集中式系统管理工具Puppet发布3.5.0，新的产品系列。经过3个RC.向下完全兼容3其他版本。2014-04-03 上个版本是2013-02-19的3.4.3其他产品线3.2.4 3.1.1 3.0.2 2.7.25。
Puppet 3.5 Release Notes
- How to Upgrade
- Puppet 3.5.0
- Directory Environments
- Auto-Import (Use a Directory as Main Manifest)
- Scriptable Configuration (puppet config set)
- Global $facts Hash
- Structured Facts (Early Version)
- Future Parser is Faster and Better
- Platform Support Updates
- Smaller New Features
- Deprecations and Removals
- Performance Improvements
- Bug Fixes and Clean-Ups
- All Resolved Issues for 3.5.0
This page tells the history of the Puppet 3.5 series. (Elsewhere: release notes for Puppet 3.0 – 3.4)
Puppet’s version numbers use the format X.Y.Z, where:
- X must increase for major backwards-incompatible changes
- Y may increase for backwards-compatible new functionality
- Z may increase for bug fixes
How to Upgrade
If you’re upgrading from a 3.x version of Puppet, you can usually just go for it. Upgrade your puppet master servers before upgrading the agents they serve. (But do look at the table of contents above and see if there are any “Upgrade Warning” notes for the new version.)
If you’re upgrading from Puppet 2.x, please learn about major upgrades of Puppet first! We have important advice about upgrade plans and package management practices. The short version is: test first, roll out in stages, give yourself plenty of time to work with. Also, read the release notes for Puppet 3 for a list of all the breaking changes made between the 2.x and 3.x series.
Released April 3, 2014. (RC1: March 14. RC2: March 24. RC3: March 31.)
3.5.0 is a backward-compatible features and fixes release in the Puppet 3 series. The biggest things in this release are:
- A new way to set up environments, which replaces the popular “dynamic environments” pattern
- A cleaner replacement for the classicimport nodes/*.pppattern
- Scriptable configuration with a newpuppet config setcommand
- A new global$factshash
- Early support for hashes and arrays in fact values
- Improvements to the future parser
- Support for RHEL 7, Ruby 2.1, and Facter 2.0
…along with many smaller improvements and bug fixes.
Lots of people have been using dynamic environments based on VCS checkouts to test and roll out their Puppet code, as described in this classic blog post. That pattern is great, but it’s complicated to set up and it pretty much works by accident, so we wanted a better way to support it.
Now we have one! The new feature is called directory environments, to distinguish them from the older environments that had to be set in the config file.
The short version is:
- Create a$confdir/environmentsdirectory on your puppet master.
- Each new environment is a subdirectory of that directory. The name of the directory will become the name of the environment.
- Each environment dir contains amodulesdirectory and amanifestsdirectory.
- Themodulesdirectory will become the first directory in the modulepath (with the newbasemodulepathsetting providing a global list of other directories to use).
- Themanifestsdirectory will be used as themanifestsetting (see “Auto-Import” below).
- No other configuration is needed. Puppet will automatically discover new environments.
The upshot is that you can do agit cloneorgit-new-workdirin yourenvironmentsdirectory, and nodes can immediately start requesting catalogs in that environment.
This feature isn’t quite finished yet: it’s missing the ability to do complex edits to themodulepathor set theconfig_versionsetting per-environment, which didn’t make the release deadline. However, it should already be good enough for most users.
For full details, see:
- PUP-1574: Using new directory environments with puppet apply prevents evaluation of the manifest requested on the commandline.
- PUP-1584: Puppet module tool should work with new directory environments
- PUP-536: Create endpoint for enumerating environments
- PUP-1551: Change from “environmentdir” to “environmentpath”
- PUP-1118: Support an $environmentsdir setting
- PUP-1151: List information for known environments via REST
- PUP-1676: Puppet config print respects legacy but not directory environments
- PUP-1678: Environment Endpoint should show configuration and not all modules
- PUP-1735: Puppet::Node::Environment.current should reroute with deprecation warning
Auto-Import (Use a Directory as Main Manifest)
You can now set themanifestsetting to a directory instead of a single file. (E.g.manifest = $confdir/manifests) If you do, the puppet master will parse every.ppfile in that directory in alphabetical order (without descending into subdirectories) and use the whole set as the site manifest. Similarly, you can give puppet apply a directory as its argument, and it’ll do the same thing.
We did this because:
- importis horrible…
- …but theimport nodes/*.pppattern is good.
Lots of people like to use node definitions and keep every node in a separate file. In Puppet 3.4 and earlier, this meant putting animportstatement in puppet.conf and storing the node files in another directory. Now, you can just put all your nodes in the main manifest dir and point themanifestsetting at it.
And since this was the last real reason to useimport, we can deprecate it now! (See “Deprecations and Removals” below.)
Scriptable Configuration (puppet config set)
You can now change Puppet’s settings without parsing the config file, using thepuppet config setcommand. This is mostly useful for configuring Puppet as part of your provisioning process, but can be convenient for one-off changes as well. For details, see the page about changing settings on the command line.
You have to manually enable this (along with the$trustedhash) by settingtrusted_node_data = truein puppet.conf on your puppet master(s). It’ll be on by default in Puppet 4.
In addition to using$fact_name, you can now use$facts[fact_name]to get a fact value. The$factshash is protected and can’t be overridden locally, so you won’t need the$::idiom when using this.
Our hope is that this will visibly distinguish facts from normal variables, make Puppet code more readable, and eventually clean up the global variable namespace. (That’ll take a while, though — we probably won’t be able to disable$fact_nameuntil, like, Puppet 5.)
Structured Facts (Early Version)
You have to manually enable this by settingstringify_facts = falsein puppet.conf on your puppet master(s). It’ll be enabled by default in Puppet 4.
In Facter 2.0 and later, fact values can be any data type, including hashes, arrays, and booleans. (This is a change from Facter 1.7, where facts could only be strings.) If you enable structured facts in Puppet, you can do more cool stuff in your manifests and templates with any facts that use this new feature.
These are the early days of structured facts support — they work in Puppet and Facter now, but none of the built-in facts use data structures yet, and external systems like PuppetDB haven’t yet been updated to take advantage of them. (Any structured facts will still get smooshed into strings when they’re sent to PuppetDB.) But if you have a use for hashes or arrays in your custom facts, turn this on and give it a try.
Future Parser is Faster and Better
We think the future parser is fast enough to use in a large environment now — we haven’t done extensive benchmarking with real-life manifests, but the testing we’ve done suggests it’s about on par with the default parser. So if you’ve been waiting to try it out, give it a spin and let us know how it goes.
It also has some new tricks in this release:
- HEREDOCs are now allowed! This is a much more convenient way to handle large strings. See here for details.
- A new template language was added, based on the Puppet language instead of on Ruby. See here for details.
- There’s a new “future” evaluator that goes along with the future parser.
- PUP-490: Remove partially implemented support for ‘import’
- PUP-527: Validate collect expressions (future parser)
- PUP-798: New Evaluator does not cache parse results
- PUP-800: Complete implementation of Location handling
- PUP-939: add support for enumerable type(s) in all iterative functions
- PUP-954: Correct Type System Flaws
- PUP-992: Relationship expression artificially denies arrays as operands
- PUP-994: Future evaluator should unique relationship operands
- PUP-1029: filter function should accept two parameters
- PUP-1176: Add feature switch for evaluator
- PUP-1212: runtime errors in future evaluator has uninformative backtrace
- PUP-1234: each function broken after upgrading to 3.4
- PUP-1247: Enabling –parser future causes classes to be not found and other errors
- PUP-1579: Rename Literal Type to Scalar
- PUP-486: Add subtype of String
- PUP-491: Implement a 4x validator
- PUP-502: Implement evaluation of ‘definitions’
- PUP-792: Merge Feature Branch New Evaluator
- PUP-1619: Add Tuple and Struct types to the type system
- PUP-644: PR (2020): (#21873) Makename[x]different fromname [x]- hlindberg
- PUP-910: 3x functions do not know how to handle new data types
- PUP-979: future parser fails to recognize hash as parameter in un-parenthesized calls
- PUP-1220: dynamic variable lookup works in templates
- PUP-1576: New Parser does not handle hyphenated barewords
- PUP-1814: Double backslashes in single quote strings should be interpreted as single
- PUP-1897: EPP ignores code after parameter declaration
- PUP-1898: EPP – Error when trying to report argument error in inline_epp
- PUP-28: Add heredoc support in future parser
- PUP-30: Support Puppet Templates
- PUP-473: Add support for \u for unicode chars in strings
- PUP-479: Handle types other than string as hash key
- PUP-482: Handle Comparisons / Equality a consistent way
- PUP-483: Handle Match in useful and consistent way
- PUP-487: Decide on ‘in’ operator vs. ‘==’
- PUP-489: Handle += / -= with consistent semantics
- PUP-525: Support Regular Expression as data type (an issue of encoding)
- PUP-1895: EPP – Define parameters with<% |$x| %>instead of<% ($x) %>
Platform Support Updates
- Puppet now supports RHEL 7, with packages and acceptance testing. This mostly involved cleaning up resource providers to handle things like systemd more cleanly.
- We’re running acceptance tests on Fedora 19 and 20, now, too.
- Facter 2.0.1 works with Puppet 3.5, including its new structured facts support (see above).
- We have early support for Ruby 2.1. We’re running spec tests on it, so we think it works fine! But since none of our testing platforms ship with it, we aren’t running acceptance tests on it, which means there might be problems we don’t know about yet.
- Support for Fedora 18 is done, since it EOL-ed in January; no more acceptance tests or packages.
- Facter 1.6 is no longer supported with Puppet 3.5.
- PUP-576: Add a fedora19 host to the platforms we are testing in ci.
- PUP-876: upstart service operating system confine should include redhat and centos
- PUP-923: Add Fedora 20 to acceptance
- PUP-1694: Provide packages for Rhel7
- PUP-1825: Allow use of Facter 2
- PUP-1463: Ensure services that were previously enabled get enabled after systemd service unit name change
- PUP-1491: (packaging)Remove Fedora 18 from default mocks
- PUP-1821: Bump facter dependency to 1.7 or greater
- PUP-1732: ‘puppet resource service’ with systemd provider shows lots of non-services
- PUP-1766: Make systemd the default provider for RHEL7
Smaller New Features
In addition to the big-ticket improvements above, we added a lot of smaller features.
- You can now put external facts in modules, and they will be synced to all agent nodes. This requires Facter 2.0.1 or later. To use this feature, put your external facts in afacts.ddirectory, which should exist at the top level of the module.
- Certificate extensions will now appear in the$trustedhash.
- There’s a newstrict_variablessetting; if set to true, it will throw parse errors when accessing undeclared variables. Right now, this will wreak havoc; eventually, it will make Puppet code easier to debug.
- Related to the last: Thedefinedfunction can now test whether a variable is defined. Note that you have to single-quote the variable name, like this:defined(‘$my_var’)— otherwise, the function will receive the value of the variable instead of its name. Anyway, going forward, this will be a more accurate way to distinguish betweenfalse,undef, and uninitialized variables, especially if you’re usingstrict_variables = true.
- Thehttpreport processor can use basic auth now when forwarding reports.
- Puppet apply now has a–testoption that acts much like puppet agent’s–test.
- On Windows, the puppet agent service will now log activity using the Windows Event Log instead of a logfile.
- Environment and transaction UUID information is now included when submitting facts to PuppetDB. (This will be used in a future version of PuppetDB.)
Type and provider features:
- Thessh_authorized_keytype can use ssh-ed25519 keys now.
- Whenserviceresources fail to start or restart, they’ll log the exit code, stdin, and stderr text as Puppet errors to help with debugging.
- Therpmpackage provider now accepts virtual packages.
- Therpmpackage provider now supportsuninstall_options.
- Thepackagetype has a newpackage_settingsattribute. This is a property that can be implemented differently per-provider; currently nothing uses it, but there are plans to make the FreeBSD provider use it for port options.
- Theusertype now validates theshellattribute, to make sure it actually exists and is executable.
- You can now use msgpack as the on-disk cache format for some of Puppet’s generated data types.
- Thefiletype has a newvalidate_cmdattribute that can help protect against accidentally writing broken config files.
- Theresourcestype has a newunless_uidattribute that acts like an improved version of theunless_system_userattribute — it lets you protect multiple UIDs and ranges of UIDs from deletion when purginguserresources.
- You can now purge unmanagedcronresources with theresourcestype.
Features for extension writers:
- The Puppet::Util::Profiler#profile API is now public, and can be used by extensions like indirector termini and report handlers.
- There’s a new v2.0 HTTP API, which doesn’t have to abide by the (sometimes inconsistent and weird) semantics of the main API. Right now, the only v2.0 endpoint is for getting information about environments via the API. See the developer documentation for details.
- PUP-1975: Environment & transaction_uuid is not passed to facts indirector during compilation
- PUP-1068: Puppet master can’t submit reports to an HTTP server using basic auth
- PUP-1218: Improve ssh-ed25519 integration
- PUP-1219: PR (2182): Improve ssh-ed25519 integration – jasperla
- PUP-950: PR (2132): (#23376) Add support for ssh-ed25519 keys to ssh_authorized_key type – jasperla
- PUP-1318: Provide a logoutput for service like exec
- PUP-897: package type should accept virtual package for rpm
- PUP-1369: Package options property for package
- PUP-1448: User’s type ‘shell’ parameter should be validated
- PUP-1327: PR (2060) owner of files created by nagios resource types
- PUP-1589: PR (2328): Msgpack terminii – dalen
- PUP-1670: PR (2347): A way to validate file content syntax before replacing files
- PUP-1447: Allow specified UIDs to be excluded from purge
- PUP-1490: Support –test option for puppet apply
- PUP-1564: PR (2319) package rpm provider should support :uninstall_options feature
- PUP-649: PR (2024): (#3220) crontab: allow purging unmanaged resources – ffrank
- PUP-1772: Proposal to make Puppet::Util::Profiler#profile api public
- PUP-672: Informational certificate extensions should be exposed inside the Puppet DSL
- PUP-1048: PR (2161): (#21641) Windows puppet service should log to the eventlog – glennsarti
- PUP-1505: Puppet should use new Facter.search_external for external facts pluginsync
- PUP-1432: Implement v2.0 API error responses
- PUP-1549: V2.0 API shows the message body in the Reason-Phrase
- PUP-1166: Add better error message for strict variables (current parser)
- PUP-1372: with strict variable lookup option there is no way to check if var is defined
Deprecations and Removals
As we start to get ready for Puppet 4, we’re deprecating some features we’re hoping to remove or replace. (Be ready for more of these in Puppet 3.6, too.) Using deprecated features will cause warnings to be logged on the puppet master; these features will be removed in Puppet 4.
Deprecations in the Puppet language:
- Theimportkeyword is deprecated. Instead of importing, you should set yourmanifestsetting to a directory of .pp files.
- Modifying arrays and hashes in Puppet code or templates is deprecated. (This actually should never have been possible, but we can’t kill it in a minor version because it might break something.)
Deprecations in the type and provider API:
- Using the:parentoption when creating a type is deprecated. This actually hasn’t worked for a long while, but now it will warn you that it won’t do anything.
- The experimental bindings-based Hiera2/data-in-modules code has been removed. We’re back to the drawing board on this.
- PUP-899: Deprecate parent parameter for type
- PUP-864: Deprecate Data Structure Mutation
- PUP-866: Deprecate “import”
- PUP-546: Remove Hiera2 and bindings-based data in modules code
3.5 is faster! We found a situation where defined types were a lot slower than they needed to be, some slow cases inpuppet cert listand the module tool, and a few other performance wins.
- PUP-716: Puppet::FileSystem::File creates many short-lived objects
- PUP-751: Performance regression due to excessive file watching
- PUP-753: Create a reasonable “benchmark” manifest
- PUP-1059: PR (2162): (#16570) Don’t load the node object again in configurer – dalen
- PUP-1592: Puppet excessively stats the filesystem when looking for defined types
- PUP-1563: PR (2322) Module tool rechecks for conflicts for each installed module
- PUP-1665: PR – Puppet cert list behavior is suboptimal
- PUP-1058: puppet apply loading facts twice
Bug Fixes and Clean-Ups
We fixed a bunch of bugs in types and providers (including a big cleanup of the yumrepo type), improved standards-compliance in our use of certificates, fixed a bunch of Windows-specific problems, cleaned up some inconsistencies, and fixed some bugs that don’t fit in any particular bucket.
Type and provider bugs:
- PUP-1210: authentication_authority key is not set when managing root’s password using the puppet user provider (An OS X bug, most visible when managing the root user.)
- PUP-1051: gem package provider is confused by platform components in version strings
- PUP-1158: Augeas provider warns on parse errors in other files handled by same lens
- PUP-1421: appdmg prematurely filters for sources ending in .dmg
- PUP-1450: [Windows] Copying file resources from non-NTFS volumes causes Invalid DACL errors
- PUP-1559: Windows – Specifying well-known SIDs as a group / user in manifests causes errors
- PUP-730: PR (2140): (#23141) Add OpenBSD to the exclusion list for ‘remounts’ in mount type – jasperla
- PUP-1192: PR (2176): (maint) Windows file provider :links => :follow – Iristyle
- PUP-1561: puppet resource cron does not list crontab entries
- PUP-713: PR (2050): (#4820) cron type should not allow specification of special parameter and normal hour/minute/day/etc parameters. – ffrank
- PUP-1085: Pacman provider constantly reinstalls package groups on arch linux
- PUP-648: PR (2023): Add upgradeable and versionable features to pkgin provider – javiplx
- PUP-1510: ensure => absent on user resource with forcelocal => true does not work as expected.
- PUP-1338: yumrepo module is too picky about white space
- PUP-789: Yumrepo should be refactored to use a provider
- PUP-1722: Yumrepo doesn’t permit HTTPS URLs
- PUP-778: PR (2086): Initial refactoring of yumrepo. – apenney
- PUP-1066: yum repos should be ensurable.
- PUP-652: PR (2026): #19422: Deal with invalid arguments to nagios types – yath
- PUP-714: PR (2051): Suppress misleading warn. in openbsd provider – ptomulik
- PUP-1846: PR (2410): File content diffing should respect loglevel – wfarr
- PUP-1473: user resource fails on UTF-8 comment
- PUP-1368: Puppet on Windows segfaulting
- PUP-1494: Windows colors.rb may be subject to Ruby corruption bug with wide strings
- PUP-1681: Windows stat doesn’t expose the correct mode
- PUP-1275: Windows agent only runs when –onetime is specified
- PUP-1278: PR: Windows Puppet Agent Service gracefully terminates after succesfully being put into a Paused state
- PUP-1284: win32-security gem doesn’t handle ‘Authenticated Users’ correctly
- PUP-797: PR (2094): (#23219) – Fix support of extra arguments in windows service – luisfdez
Standards compliance improvements:
- PUP-1407: puppet CA generates CRL that does not conform to RFC5280
- PUP-1409: add an authorityKeyIdentifier extension to node certificates
- PUP-1120: Change default private key permissions to permit group read
- PUP-1451: PR (2257) Make public SSL files publicly readable
- PUP-1262: PR (2196): (maint) cron: Make the munge method for the command property more readable – ffrank
- PUP-1064: Puppet master fails with ‘stack level too deep’ error when storeconfigs = true with rails stack 3.1.0
- PUP-1136: When applying the settings catalog, a failed transaction may not properly surface information about the event that caused it to fail
- PUP-1150: Race condition in Puppet::Util::Lockfile
- PUP-1246: Hiding error details in fileserver.conf parser when this config is wrong
- PUP-1470: mk_resource_methods getters can’t deal with false
- PUP-1484: msgpack serialization of TagSet broken
- PUP-1578: puppetlabs/reboot: Ruby on windows can get into an infinite loop when exiting
- PUP-1101: Static compiler does not filter exported resources from the catalog
- PUP-721: PR (2056): (#7659)(#20122) Fix comment stack when parsing hashes – hlindberg
- PUP-786: PR (2090): (#21869) Fix recursion in cert expiration check – Sharpie
- PUP-804: PR (2097): (maint) Handle empty or malformed JSON lockfiles – adrienthebo
- PUP-906: PR (2118): (#22330) add btrfs to SELinux filesystem whitelist – qralston
- PUP-1243: PR (2184): (maint) Fix can’t modify frozen Symbol error on Ruby 2.1.0 – jeffmccune
- PUP-1282: puppet gem does not include platform specific gem dependencies
- PUP-1350: PR (2215): Don’t replace original stacktrace when error happens parsing inline template – carlossg
- PUP-1502: PR (2293): (maint) Puppet fails to properly surface backtraces – Iristyle
- PUP-1420: PR (2248): move StateMachine out of the global scope – crankharder
- PUP-1707: Faces help sometimes blows up when descriptions are absent
- PUP-1387: CA generates subjectKeyIdentifier from issuer cert instead of cert itself
- PUP-1568: Error reporting within augeas provider fails
- PUP-1839: Puppet device results in SSL stack too deep error
- PUP-1885: File type ignore can’t convert Fixnum into String (This one was a regression from 3.3.0.)
- PUP-1404: PR (2234): ensure Puppet::Util::Execution.execpipe always run the command with LANG… – doc75
Bugs introduced in 3.5 and fixed during the release candidate period:
Fixed in RC3:
- PUP-2039: rpm provider broken for architecture specifications in 3.5.0-RC2 due to whatprovides functionality change
Fixed in RC2:
- PUP-1944: Error when manifest is a directory but not the same as manifestdir
- PUP-2009: Dynamic environments not working with manifestdir setting
- PUP-1962: Relationships with Classes in future parser broken
- PUP-1973: future parser doesn’t bind variables from inherited scope
- PUP-1978: future parser doesn’t accept empty array as title
- PUP-1979: future parser Class reference with leading :: doesn’t work
- PUP-2017: TupleType applies size constraint to last element only
All Resolved Issues for 3.5.0
Our ticket tracker has the list of all issues resolved in Puppet 3.5.0.