New features, enhancements, and deprecations

This page describes new features, enhancements, and deprecations in this Puppet Enterprise (PE) release.

For more information about this release, see:

New features in PE 2016.2

Puppet orchestrator API

The Puppet orchestrator API is now available. It consists of endpoints that allow you to start and stop jobs and analyze events that occur during those jobs.

Improved installation and upgrading

We’ve made significant improvements to the installation and upgrade process, particularly for text-mode installations and upgrades. This release also introduces the pe.conf file, which, in future releases, will be used to manage and maintain classification of your PE infrastructure components from one release to the next.

With these changes, answer.txt files can no longer be used for installing and upgrading.

Enhancements in PE 2016.2

Platform enhancements

  • The default location for hiera.yaml has moved to /etc/puppetlabs/puppet/hiera.yaml (from /etc/puppetlabs/code/hiera.yaml).

    On upgrades, the existing hiera.yaml file is automatically moved to the new location, unless you have modified the file. If you have modified the hiera.yaml file, move it to the new location. Do not leave a copy of hiera.yaml in the code directory. Future upgrades fail if hiera.yaml is detected in the old location.

  • PE’s PostgreSQL implementation now relies on the agent certificate for authentication. Previously, it used password authentication.

  • Ubuntu 16.04 (Xenial Xerus) added as a supported OS for both agent and Puppet master roles.

  • When creating new modules, the puppet module generate command writes an examples directory instead of the deprecated tests directory.

Console enhancements

In addition to a refreshed appearance, this version adds these enhancements to the PE console:

  • The Overview page’s redesigned leaderboard shows more granular node status information after each Puppet run. The leaderboard lets you filter and view nodes by run status, including nodes run in enforcement mode, nodes with no-op resources, and nodes for which a cached catalog was used due to failure of the intended catalog.

  • An improved timeframe selector on the Events page lets you view events from the last run only, or from the past five minutes, 30 minutes, 60 minutes, or 24 hours.

  • Fact filters on the Overview and Reports pages now use operator characters (~) rather than words (“matches regex”).

  • The node graph now allows filtering of resources by run status.

  • When filtering resources by tag in the node graph, filter results are displayed in the details pane as a clickable list.

  • Two new Nodes role permissions provide control over which users can view and edit node data from PuppetDB. You can access the new nodes:view_data and nodes:edit_data role permissions through the RBAC API.

Node Management enhancements

This version includes these enhancements to Node Management:

  • You can now use structured and trusted facts in the console to create node group rules. Previously, structured and trusted facts were available only through the classifier API. See Adding nodes dynamically for details.

  • The group-children endpoint retrieves a specified group and its descendents, so you can view hierarchy within a specific node group with a single query.

  • The unpin-from-all commands endpoint is no longer a tech preview feature. The endpoint is fully supported.

Code Manager enhancements

  • This release adds a Code Deployers role in role-based access control (RBAC). This role’s default permissions are limited to deploying code and managing token lifetime.

    If you are already using Code Manager with a deployment role that you created, you do not need to change to the new Code Deployers role.

  • Code Manager and r10k now support Git access through proxy servers. This allows you to configure proxies for specific Git sources and modules accessed via HTTP or to set a global proxy configuration.

    HTTP Basic and Digest authentication are supported. Note that this is for authentication to the proxy server itself, not for the service being contacted. See Code Manager or r10k documentation for proxy setting information.

  • This release includes a [Code Manager troubleshooting guide][./code_mgr_troubleshoot], with solutions for some common issues and an advanced troubleshooting walk-through.

  • When Code Manager and file sync are enabled, ownership of all files in the code directory is changed to pe-puppet. This eliminates the need for manually changing the ownership and ensures that when enabled, Code Manager and file sync can make changes as needed.

  • The puppet-code command uses the PE CA certificate path /etc/puppetlabs/puppet/ssl/certs/ca.pem by default. Previously, this command defaulted to /etc/puppetlabs/client-tools/ssl/certs/ca.pem.

PE client tools enhancements

  • On installing the PE client tools package, a new global configuration file for puppet-access is created at ~/.puppetlabs/client-tools/puppet-access.conf on PE-managed machines. This file removes the need to correctly specify a --service-url setting before using puppet-access to generate authentication tokens.

Razor enhancements

  • Custom Razor configurations are moved from the config.yaml file to class parameters within the pe_razor module. Anything you specified in config.yaml you must now specify in class parameters. This change enables easier upgrades in the future. However, you must manually migrate your custom Razor configurations from config.yaml to class parameters when you upgrade to PE 2016.2.

    Important: The protect_new_nodes parameter is the most critical migrated setting. To prevent accidentally overwriting machines during upgrade, the default for protect_new_nodes was changed to true in PE 2016.2 and later. If your environment and workflows rely on provisioning all new nodes, you must manually change protect_new_nodes to false after upgrading. See Provisioning a node for recommended provisioning workflows, including managing the protect_new_nodes setting.

  • The razor config command and config endpoint display details about your Razor configuration, including most of the class parameters of the pe_razor module.

  • The enable_smb_share class parameter of the pe_razor module configures SMB share. If you enable this parameter (true), Razor installs Samba and maps to the default repository storage location, providing a simplified workflow for installing Windows nodes. If you change enable_smb_share from true to false, the share remains enabled but isn’t managed by Puppet.

↑ Back to top