New features, enhancements, and deprecations
This page describes new features, enhancements, and deprecations in this Puppet Enterprise (PE) release.
For more information about this release, see:
New features in PE 2016.2
Puppet orchestrator API
The Puppet orchestrator API is now available. It consists of endpoints that allow you to start and stop jobs and analyze events that occur during those jobs.
Improved installation and upgrading
We’ve made significant improvements to the installation and upgrade process, particularly for text-mode installations and upgrades. This release also introduces the
pe.conf file, which, in future releases, will be used to manage and maintain classification of your PE infrastructure components from one release to the next.
With these changes, answer.txt files can no longer be used for installing and upgrading.
Enhancements in PE 2016.2
The default location for
hiera.yamlhas moved to
On upgrades, the existing
hiera.yamlfile is automatically moved to the new location, unless you have modified the file. If you have modified the
hiera.yamlfile, move it to the new location. Do not leave a copy of
hiera.yamlin the code directory. Future upgrades fail if
hiera.yamlis detected in the old location.
PE’s PostgreSQL implementation now relies on the agent certificate for authentication. Previously, it used password authentication.
Ubuntu 16.04 (Xenial Xerus) added as a supported OS for both agent and Puppet master roles.
When creating new modules, the
puppet module generatecommand writes an
examplesdirectory instead of the deprecated
In addition to a refreshed appearance, this version adds these enhancements to the PE console:
The Overview page’s redesigned leaderboard shows more granular node status information after each Puppet run. The leaderboard lets you filter and view nodes by run status, including nodes run in enforcement mode, nodes with no-op resources, and nodes for which a cached catalog was used due to failure of the intended catalog.
An improved timeframe selector on the Events page lets you view events from the last run only, or from the past five minutes, 30 minutes, 60 minutes, or 24 hours.
Fact filters on the Overview and Reports pages now use operator characters (~) rather than words (“matches regex”).
The node graph now allows filtering of resources by run status.
When filtering resources by tag in the node graph, filter results are displayed in the details pane as a clickable list.
Two new Nodes role permissions provide control over which users can view and edit node data from PuppetDB. You can access the new
nodes:edit_datarole permissions through the RBAC API.
Node Management enhancements
This version includes these enhancements to Node Management:
You can now use structured and trusted facts in the console to create node group rules. Previously, structured and trusted facts were available only through the classifier API. See Adding nodes dynamically for details.
group-childrenendpoint retrieves a specified group and its descendents, so you can view hierarchy within a specific node group with a single query.
unpin-from-allcommands endpoint is no longer a tech preview feature. The endpoint is fully supported.
Code Manager enhancements
This release adds a Code Deployers role in role-based access control (RBAC). This role’s default permissions are limited to deploying code and managing token lifetime.
If you are already using Code Manager with a deployment role that you created, you do not need to change to the new Code Deployers role.
Code Manager and r10k now support Git access through proxy servers. This allows you to configure proxies for specific Git sources and modules accessed via HTTP or to set a global proxy configuration.
HTTP Basic and Digest authentication are supported. Note that this is for authentication to the proxy server itself, not for the service being contacted. See Code Manager or r10k documentation for proxy setting information.
This release includes a [Code Manager troubleshooting guide][./code_mgr_troubleshoot], with solutions for some common issues and an advanced troubleshooting walk-through.
When Code Manager and file sync are enabled, ownership of all files in the code directory is changed to pe-puppet. This eliminates the need for manually changing the ownership and ensures that when enabled, Code Manager and file sync can make changes as needed.
puppet-codecommand uses the PE CA certificate path
/etc/puppetlabs/puppet/ssl/certs/ca.pemby default. Previously, this command defaulted to
PE client tools enhancements
- On installing the PE client tools package, a new global configuration file for
puppet-accessis created at
~/.puppetlabs/client-tools/puppet-access.confon PE-managed machines. This file removes the need to correctly specify a
--service-urlsetting before using
puppet-accessto generate authentication tokens.
Custom Razor configurations are moved from the
config.yamlfile to class parameters within the
pe_razormodule. Anything you specified in
config.yamlyou must now specify in class parameters. This change enables easier upgrades in the future. However, you must manually migrate your custom Razor configurations from
config.yamlto class parameters when you upgrade to PE 2016.2.
protect_new_nodesparameter is the most critical migrated setting. To prevent accidentally overwriting machines during upgrade, the default for
protect_new_nodeswas changed to
truein PE 2016.2 and later. If your environment and workflows rely on provisioning all new nodes, you must manually change
falseafter upgrading. See Provisioning a node for recommended provisioning workflows, including managing the
enable_smb_shareclass parameter of the
pe_razormodule configures SMB share. If you enable this parameter (
true), Razor installs Samba and maps to the default repository storage location, providing a simplified workflow for installing Windows nodes. If you change
false, the share remains enabled but isn’t managed by Puppet.