent runs could fail. This is now fixed. PA-2028