集中式系统管理工具Puppet发布3.5.0，新的产品系列。经过3个RC.向下完全兼容3其他版本。2014-04-03 上个版本是2013-02-19的3.4.3其他产品线3.2.4 3.1.1 3.0.2 2.7.25。
Puppet 3.5 Release Notes
This page tells the history of the Puppet 3.5 series. (Elsewhere: release notes for Puppet 3.0 – 3.4)
Puppet’s version numbers use the format X.Y.Z, where:
X must increase for major backwards-incompatible changes
Y may increase for backwards-compatible new functionality
Z may increase for bug fixes
How to Upgrade
If you’re upgrading from a 3.x version of Puppet, you can usually just go for it. Upgrade your puppet master servers before upgrading the agents they serve. (But do look at the table of contents above and see if there are any “Upgrade Warning” notes for the new version.)
If you’re upgrading from Puppet 2.x, please learn about major upgrades of Puppet first! We have important advice about upgrade plans and package management practices. The short version is: test first, roll out in stages, give yourself plenty of time to work with. Also, read the release notes for Puppet 3 for a list of all the breaking changes made between the 2.x and 3.x series.
Released April 3, 2014. (RC1: March 14. RC2: March 24. RC3: March 31.)
3.5.0 is a backward-compatible features and fixes release in the Puppet 3 series. The biggest things in this release are:
A new way to set up environments, which replaces the popular “dynamic environments” pattern
A cleaner replacement for the classicimport nodes/*.pppattern
Scriptable configuration with a newpuppet config setcommand
A new global$factshash
Early support for hashes and arrays in fact values
Improvements to the future parser
Support for RHEL 7, Ruby 2.1, and Facter 2.0
…along with many smaller improvements and bug fixes.
Lots of people have been using dynamic environments based on VCS checkouts to test and roll out their Puppet code, as described in this classic blog post. That pattern is great, but it’s complicated to set up and it pretty much works by accident, so we wanted a better way to support it.
Now we have one! The new feature is called directory environments, to distinguish them from the older environments that had to be set in the config file.
The short version is:
Create a$confdir/environmentsdirectory on your puppet master.
Each new environment is a subdirectory of that directory. The name of the directory will become the name of the environment.
Each environment dir contains amodulesdirectory and amanifestsdirectory.
Themodulesdirectory will become the first directory in the modulepath (with the newbasemodulepathsetting providing a global list of other directories to use).
Themanifestsdirectory will be used as themanifestsetting (see “Auto-Import” below).
No other configuration is needed. Puppet will automatically discover new environments.
The upshot is that you can do agit cloneorgit-new-workdirin yourenvironmentsdirectory, and nodes can immediately start requesting catalogs in that environment.
This feature isn’t quite finished yet: it’s missing the ability to do complex edits to themodulepathor set theconfig_versionsetting per-environment, which didn’t make the release deadline. However, it should already be good enough for most users.
For full details, see:
Auto-Import (Use a Directory as Main Manifest)
You can now set themanifestsetting to a directory instead of a single file. (E.g.manifest = $confdir/manifests) If you do, the puppet master will parse every.ppfile in that directory in alphabetical order (without descending into subdirectories) and use the whole set as the site manifest. Similarly, you can give puppet apply a directory as its argument, and it’ll do the same thing.
We did this because:
…but theimport nodes/*.pppattern is good.
Lots of people like to use node definitions and keep every node in a separate file. In Puppet 3.4 and earlier, this meant putting animportstatement in puppet.conf and storing the node files in another directory. Now, you can just put all your nodes in the main manifest dir and point themanifestsetting at it.
And since this was the last real reason to useimport, we can deprecate it now! (See “Deprecations and Removals” below.)
Scriptable Configuration (puppet config set)
You can now change Puppet’s settings without parsing the config file, using thepuppet config setcommand. This is mostly useful for configuring Puppet as part of your provisioning process, but can be convenient for one-off changes as well. For details, see the page about changing settings on the command line.
You have to manually enable this (along with the$trustedhash) by settingtrusted_node_data = truein puppet.conf on your puppet master(s). It’ll be on by default in Puppet 4.
In addition to using$fact_name, you can now use$facts[fact_name]to get a fact value. The$factshash is protected and can’t be overridden locally, so you won’t need the$::idiom when using this.
Our hope is that this will visibly distinguish facts from normal variables, make Puppet code more readable, and eventually clean up the global variable namespace. (That’ll take a while, though — we probably won’t be able to disable$fact_nameuntil, like, Puppet 5.)
Structured Facts (Early Version)
You have to manually enable this by settingstringify_facts = falsein puppet.conf on your puppet master(s). It’ll be enabled by default in Puppet 4.
In Facter 2.0 and later, fact values can be any data type, including hashes, arrays, and booleans. (This is a change from Facter 1.7, where facts could only be strings.) If you enable structured facts in Puppet, you can do more cool stuff in your manifests and templates with any facts that use this new feature.
These are the early days of structured facts support — they work in Puppet and Facter now, but none of the built-in facts use data structures yet, and external systems like PuppetDB haven’t yet been updated to take advantage of them. (Any structured facts will still get smooshed into strings when they’re sent to PuppetDB.) But if you have a use for hashes or arrays in your custom facts, turn this on and give it a try.
Future Parser is Faster and Better
We think the future parser is fast enough to use in a large environment now — we haven’t done extensive benchmarking with real-life manifests, but the testing we’ve done suggests it’s about on par with the default parser. So if you’ve been waiting to try it out, give it a spin and let us know how it goes.
It also has some new tricks in this release:
HEREDOCs are now allowed! This is a much more convenient way to handle large strings. See here for details.
A new template language was added, based on the Puppet language instead of on Ruby. See here for details.
There’s a new “future” evaluator that goes along with the future parser.
Platform Support Updates
Puppet now supports RHEL 7, with packages and acceptance testing. This mostly involved cleaning up resource providers to handle things like systemd more cleanly.
We’re running acceptance tests on Fedora 19 and 20, now, too.
Facter 2.0.1 works with Puppet 3.5, including its new structured facts support (see above).
We have early support for Ruby 2.1. We’re running spec tests on it, so we think it works fine! But since none of our testing platforms ship with it, we aren’t running acceptance tests on it, which means there might be problems we don’t know about yet.
Support for Fedora 18 is done, since it EOL-ed in January; no more acceptance tests or packages.
Facter 1.6 is no longer supported with Puppet 3.5.
Smaller New Features
In addition to the big-ticket improvements above, we added a lot of smaller features.
You can now put external facts in modules, and they will be synced to all agent nodes. This requires Facter 2.0.1 or later. To use this feature, put your external facts in afacts.ddirectory, which should exist at the top level of the module.
Certificate extensions will now appear in the$trustedhash.
There’s a newstrict_variablessetting; if set to true, it will throw parse errors when accessing undeclared variables. Right now, this will wreak havoc; eventually, it will make Puppet code easier to debug.
Related to the last: Thedefinedfunction can now test whether a variable is defined. Note that you have to single-quote the variable name, like this:defined('$my_var')— otherwise, the function will receive the value of the variable instead of its name. Anyway, going forward, this will be a more accurate way to distinguish betweenfalse,undef, and uninitialized variables, especially if you’re usingstrict_variables = true.
Thehttpreport processor can use basic auth now when forwarding reports.
Puppet apply now has a--testoption that acts much like puppet agent’s--test.
On Windows, the puppet agent service will now log activity using the Windows Event Log instead of a logfile.
Environment and transaction UUID information is now included when submitting facts to PuppetDB. (This will be used in a future version of PuppetDB.)
Type and provider features:
Thessh_authorized_keytype can use ssh-ed25519 keys now.
Whenserviceresources fail to start or restart, they’ll log the exit code, stdin, and stderr text as Puppet errors to help with debugging.
Therpmpackage provider now accepts virtual packages.
Therpmpackage provider now supportsuninstall_options.
Thepackagetype has a newpackage_settingsattribute. This is a property that can be implemented differently per-provider; currently nothing uses it, but there are plans to make the FreeBSD provider use it for port options.
Theusertype now validates theshellattribute, to make sure it actually exists and is executable.
You can now use msgpack as the on-disk cache format for some of Puppet’s generated data types.
Thefiletype has a newvalidate_cmdattribute that can help protect against accidentally writing broken config files.
Theresourcestype has a newunless_uidattribute that acts like an improved version of theunless_system_userattribute — it lets you protect multiple UIDs and ranges of UIDs from deletion when purginguserresources.
You can now purge unmanagedcronresources with theresourcestype.
Features for extension writers:
The Puppet::Util::Profiler#profile API is now public, and can be used by extensions like indirector termini and report handlers.
There’s a new v2.0 HTTP API, which doesn’t have to abide by the (sometimes inconsistent and weird) semantics of the main API. Right now, the only v2.0 endpoint is for getting information about environments via the API. See the developer documentation for details.
Deprecations and Removals
As we start to get ready for Puppet 4, we’re deprecating some features we’re hoping to remove or replace. (Be ready for more of these in Puppet 3.6, too.) Using deprecated features will cause warnings to be logged on the puppet master; these features will be removed in Puppet 4.
Deprecations in the Puppet language:
Theimportkeyword is deprecated. Instead of importing, you should set yourmanifestsetting to a directory of .pp files.
Modifying arrays and hashes in Puppet code or templates is deprecated. (This actually should never have been possible, but we can’t kill it in a minor version because it might break something.)
Deprecations in the type and provider API:
Using the:parentoption when creating a type is deprecated. This actually hasn’t worked for a long while, but now it will warn you that it won’t do anything.
The experimental bindings-based Hiera2/data-in-modules code has been removed. We’re back to the drawing board on this.
3.5 is faster! We found a situation where defined types were a lot slower than they needed to be, some slow cases inpuppet cert listand the module tool, and a few other performance wins.
Bug Fixes and Clean-Ups
We fixed a bunch of bugs in types and providers (including a big cleanup of the yumrepo type), improved standards-compliance in our use of certificates, fixed a bunch of Windows-specific problems, cleaned up some inconsistencies, and fixed some bugs that don’t fit in any particular bucket.
Type and provider bugs:
PUP-1210: authentication_authority key is not set when managing root’s password using the puppet user provider (An OS X bug, most visible when managing the root user.)
Standards compliance improvements:
PUP-1885: File type ignore can’t convert Fixnum into String (This one was a regression from 3.3.0.)
Bugs introduced in 3.5 and fixed during the release candidate period:
Fixed in RC3:
Fixed in RC2:
All Resolved Issues for 3.5.0
Our ticket tracker has the list of all issues resolved in Puppet 3.5.0.