PuppetDB: Release notes

Sections

PuppetDB 6.11.2

Released 14 July 2020

Bug fixes

  • Fixes a bug that caused PuppetDB to use a CTE that materialized a large table, slowing queries. PDB-4769

Security fixes

  • Our dependency on org.postgresql/postgresql was upgraded to 42.2.14 to fix CVE-2020-13692. SEC-155 Note: PuppetDB does not store XML data types in PostgreSQL and should not be affected by this CVE.

PuppetDB 6.11.1

This version is included in PE version 2019.8, but is not available as an open source offering. It includes a minor bug fix.

PuppetDB 6.11.0

Upgrading

We recommend upgrading to PostgreSQL 11 or greater before upgrading to PuppetDB 6.11.0. PostgreSQL 11 includes performance improvements which make adding a non-null column with a default value much faster and should significantly speed up the migration included in this release.

New features

  • Support for the storage of reports generated by Bolt Plans.

  • New report field type to specify the type of report submitted. Use agent for a Puppet agent run, or plan for a report of a plan’s apply block.

Deprecations

  • Java 8, 9, and 10 have been deprecated. If these versions are used, PuppetDB will log a warning on startup. We recommend using Java 11 going forward.
  • Running PuppetDB with PostgreSQL 9.6 and 10 has been deprecated. Use PostgreSQL 11 instead.

Contributors

Austin Blatt, Ethan J. Brown, Rob Browning, and Zak Kent

PuppetDB 6.10.1

Bug fixes

  • Fixed an issue that caused PuppetDB to fail to start on a database that had been in service before PuppetDB 4.0.0. PDB-4709

PuppetDB 6.10.0

Upgrading

This upgrade contains a long running migration to the reports table, which is typically the largest table in PuppetDB. Before upgrading to, or past, this version of PuppetDB, you are strongly encouraged to consider deleting your reports table. This will drastically shorten your upgrade time and get you back online much faster. If you are on a 5.2.z version, please upgrade to 5.2.14 or later and then take advantage of the delete-reports subcommand. Otherwise, consult the documentation on how to truncate the reports table manually.

New features

  • New delete-reports subcommand of the puppetdb command. The command stops the PuppetDB service and deletes all reports from the database. PDB-2398

  • New migrate configuration option in database settings. On startup, PuppetDB will only perform migrations if the value is true. If the value is false and a migration is necessary, PuppetDB will exit with an error. PDB-3751

  • New migrator-username option in database settings. You can now configure PuppetDB to attempt to prevent concurrent migrations or any access to a database that’s in an unexpected format, either too new or too old. See Configuring PuppetDB for further information. PDB-4636 PDB-4637 PDB-4639

    Bug fixes

  • Fixed an issue that would cause PE’s sync to fail and never retry when one PuppetDB had been upgraded and the other had not. PE’s sync will now fail and retry. PDB-4682

Contributors

Austin Blatt, Ethan J. Brown, Rob Browning, Robert Roland, and Zak Kent

PuppetDB 6.9.1

New features

  • New initial-report-threshold configuration option in sync settings. On startup, PuppetDB will only sync reports newer than the threshold. Older reports will still be transferred on subsequent periodic syncs. PDB-3751

Resolved issue

  • To prevent information exposure as a result of CVE-2020-7943, the /metrics/v1 endpoints are disabled by default, and access to the /metrics/v2 endpoints are restricted to localhost.

Contributors

Austin Blatt, Claire Cadman, and Morgan Rhodes

PuppetDB 6.9.0

New features and improvements

  • File indexing on catalog_resources. After you configure the PostgreSQL pg_trgm extension, PuppetDB adds an index to the file column on the catalog_resources table. PDB-4640

    Note: As of this release, running PostgreSQL without the pg_trgm extension is deprecated.

  • Improved queries. PuppetDB now has an experimental query optimizer that may be able to substantially decrease the cost and response time of some queries. PDB-4512

Bug fixes

  • Fixed an issue affecting PE installations where PuppetDB would fail to purge a deactivated node. PDB-4479

  • Database migrations could fail if there were long periods of inactivity in the resource_events, table and a client’s server wasn’t using UTC.PDB-4641

Contributors

Austin Blatt, Heston Hoffman, Morgan Rhodes, Rob Browning, Robert Roland, and Zak Kent

PuppetDB 6.8.1

Bug fixes

  • Database migrations would fail for timezones with positive UTC offsets. PDB-4626

Contributors

Austin Blatt, Heston Hoffman, Reinhard Vicinus, Robert Roland, and Zak Kent

PuppetDB 6.8.0

New features and improvements

  • New resource-events-ttl configuration parameter. Use the resource-events-ttl configuration parameter to automatically delete report events older than the specified time. The parameter rounds up to the nearest day. For example, 14h rounds up to 1d. For more information, see Configuring PuppetDB. PDB-2487

  • New delete command. Use the delete command to immediately delete the data associated with a certname. For more information, see Commands endpoint. PDB-3300

Bug fixes

  • Resolved an issue where an unreachable PostgreSQL server could cause PuppetDB to exhaust its connection pool, requiring a restart. PDB-4579

Contributors

Austin Blatt, Ethan J. Brown, Manuel Laug, Molly Waggett, Morgan Rhodes, Nick Walker, Rob Browning, Robert Roland, and Zak Kent

PuppetDB 6.7.3

Bug fixes

  • This release includes various security improvements.

Contributors

Austin Blatt, Ethan J. Brown, Heston Hoffman, Markus Opolka, Morgan Rhodes, and Nate Wolfe

PuppetDB 6.7.2

Bug fixes

  • Fixed an issue that caused PuppetDB to shut down if the initial Postgres connection failed. PuppetDB now retries the connection if it fails.

Contributors

Austin Blatt, Ethan J. Brown, Heston Hoffman, Morgan Rhodes, Nate Wolfe, Rob Browning, Robert Roland, and Zak Kent

PuppetDB 6.7.1

Bug fixes

  • Fixed an issue where PuppetDB terminated a migration with a Postgres exception if standard_conforming_strings was not set to true. PuppetDB now verifies the setting before checking if any migrations are necessary. PDB-4509

  • Fixed a bug that prevented command size metrics from being recorded and the max-command-size config option from working properly. PDB-4502

  • This release restores the cipher suites required to connect to Puppet Server using TLS versions TLSv1.0 and TLSv1.1. PDB-4513

Contributors

Austin Blatt, Eric Griswold, Ethan J. Brown, Heston Hoffman, Molly Waggett, Robert Roland, Scot Kreienkamp, Vadym Chepkov, and Zak Kent

PuppetDB 6.7.0

New features and improvements

  • Debian 10 support - PuppetDB packages are now available for Debian 10. These packages require Java 11 to be installed, rather than Java 8. PDB-4469

  • New ignored metric. The ignored metric tracks the number of obsolete commands since the last restart. For more on the ignored metric, see Metrics endpoint. PDB-4278

  • Return a specific fact or resource paramater with inventory and resources endpoints. You can now use dot notation with inventory and resources endpoints to return a specific fact or resource parameter instead of the entire JSON file PDB-2634.

    For examples of using dot notation in PQL and AST, see the following:

Bug fixes

  • Fixed an issue where PQL queries with dot notation required an extra space to terminate the dotted field. For example, inventory[]{ facts.os.family="Debian" } would fail because PuppetDB parsed the = operator as part of the dotted field. PDB-3284

PuppetDB 6.6.0

Bug fixes

  • A change in the puppetdb-termini package for 6.5.0 broke SSL connections that did not use Puppet’s CA. This fix adds the verify_client_certificate configuration option. By default, verify_client_certificate only allows SSL connections authenticated by the Puppet CA. When set to false, it allows the use of other SSL connections. PDB-4487

  • Fixed an issue where package upgrades on CentOS 6 would sometimes fail when upgrading from older versions of PuppetDB (for example, 5.2) to more recent versions (for example, 6.3+). PDB-4373

Contributors

Austin Blatt, Craig Watson, Ethan J. Brown, Heston Hoffman, Nate Wolfe, Rob Browning, Robert Roland, and Zak Kent

PuppetDB 6.5.0

New features and improvements

  • New experimental catalog-input-contents endpoint. Use the catalog-input-contents endpoint to query for the most recent catalog inputs that PuppetDB has received for any nodes. (PDB-4371

  • Submit inputs to a catalog. PuppetDB can now optionally store “inputs”, such as Hiera keys, during catalog compilation. See the command’s wire format for more information on how to submit them. PDB-4372

Bug fixes

  • We’ve updated the default auto-vacuum settings for several tables which PuppetDB was vacuuming more frequently than neccessary. These changes will apply once at the next upgrade. PDB-3745

Contributors

Austin Blatt, Ethan J. Brown, Heston Hoffman, Josh Partlow, Nate Wolfe, Nick Walker, Patrick Carlisle, Rob Browning, and Robert Roland

PuppetDB 6.4.0

Bug fixes

  • This bug affects Puppet Enterprise (PE) only. After a restart or downtime, PuppetDB did not sync its package inventory, resulting in PuppetDB nodes with desynced fact hashes. PDB-4266

Contributors

Austin Blatt, Ethan J. Brown, Jean Bond, Markus Opolka, Morgan Rhodes, Nate Wolfe, Rob Browning, Robert Roland, and Zak Kent

See an issue? Please file a JIRA ticket in our [DOCUMENTATION] project
Puppet sites use proprietary and third-party cookies. By using our sites, you agree to our cookie policy.