Get Puppet Enterprise First 10 nodes are free!
Try it now
Request a demo
Automate IT and infrastructure, manage complex workflows, and mitigate risk at scale.
Try the full-featured Puppet Enterprise for free on 10 nodes.
Puppet Comply Find and prevent compliance failures
Compliance Enforcement Modules Remediate to stay in compliance
Continuous Delivery for Puppet Enterprise Build, test, and deploy infrastructure as code faster and easier
Content & Modules Pre-built scripts to automate common tasks
CentOS EOL Here’s how to secure your CentOS infrastructure – even after EOL.
Find thousands of component modules built by the community and guidance on using them in your own infrastructure.
Visit Puppet Forge >>
Open Source PuppetPerfect for individuals and small infrastructure
BoltAutomate tasks in orchestration workflows
See all open source projects >>
Contribute to open source projects >>
Puppet 8 is here, and it’s included in the latest release of Puppet Enterprise. It’s the biggest update to Puppet since Puppet 7’s first release in November 2020, and it carries a host of enhancements and improvements to make managing and scaling your infrastructure easier than ever.
Read on for a list of the major changes included in Puppet 8, how they benefit you, and how to get going with Puppet 8 fast.
Puppet 8 is the eighth full release of Puppet’s open source code. Puppet 8 was released in April 2023 and became part of Puppet Enterprise releases in September 2023. Puppet 8 includes updates to configuration reporting, protections for user inputs, and more.
Upgrade to the latest version of Puppet Enterprise or Open Source Puppet to start using Puppet 8. PE 2023.3, released in September 2023, was the first version of Puppet Enterprise to include Puppet 8.
UPGRADE TO PUPPET 8
TRY PUPPET ENTERPRISE FREE
Puppet 8 features behind-the-scenes and functional changes focused on user experience and giving you even more control over your automation and configuration management.
Nobody likes dealing with certificates. You might not even know a certificate is expired if servers were set up at different times, or you inherited the infrastructure from another team, or your documentation isn’t up to snuff. And trying to keep up with certificates in a big enough environment can kick off a never-ending change management process, which isn’t good for releasing on time.
Watch the Video Below to See Puppet 8 Certificate Management in Action
In previous releases of Puppet Enterprise, once a Certificate of Authority expired, the server lost communication with the primary server and wouldn’t update. That meant no new code, no security fixes, and no continuous compliance.
In the latest versions of Puppet Enterprise, built on Puppet 8, we’ve all but eliminated this huge pain point for practitioners. As soon as you upgrade, auto-renewal for certificates is on by default. Instead of managing changes to certificates across all their servers, you can instead just have shorter-lived certifications that renew just as they expire. That means your team doesn’t have to go through the toil of monitoring and managing certificate expiration, and it makes it much easier to recover from expired certification.
Whether it’s keeping track of different expiration dates, manual errors mucking things up, or just the sheer volume of certificates to manage, you can say goodbye to the hangups that have been haunting your certificate management.
With Puppet 8, Puppet is now on the latest branch of Ruby 3.2 and OpenSSL 3. The replacement ensures everything is up-to-date with the latest version while reducing vulnerability scanning concerns.
Note: Ruby 3 only has the exist? function and not exists? All code using the exists? function will need to be updated for compatibility. (You can actually do this before you upgrade to Puppet 8, since Ruby 2 features both exist? and exists? functions.)
Platform engineering is prompting a shift toward self-service in DevOps. Self-service brings freedom, but also liabilities: With the potential for so many more user inputs, we need to make sure they can’t make unsafe variable assignments.
Strict Mode in Puppet 8 ensures that if something hasn’t been passed correctly, like if it contains a typo that has caused something to become “undefined”, Puppet will throw an error rather than allowing a change that might have unexpected consequences. It also prevents mixed data transformations that lead to messy data assignments, like attempting to add a string to an integer.
Together with freezing string literals, Strict Mode helps avoid mistakes or malicious attempts to reassign variables.
During a Puppet run in an IT estate with hundreds of thousands of servers, the Puppet agent runs every 30 minutes by default, reports on resources, and stores the data for 7 days by default. The problem is that these run reports also included data on the resources that hadn’t changed since the last run.
All that unchanged data about hundreds of resources per run – sometimes thousands – was effectively burying the data some users needed to see. To get around that problem, users were cutting down the data storage period or scheduling less frequent runs, which decreased the effectiveness and usability of the tool.
In Puppet 8, unchanged resources are excluded from reporting by default. (Users have had the ability to set this in Puppet 7, but it wasn’t on by default.) That means every Puppet run will show you the information that matters so you don’t have to dig through mountains of data to get to actionable insights.
Deferred functions let you run commands on the client side instead of all in a Puppet compile server. That’s helpful when accessing something you don’t want to be passed through the Puppet infrastructure nodes, like vault secrets. Deferred functions let you access them using only your client and vault server.
Before Puppet 8, all deferred functions were evaluated prior to enforcement of the catalog. This means that if your function depended on configuration like installing a library or writing a config file, then it would fail the first time through. In Puppet 8, it’s possible to install a dependency for a deferred function and call the deferred function in a single agent run.
Hiera 3 has been out of use for a while, and dropping it from this version trims down the Puppet 8 install. The lookup function and Hiera 5 continue to work as expected.
Legacy facts have also been deprecated for some time. Puppet 8 drops them altogether, reducing network load, freeing PuppetDB storage, and improving general performance.
If you’re a current Puppet user, you can upgrade to Puppet 8 by following the instructions over on Docs. For a more in-depth look at Puppet 8, check out Puppet 8 for DevOps Engineers from Packt Publishing. If you’re new to Puppet, try the latest version for free on 10 nodes with no time restriction or user limit.
UPGRADE INSTRUCTIONS TRY PUPPET
Principal Solutions Architect, Puppet by Perforce
David is a Principal Solutions Architect at Puppet by Perforce – in this role he focuses on product management of Puppets development ecosystem and integrations. Before this, he worked with Puppet’s largest and most complex customers to deliver automation at scale and support their DevOps working practices. He spent eight years at NatWest as a Cloud Infrastructure Engineer. David has a passion for delivering change into traditional working environments, breaking down team silos, and integrating DevOps working practices with heavily regulated and audited environments.
Community and Developer Relations Lead, Puppet by Perforce