PE release notes
These are the enhancements and resolved issues in this version of Puppet Enterprise (PE).
For security and vulnerability announcements, see Security: Puppet's Vulnerability Submission Process.
Released May 2023
If you're on the LTS stream (2021.7), you'll find release notes and other information for that series in the 2021.7 documentation.
Customers on 2019.8.z are encouraged to upgrade to either 2021.7 or 2023.
- Improved performance when querying PuppetDB
- This enhancement helps to improve performance for PuppetDB queries that contain large arrays, for example, if many nodes are enumerated or many terms are joined by a single "and" or "or" element.
- Improved performance for the
filterfunctions in the Puppet language
- Previously, the Puppet language built-in
filtershowed poor performance and consumed unnecessary resources when run on JRuby software. The issue was resolved to enhance performance.
- Puppet Server provides more reliable warnings when it cannot check for an update
- By default, Puppet Server periodically checks whether a new version of Puppet Server is available. Previously, if Puppet Server could not connect to the update server, users were not provided with adequate information about the error. Starting with Puppet Server 7.10.1, a warning about the error is available in the log file.
Deprecations and removals
- Deprecated PSON
Puppet to serialize data for
PSON is deprecated in Puppet 7 and will be removed in Puppet 8.
- Tasks page is available following a software update
- After upgrading PE from 2019.8 to 2021.7.1, the Tasks overview page in the PE console sometimes failed to load because of a timeout error. The issue is fixed in PE 2021.7.3 and 2023.1.
- Scheduled task jobs run successfully without a defined timeout
- In PE 2023.0, task jobs failed to start if they were scheduled without an explicitly defined timeout. In PE 2023.1, the issue is resolved to help ensure that task jobs start as scheduled even without an explicitly specified timeout option. If a timeout option is not explicitly defined, the default timeout for tasks is applied.
- Timeout and concurrency values for scheduled tasks can be viewed and edited in the console
- In PE 2023.0, the timeout and concurrency
values for a scheduled task could not be viewed or edited in the PE console. This issue is fixed in PE 2023.1:
- When you view a scheduled task in the console, any specified timeout and concurrency values are displayed in the new Timeout and Concurrency fields.
- When you edit a scheduled task in the console, you can update the values in the new Timeout and Concurrency fields.
- Any timeout or concurrency values that you specify for scheduled tasks will be applied.
- When tasks are rerun in the console, timeout and concurrency attributes are preserved
- In PE 2023.0, tasks that were rerun in the PE console did not properly preserve the concurrency and timeout attributes of the task job. This issue is fixed in PE 2023.1.
- Access rights for remote users can be revoked and reinstated from the console
- In PE 2023.0, a defect was introduced that prevented the revocation or restoration of some remote users by using the PE console. This issue is resolved in PE 2023.1.
- Performance issue with Puppet agent runtimes is resolved
- After an upgrade from PE 2019.8.12 to PE 2021.7.1, some users saw a significant increase in Puppet agent runtimes. The increase was caused by Facter 4, which was not using cached information to resolve facts. As a result, facts were resolved multiple times. The issue is now resolved to normalize the performance of the Puppet agent.
- Enabling the lockless code deploy feature no longer causes performance issues in PuppetDB catalog compilation
- When the
versioned_deployssetting is enabled, Puppet previously reported the full directory path to the environment after resolving symbolic links as the source for resources in a catalog. Puppet now reports the path to the resource before resolving symbolic links in the environment path to help prevent instability of the PuppetDB instance.
If you still encounter issues, manually update the
puppet.conffile to set the new configuration option
- Certificates and keys can be backed up and restored by specifying the
- Previously, if you ran the
puppet-backup createcommand and specified a scope of
certs, the command failed to back up the certificate authority root key and certificates. This issue occurred because Puppet 7 introduced a new default path for the certificate authority (CA) directory (
/etc/puppetlabs/puppetserver/ca), but the
puppet-backup createcommand failed to locate the new directory. Similarly, if you ran the
puppet-backup restorecommand with a scope of
certs, the restore operation failed. The CA directory issue is resolved so that backup and restore operations can run successfully.
- Timeouts can be specified for SAML authentication
- Previously, when users configured the PE
console to specify
session-maximum-lifetimevalues, the settings were applied to Lightweight Directory Access Protocol (LDAP) tokens and local login tokens. However, the specified settings were not applied to Security Assertion Markup Language (SAML) tokens, which are used for authentication with SAML identity providers. The issue is corrected to ensure that the specified settings also apply to SAML session lifetimes.
- Updates implemented to help users enter valid URLs
- In previous versions of PE, the
role-based access control (RBAC) service permitted the entry of invalid
URLs when users specified the Organizational URL
setting. Login attempts would then fail with the following error
'Invalid settings: organization_not_enough_data'
In PE 2021.7.3 and 2023.1, the RBAC service is updated to enforce valid URLs when users create or update a connection to a SAML identity provider, and the PE console displays a warning if the user enters an invalid URL for the Organizational URL setting.
- User-defined temporary directory is honored during PE restore operations
- After you back up your PE infrastructure,
you can use the
puppet-backup restorecommand to restore the backup. Previously, if you set the
—tmpdirflag or the
TMPDIRenvironment variable to specify a temporary directory for restore operations, the directory was not honored, and the default
/tmpdirectory was used in some cases. In addition, some files were not cleaned up after the restore operation. This issue is corrected to ensure that the user-specified directory is used, and all temporary files are removed after the restore operation.
- Issue that caused an unexpected increase in CPU usage is resolved
- In PE 2021.7.1, 2021.7.2, and 2023.0, an issue with Puppet Server caused an unexpected increase in central processing unit (CPU) usage in some environments. CPU usage continued to grow and some operations took longer than expected until the Puppet Server service was restarted. This issue is resolved in PE 2023.1 and 2021.7.3.
- Security fixes
- Addressed CVE-2023-1894 and CVE-2023-26048.