Upgrade cautions

These are the major changes to PE since the previous long-term support release, 2019.8. Review these recommendations and plan accordingly before upgrading to this version.

FIPS-enabled PE 2021.7 and later can't use the default system cert store

PE 2021.7 and later FIPS builds can't use the default system cert store, which is used automatically with some reporting services. This setting is configured by the report_include_system_store Puppet parameter that ships with PE.

Removing the puppet-cacerts file (located at /opt/puppetlabs/puppet/ssl/puppet-cacerts) can allow a report processor that eagerly loads the system store to continue with a warning that the file is missing.

If HTTP clients require external certs, we recommend using a custom cert store containing only the necessary certs. You can create this cert store by concatenating existing pem files and configuring the ssl_trust_store Puppet parameter to point to the new cert store.

Update puppet_agent module to support AIX

If you use the puppet_agent module and have the agent installed on any AIX nodes, then before you upgrade to PE 2021.7.z, you must ensure that you are using puppet_agent module version 4.18.0 or later. This ensures that the puppet_agent module identifies the correct directory for AIX resources and your AIX agents function as expected.

Logback upgrade in PE 2021.7.7 and later

In PE 2021.7.7, logback is upgraded to version 1.3.14. Using a Java argument, the logappender variable is now set by default to F1 for all projects. If you customize this setting, to avoid disruptions in logging, ensure that all logappender variable references are correctly defined. Using invalid appender references or omitting to use a reference will cause logback version 1.3.14 to stop logging.

PostgreSQL 14 upgrade in PE 2021.6

PE 2021.6.0 upgrades pe-postgresql from version 11 to version 14. This upgrade involves a datastore migration that requires extra disk space (110% of the current PostgreSQL 11 datastore) and extra time to upgrade (roughly two to four minutes of additional time per 10GB of datastore size). The installer issues a warning and cancels the upgrade if there is insufficient space.

To check your PostgreSQL installation size and the size and number of bytes available for the partition, run facter -p pe_postgresql_info on the node that runs the pe-postgresql service (this is either your primary server or a separate node that manages your PostgreSQL database).

To speed the migration and optimize queries, clean up the PE-PostgreSQL database prior to upgrading by applying the pe_databases module to nodes running the pe-postgresql service. This module is installed with PE versions 2021.3 and later, but you must enable it by setting the puppet_enterprise::enable_database_maintenance parameter to true. For best results, apply the module at least one week prior to upgrade to allow the module's maintenance schedule enough time to clean all databases.

Optionally, after upgrading, you can remove packages and directories from older PostgreSQL versions by running puppet infrastructure run remove_old_postgresql_versions. If applicable, the installer prompts you to complete the cleanup.

CAUTION: Don't use CONCURRENTLY with PostgreSQL 14.0 through 14.3. If you do, make sure to REINDEX without using CONCURRENTLY.
Restriction: If you use a PostgreSQL instance not managed by PE, you must separately upgrade the instance to PostgreSQL 14. For more information, see Upgrade an unmanaged PostgreSQL installation.

Platforms removed in 2021.0 and later

Several agent platforms that were previously deprecated have been removed in PE 2021.0 and later.

Before upgrading to PE 2021.7.5, remove the pe_repo::platform class for these operating systems from the PE Master node group in the console, and from your code and Hiera.
Platforms removed in 2021.0
Removed agent platforms
AIX 6.1
Enterprise Linux 4
Enterprise Linux 6, 7 s390x
Mac OS X 10.9, 10.12, 10.13
SUSE Linux Enterprise Server 11, 12 s390x
Platforms removed in 2021.7.5
Removed agent platforms
CentOS 7 aarch64
macOS 10.15
Oracle Linux 7 aarch64
Red Hat 7 aarch64
Scientific Linux 7 aarch64

Puppet upgrade in 2021.0

PE 2021.0 includes a new major version of Puppet, with several changes that might impact your upgrade. For details, see Upgrading from Puppet 6 to Puppet 7.