puppet 3.5.0 Release Notes

Puppet,是基于Ruby的一个工具,可以集中管理每一个重要方面,使用的是跨平台的规范语言,管理所有单独的元素,通常聚集在不同的文件,如用户, CRON作业,和主机一起的离散元素,如包装,服务和文件。


集中式系统管理工具Puppet发布3.5.0,新的产品系列。经过3个RC.向下完全兼容3其他版本。2014-04-03 上个版本是2013-02-19的3.4.3其他产品线3.2.4 3.1.1 3.0.2 2.7.25。


Puppet 3.5 Release Notes

How to Upgrade
Puppet 3.5.0
Directory Environments
Auto-Import (Use a Directory as Main Manifest)
Scriptable Configuration (puppet config set)
Global $facts Hash
Structured Facts (Early Version)
Future Parser is Faster and Better
Platform Support Updates
Smaller New Features
Deprecations and Removals
Performance Improvements
Bug Fixes and Clean-Ups
All Resolved Issues for 3.5.0
This page tells the history of the Puppet 3.5 series. (Elsewhere: release notes for Puppet 3.0 – 3.4)

Puppet’s version numbers use the format X.Y.Z, where:

X must increase for major backwards-incompatible changes
Y may increase for backwards-compatible new functionality
Z may increase for bug fixes
How to Upgrade

If you’re upgrading from a 3.x version of Puppet, you can usually just go for it. Upgrade your puppet master servers before upgrading the agents they serve. (But do look at the table of contents above and see if there are any “Upgrade Warning” notes for the new version.)

If you’re upgrading from Puppet 2.x, please learn about major upgrades of Puppet first! We have important advice about upgrade plans and package management practices. The short version is: test first, roll out in stages, give yourself plenty of time to work with. Also, read the release notes for Puppet 3 for a list of all the breaking changes made between the 2.x and 3.x series.

Puppet 3.5.0

Released April 3, 2014. (RC1: March 14. RC2: March 24. RC3: March 31.)

3.5.0 is a backward-compatible features and fixes release in the Puppet 3 series. The biggest things in this release are:

A new way to set up environments, which replaces the popular “dynamic environments” pattern
A cleaner replacement for the classicimport nodes/*.pppattern
Scriptable configuration with a newpuppet config setcommand
A new global$factshash
Early support for hashes and arrays in fact values
Improvements to the future parser
Support for RHEL 7, Ruby 2.1, and Facter 2.0
…along with many smaller improvements and bug fixes.

Directory Environments

Lots of people have been using dynamic environments based on VCS checkouts to test and roll out their Puppet code, as described in this classic blog post. That pattern is great, but it’s complicated to set up and it pretty much works by accident, so we wanted a better way to support it.

Now we have one! The new feature is called directory environments, to distinguish them from the older environments that had to be set in the config file.

The short version is:

Create a$confdir/environmentsdirectory on your puppet master.
Each new environment is a subdirectory of that directory. The name of the directory will become the name of the environment.
Each environment dir contains amodulesdirectory and amanifestsdirectory.
Themodulesdirectory will become the first directory in the modulepath (with the newbasemodulepathsetting providing a global list of other directories to use).
Themanifestsdirectory will be used as themanifestsetting (see “Auto-Import” below).
No other configuration is needed. Puppet will automatically discover new environments.
The upshot is that you can do agit cloneorgit-new-workdirin yourenvironmentsdirectory, and nodes can immediately start requesting catalogs in that environment.

This feature isn’t quite finished yet: it’s missing the ability to do complex edits to themodulepathor set theconfig_versionsetting per-environment, which didn’t make the release deadline. However, it should already be good enough for most users.

For full details, see:

The reference page about directory environments
The reference page about the modulepath
Related issues:

PUP-1574: Using new directory environments with puppet apply prevents evaluation of the manifest requested on the commandline.
PUP-1584: Puppet module tool should work with new directory environments
PUP-536: Create endpoint for enumerating environments
PUP-1551: Change from “environmentdir” to “environmentpath”
PUP-1118: Support an $environmentsdir setting
PUP-1151: List information for known environments via REST
PUP-1676: Puppet config print respects legacy but not directory environments
PUP-1678: Environment Endpoint should show configuration and not all modules
PUP-1735: Puppet::Node::Environment.current should reroute with deprecation warning
Auto-Import (Use a Directory as Main Manifest)

You can now set themanifestsetting to a directory instead of a single file. (E.g.manifest = $confdir/manifests) If you do, the puppet master will parse every.ppfile in that directory in alphabetical order (without descending into subdirectories) and use the whole set as the site manifest. Similarly, you can give puppet apply a directory as its argument, and it’ll do the same thing.

We did this because:

importis horrible…
…but theimport nodes/*.pppattern is good.
Lots of people like to use node definitions and keep every node in a separate file. In Puppet 3.4 and earlier, this meant putting animportstatement in puppet.conf and storing the node files in another directory. Now, you can just put all your nodes in the main manifest dir and point themanifestsetting at it.

And since this was the last real reason to useimport, we can deprecate it now! (See “Deprecations and Removals” below.)

See the page about the manifest directory for more details.

Related issues:

PUP-865: Provide a manifest directory where all manifests are automatically parsed.
Scriptable Configuration (puppet config set)

You can now change Puppet’s settings without parsing the config file, using thepuppet config setcommand. This is mostly useful for configuring Puppet as part of your provisioning process, but can be convenient for one-off changes as well. For details, see the page about changing settings on the command line.

Related issues:

PUP-663: Set an entry in puppet.conf
PUP-665: Select a section

You have to manually enable this (along with the$trustedhash) by settingtrusted_node_data = truein puppet.conf on your puppet master(s). It’ll be on by default in Puppet 4.

In addition to using$fact_name, you can now use$facts[fact_name]to get a fact value. The$factshash is protected and can’t be overridden locally, so you won’t need the$::idiom when using this.

Our hope is that this will visibly distinguish facts from normal variables, make Puppet code more readable, and eventually clean up the global variable namespace. (That’ll take a while, though — we probably won’t be able to disable$fact_nameuntil, like, Puppet 5.)

Related issues:

PUP-542: Provide access to all facts in a single structure
Structured Facts (Early Version)

You have to manually enable this by settingstringify_facts = falsein puppet.conf on your puppet master(s). It’ll be enabled by default in Puppet 4.

In Facter 2.0 and later, fact values can be any data type, including hashes, arrays, and booleans. (This is a change from Facter 1.7, where facts could only be strings.) If you enable structured facts in Puppet, you can do more cool stuff in your manifests and templates with any facts that use this new feature.

These are the early days of structured facts support — they work in Puppet and Facter now, but none of the built-in facts use data structures yet, and external systems like PuppetDB haven’t yet been updated to take advantage of them. (Any structured facts will still get smooshed into strings when they’re sent to PuppetDB.) But if you have a use for hashes or arrays in your custom facts, turn this on and give it a try.

Future Parser is Faster and Better

We think the future parser is fast enough to use in a large environment now — we haven’t done extensive benchmarking with real-life manifests, but the testing we’ve done suggests it’s about on par with the default parser. So if you’ve been waiting to try it out, give it a spin and let us know how it goes.

It also has some new tricks in this release:

HEREDOCs are now allowed! This is a much more convenient way to handle large strings. See here for details.
A new template language was added, based on the Puppet language instead of on Ruby. See here for details.
There’s a new “future” evaluator that goes along with the future parser.
Related issues:

PUP-490: Remove partially implemented support for ‘import’
PUP-527: Validate collect expressions (future parser)
PUP-798: New Evaluator does not cache parse results
PUP-800: Complete implementation of Location handling
PUP-939: add support for enumerable type(s) in all iterative functions
PUP-954: Correct Type System Flaws
PUP-992: Relationship expression artificially denies arrays as operands
PUP-994: Future evaluator should unique relationship operands
PUP-1029: filter function should accept two parameters
PUP-1176: Add feature switch for evaluator
PUP-1212: runtime errors in future evaluator has uninformative backtrace
PUP-1234: each function broken after upgrading to 3.4
PUP-1247: Enabling –parser future causes classes to be not found and other errors
PUP-1579: Rename Literal Type to Scalar
PUP-486: Add subtype of String
PUP-491: Implement a 4x validator
PUP-502: Implement evaluation of ‘definitions’
PUP-792: Merge Feature Branch New Evaluator
PUP-1619: Add Tuple and Struct types to the type system
PUP-644: PR (2020): (#21873) Makename[x]different fromname [x]- hlindberg
PUP-910: 3x functions do not know how to handle new data types
PUP-979: future parser fails to recognize hash as parameter in un-parenthesized calls
PUP-1220: dynamic variable lookup works in templates
PUP-1576: New Parser does not handle hyphenated barewords
PUP-1814: Double backslashes in single quote strings should be interpreted as single
PUP-1897: EPP ignores code after parameter declaration
PUP-1898: EPP - Error when trying to report argument error in inline_epp
PUP-28: Add heredoc support in future parser
PUP-30: Support Puppet Templates
PUP-473: Add support for \u for unicode chars in strings
PUP-479: Handle types other than string as hash key
PUP-482: Handle Comparisons / Equality a consistent way
PUP-483: Handle Match in useful and consistent way
PUP-487: Decide on ‘in’ operator vs. ‘==’
PUP-489: Handle += / -= with consistent semantics
PUP-525: Support Regular Expression as data type (an issue of encoding)
PUP-1895: EPP - Define parameters with<% |$x| %>instead of<% ($x) %>
Platform Support Updates

Newly supported:

Puppet now supports RHEL 7, with packages and acceptance testing. This mostly involved cleaning up resource providers to handle things like systemd more cleanly.
We’re running acceptance tests on Fedora 19 and 20, now, too.
Facter 2.0.1 works with Puppet 3.5, including its new structured facts support (see above).
We have early support for Ruby 2.1. We’re running spec tests on it, so we think it works fine! But since none of our testing platforms ship with it, we aren’t running acceptance tests on it, which means there might be problems we don’t know about yet.
Newly abandoned:

Support for Fedora 18 is done, since it EOL-ed in January; no more acceptance tests or packages.
Facter 1.6 is no longer supported with Puppet 3.5.
Related issues:

PUP-576: Add a fedora19 host to the platforms we are testing in ci.
PUP-876: upstart service operating system confine should include redhat and centos
PUP-923: Add Fedora 20 to acceptance
PUP-1694: Provide packages for Rhel7
PUP-1825: Allow use of Facter 2
PUP-1463: Ensure services that were previously enabled get enabled after systemd service unit name change
PUP-1491: (packaging)Remove Fedora 18 from default mocks
PUP-1821: Bump facter dependency to 1.7 or greater
PUP-1732: ‘puppet resource service’ with systemd provider shows lots of non-services
PUP-1766: Make systemd the default provider for RHEL7
Smaller New Features

In addition to the big-ticket improvements above, we added a lot of smaller features.

Misc features:

You can now put external facts in modules, and they will be synced to all agent nodes. This requires Facter 2.0.1 or later. To use this feature, put your external facts in afacts.ddirectory, which should exist at the top level of the module.
Certificate extensions will now appear in the$trustedhash.
There’s a newstrict_variablessetting; if set to true, it will throw parse errors when accessing undeclared variables. Right now, this will wreak havoc; eventually, it will make Puppet code easier to debug.
Related to the last: Thedefinedfunction can now test whether a variable is defined. Note that you have to single-quote the variable name, like this:defined(‘$my_var’)— otherwise, the function will receive the value of the variable instead of its name. Anyway, going forward, this will be a more accurate way to distinguish betweenfalse,undef, and uninitialized variables, especially if you’re usingstrict_variables = true.
Thehttpreport processor can use basic auth now when forwarding reports.
Puppet apply now has a–testoption that acts much like puppet agent’s–test.
On Windows, the puppet agent service will now log activity using the Windows Event Log instead of a logfile.
Environment and transaction UUID information is now included when submitting facts to PuppetDB. (This will be used in a future version of PuppetDB.)
Type and provider features:

Thessh_authorized_keytype can use ssh-ed25519 keys now.
Whenserviceresources fail to start or restart, they’ll log the exit code, stdin, and stderr text as Puppet errors to help with debugging.
Therpmpackage provider now accepts virtual packages.
Therpmpackage provider now supportsuninstall_options.
Thepackagetype has a newpackage_settingsattribute. This is a property that can be implemented differently per-provider; currently nothing uses it, but there are plans to make the FreeBSD provider use it for port options.
Theusertype now validates theshellattribute, to make sure it actually exists and is executable.
You can now use msgpack as the on-disk cache format for some of Puppet’s generated data types.
Thefiletype has a newvalidate_cmdattribute that can help protect against accidentally writing broken config files.
Theresourcestype has a newunless_uidattribute that acts like an improved version of theunless_system_userattribute — it lets you protect multiple UIDs and ranges of UIDs from deletion when purginguserresources.
You can now purge unmanagedcronresources with theresourcestype.
Features for extension writers:

The Puppet::Util::Profiler#profile API is now public, and can be used by extensions like indirector termini and report handlers.
There’s a new v2.0 HTTP API, which doesn’t have to abide by the (sometimes inconsistent and weird) semantics of the main API. Right now, the only v2.0 endpoint is for getting information about environments via the API. See the developer documentation for details.
Related issues:

PUP-1975: Environment & transaction_uuid is not passed to facts indirector during compilation
PUP-1068: Puppet master can’t submit reports to an HTTP server using basic auth
PUP-1218: Improve ssh-ed25519 integration
PUP-1219: PR (2182): Improve ssh-ed25519 integration - jasperla
PUP-950: PR (2132): (#23376) Add support for ssh-ed25519 keys to ssh_authorized_key type - jasperla
PUP-1318: Provide a logoutput for service like exec
PUP-897: package type should accept virtual package for rpm
PUP-1369: Package options property for package
PUP-1448: User’s type ‘shell’ parameter should be validated
PUP-1327: PR (2060) owner of files created by nagios resource types
PUP-1589: PR (2328): Msgpack terminii - dalen
PUP-1670: PR (2347): A way to validate file content syntax before replacing files
PUP-1447: Allow specified UIDs to be excluded from purge
PUP-1490: Support –test option for puppet apply
PUP-1564: PR (2319) package rpm provider should support :uninstall_options feature
PUP-649: PR (2024): (#3220) crontab: allow purging unmanaged resources - ffrank
PUP-1772: Proposal to make Puppet::Util::Profiler#profile api public
PUP-672: Informational certificate extensions should be exposed inside the Puppet DSL
PUP-1048: PR (2161): (#21641) Windows puppet service should log to the eventlog - glennsarti
PUP-1505: Puppet should use new Facter.search_external for external facts pluginsync
PUP-1432: Implement v2.0 API error responses
PUP-1549: V2.0 API shows the message body in the Reason-Phrase
PUP-1166: Add better error message for strict variables (current parser)
PUP-1372: with strict variable lookup option there is no way to check if var is defined
Deprecations and Removals

As we start to get ready for Puppet 4, we’re deprecating some features we’re hoping to remove or replace. (Be ready for more of these in Puppet 3.6, too.) Using deprecated features will cause warnings to be logged on the puppet master; these features will be removed in Puppet 4.

Deprecations in the Puppet language:

Theimportkeyword is deprecated. Instead of importing, you should set yourmanifestsetting to a directory of .pp files.
Modifying arrays and hashes in Puppet code or templates is deprecated. (This actually should never have been possible, but we can’t kill it in a minor version because it might break something.)
Deprecations in the type and provider API:

Using the:parentoption when creating a type is deprecated. This actually hasn’t worked for a long while, but now it will warn you that it won’t do anything.

The experimental bindings-based Hiera2/data-in-modules code has been removed. We’re back to the drawing board on this.
Related issues:

PUP-899: Deprecate parent parameter for type
PUP-864: Deprecate Data Structure Mutation
PUP-866: Deprecate “import”
PUP-546: Remove Hiera2 and bindings-based data in modules code
Performance Improvements

3.5 is faster! We found a situation where defined types were a lot slower than they needed to be, some slow cases inpuppet cert listand the module tool, and a few other performance wins.

Related issues:

PUP-716: Puppet::FileSystem::File creates many short-lived objects
PUP-751: Performance regression due to excessive file watching
PUP-753: Create a reasonable “benchmark” manifest
PUP-1059: PR (2162): (#16570) Don’t load the node object again in configurer - dalen
PUP-1592: Puppet excessively stats the filesystem when looking for defined types
PUP-1563: PR (2322) Module tool rechecks for conflicts for each installed module
PUP-1665: PR - Puppet cert list behavior is suboptimal
PUP-1058: puppet apply loading facts twice
Bug Fixes and Clean-Ups

We fixed a bunch of bugs in types and providers (including a big cleanup of the yumrepo type), improved standards-compliance in our use of certificates, fixed a bunch of Windows-specific problems, cleaned up some inconsistencies, and fixed some bugs that don’t fit in any particular bucket.

Type and provider bugs:

PUP-1210: authentication_authority key is not set when managing root’s password using the puppet user provider (An OS X bug, most visible when managing the root user.)
PUP-1051: gem package provider is confused by platform components in version strings
PUP-1158: Augeas provider warns on parse errors in other files handled by same lens
PUP-1421: appdmg prematurely filters for sources ending in .dmg
PUP-1450: [Windows] Copying file resources from non-NTFS volumes causes Invalid DACL errors
PUP-1559: Windows - Specifying well-known SIDs as a group / user in manifests causes errors
PUP-730: PR (2140): (#23141) Add OpenBSD to the exclusion list for ‘remounts’ in mount type - jasperla
PUP-1192: PR (2176): (maint) Windows file provider :links => :follow - Iristyle
PUP-1561: puppet resource cron does not list crontab entries
PUP-713: PR (2050): (#4820) cron type should not allow specification of special parameter and normal hour/minute/day/etc parameters. - ffrank
PUP-1085: Pacman provider constantly reinstalls package groups on arch linux
PUP-648: PR (2023): Add upgradeable and versionable features to pkgin provider - javiplx
PUP-1510: ensure => absent on user resource with forcelocal => true does not work as expected.
PUP-1338: yumrepo module is too picky about white space
PUP-789: Yumrepo should be refactored to use a provider
PUP-1722: Yumrepo doesn’t permit HTTPS URLs
PUP-778: PR (2086): Initial refactoring of yumrepo. - apenney
PUP-1066: yum repos should be ensurable.
PUP-652: PR (2026): #19422: Deal with invalid arguments to nagios types - yath
PUP-714: PR (2051): Suppress misleading warn. in openbsd provider - ptomulik
PUP-1846: PR (2410): File content diffing should respect loglevel - wfarr
PUP-1473: user resource fails on UTF-8 comment
Windows-related bugs:

PUP-1368: Puppet on Windows segfaulting
PUP-1494: Windows colors.rb may be subject to Ruby corruption bug with wide strings
PUP-1681: Windows stat doesn’t expose the correct mode
PUP-1275: Windows agent only runs when –onetime is specified
PUP-1278: PR: Windows Puppet Agent Service gracefully terminates after succesfully being put into a Paused state
PUP-1284: win32-security gem doesn’t handle ‘Authenticated Users’ correctly
PUP-797: PR (2094): (#23219) - Fix support of extra arguments in windows service - luisfdez
Standards compliance improvements:

PUP-1407: puppet CA generates CRL that does not conform to RFC5280
PUP-1409: add an authorityKeyIdentifier extension to node certificates

PUP-1120: Change default private key permissions to permit group read
PUP-1451: PR (2257) Make public SSL files publicly readable
PUP-1262: PR (2196): (maint) cron: Make the munge method for the command property more readable - ffrank
General bugs:

PUP-1064: Puppet master fails with ‘stack level too deep’ error when storeconfigs = true with rails stack 3.1.0
PUP-1136: When applying the settings catalog, a failed transaction may not properly surface information about the event that caused it to fail
PUP-1150: Race condition in Puppet::Util::Lockfile
PUP-1246: Hiding error details in fileserver.conf parser when this config is wrong
PUP-1470: mk_resource_methods getters can’t deal with false
PUP-1484: msgpack serialization of TagSet broken
PUP-1578: puppetlabs/reboot: Ruby on windows can get into an infinite loop when exiting
PUP-1101: Static compiler does not filter exported resources from the catalog
PUP-721: PR (2056): (#7659)(#20122) Fix comment stack when parsing hashes - hlindberg
PUP-786: PR (2090): (#21869) Fix recursion in cert expiration check - Sharpie
PUP-804: PR (2097): (maint) Handle empty or malformed JSON lockfiles - adrienthebo
PUP-906: PR (2118): (#22330) add btrfs to SELinux filesystem whitelist - qralston
PUP-1243: PR (2184): (maint) Fix can’t modify frozen Symbol error on Ruby 2.1.0 - jeffmccune
PUP-1282: puppet gem does not include platform specific gem dependencies
PUP-1350: PR (2215): Don’t replace original stacktrace when error happens parsing inline template - carlossg
PUP-1502: PR (2293): (maint) Puppet fails to properly surface backtraces - Iristyle
PUP-1420: PR (2248): move StateMachine out of the global scope - crankharder
PUP-1707: Faces help sometimes blows up when descriptions are absent
PUP-1387: CA generates subjectKeyIdentifier from issuer cert instead of cert itself
PUP-1568: Error reporting within augeas provider fails
PUP-1839: Puppet device results in SSL stack too deep error
PUP-1885: File type ignore can’t convert Fixnum into String (This one was a regression from 3.3.0.)
PUP-1404: PR (2234): ensure Puppet::Util::Execution.execpipe always run the command with LANG… - doc75
Bugs introduced in 3.5 and fixed during the release candidate period:

Fixed in RC3:

PUP-2039: rpm provider broken for architecture specifications in 3.5.0-RC2 due to whatprovides functionality change
Fixed in RC2:

PUP-1944: Error when manifest is a directory but not the same as manifestdir
PUP-2009: Dynamic environments not working with manifestdir setting
PUP-1962: Relationships with Classes in future parser broken
PUP-1973: future parser doesn’t bind variables from inherited scope
PUP-1978: future parser doesn’t accept empty array as title
PUP-1979: future parser Class reference with leading :: doesn’t work
PUP-2017: TupleType applies size constraint to last element only
All Resolved Issues for 3.5.0

Our ticket tracker has the list of all issues resolved in Puppet 3.5.0.