Puppet 2.7.16 is a maintenance release for Puppet in the
2.7.x series. (Puppet 2.7.15 died in the thunderdome). The release notes below
include notes from the 2.7.15 series, so you may see some changes repeated
from previous emails.
Downloads are available at:
* Source https://downloads.puppetlabs.com/puppet/puppet-2.7.16.tar.gz
Windows package is available at
https://downloads.puppetlabs.com/windows/puppet-2.7.16.msi
RPMs are available at https://yum.puppetlabs.com/el or /fedora
Debs are available at https://apt.puppetlabs.com
Mac package is available at
https://downloads.puppetlabs.com/mac/puppet-2.7.16.dmg
See the Verifying Puppet Download section at:
https://projects.puppetlabs.com/projects/puppet/wiki/Downloading_Puppet
Please report feedback via the Puppet Labs Redmine site, using an
affected puppet version of 2.7.16:
http://projects.puppetlabs.com/projects/puppet/
## Puppet 2.7.16 Release Notes ##
(#8858) Explicitly set SSL peer verification mode.
In Ruby 1.8 the Net::HTTP library defaults to skipping peer
verification when
no mode is explicitly set. Ruby 1.9, on the other hand, does not:
it defaults
to verification of the peer certificate - leading to failure when
we depended
on the default value in our HTTP setup.
This changes to explicitly set the verification mode, ensuring we get
consistent results across all Ruby versions.
*Significantly improve compilation performance when using modules
When autoloading classes/defines, the typeloader constructs a set of
possible locations for the class, based on its name. Effectively, it
will look in the canonical locations corresponding to each namespace in
the fully-qualified name. So for each namespace, it will ask the
environment for a Puppet::Module instance for that module, to ask it
which of the module''s potentially manifests match the class
it''s looking
for. To answer that request, the environment instantiates a
Puppet::Module.
This amounts to potentially thousands of Puppet::Module instances being
created, because it does this many times (based on nesting of the class
name) per include/autoload/import. When Puppet::Module instances are
created, they parse and load their metadata.json file, in part to
validate their use. This implies that each compilation results in
metadata.json being parsed thousands of times, which is extremely slow
(and obviously provides no actual benefit).
Fortunately, the environment object already keeps a list of
Puppet::Module instances for every module in its modulepath. The fix
applied here is simply to change the environment such that it provides
modules by looking them up in its cached list, resulting in up to an
order of magnitude improvement in compilation time.
*Colorize console output on Windows
Previously, `Puppet[:color]` was false on Windows, because the Windows
console does not support ANSI escape sequences.
The win32console gem converts ANSI color escape sequences into Win32
console API calls to change the foreground color, etc. If the output
stream has been redirected to a file, then the gem does not translate
the sequences, instead preserving them in the stream, as is done on
Unix.
To disable colorized output specify `color=false` or `--color=false` on
the command line.
This commit adds a `Puppet.features.ansicolor?` feature that defines
whether ANSI color escape sequences are supported. On Windows, this is
only true if the win32console gem can be loaded. On other platforms, the
value is always true.
The win32console gem will be packaged into the Windows installer, and
so, `Puppet[:color]` now defaults to true. If the gem can''t be
loaded,
then puppet will revert to its previous behavior.
(#8174) Allow defines to reference topscope
Because the compiler re-assigned the topscope, looking up topscope vars
or facts from a defined resource type was causing deprecation warnings
when it should not be. By cherry-picking commits
b02aa930a03a282588e81f65e14f47a138a4b9f0 and
c995be16bc9e3ad8dbad9d21b49df76de5b72ea9 the topscope is no longer
re-assigned and so defined resource types can now lookup these kinds of
variables without problem.
Evaluate node classes either in top or node scope
Classes that are tied to a node should be preferred to be evaluated in
the node scope, but if we don''t have one then they should be in the
top
scope
(#14297) Handle upstart services better
The previous changes to the upstart provider didn''t take into
account services
that may have upstart jobs in /etc/init with no corresponding symlink to
upstart-job in /etc/init.d. This fix adds /etc/init/$service.conf
to the search
path in the upstart provider.
In order to allow upstart to use debian as its parent, this commit
adds methods
for enabled?, enable and disable. Without this fix, using a debian
style init
script on ubuntu requires manually specifying the debian provider be used.
With this commit, the upstart provider can be the default for ubuntu and
still fail up to its parent, debian.
The enabled?, disable, and enable methods are complicated because
upstart has 3
behaviors to account for. Upstart < 0.6.7 have only the conf file
and start on
stanzas to worry about, 0.6.7 < upstart < 0.9.0 has a manual stanza
which
removes any previous start on declaration, and upstart >= 0.9.0
has an override
file. In upstart >= 0.9.0, the provider does all of its work using
override files
to leave the upstart conf file for the service intact and unchanged.
Because of the need to know which upstart version is being used, this commit
also adds a method and a class variable to hold and access the
upstart version,
obtained by a call to `initctl --version`.
(#14343) Lookup in correct inherited scope
The previous twoscope lookup of the inheritied scope tried to find the
inherited scope by looking up the class_scope() directly. Unfortunately,
this does not work correctly in cases where the inherited scope is
qualified to the topscope (::parent) or where the scope is implicitly
qualified (class a { class b {} class c inherits b {} }).
By using the same mechanism that variables use for looking up scope (the
qualified_scope() method) variable lookup will find a scope consistent
with what qualified variable lookups will find.
(#14761) Add boot, reboot to excludes list for redhat provider
On sles, the reboot init script would be triggered during a `puppet resource
service` call, which would ignore the status argument and proceed
to reboot the
system. It would also call the boot init script, which could hang the puppet
call indefinitely. This commit adds both the boot and reboot services to the
redhat provider''s exclude list. It also updates the redhat
provider spec test
to test for those changes.
(#14615) Exclude helperscripts in gentoo service provider
The directory `/etc/init.d` does not only store normal initscripts but
also a few helper scripts (like `functions.sh`). The former behaviour was
to treat them as regular initscripts which can lead to dangerous results
especially when running `puppet resource service`. This command will
issue `/etc/init.d/<script> status` on every script inside
`/etc/init.d`. Because the helperscripts don''t care about arguments,
this will cause the system to reboot when `/etc/init.d/reboot.sh status` is
executed.
Exclude helperscripts when searching inside `/etc/init.d`.
## Puppet 2.7.16 Changelog ##
Andrew Parker (9):
6bef2e6 Removed text/marshal support
568ded5 Fix for bucket_path security vulnerability
a3d51b2 Removed topscope being overridden by node
e27adf4 Evaluate node classes either in top or node scope
c6e006e (#8174) Allow defines to reference topscope
2d83e22 (Maint) Added test for fully qualified variables
3541db6 (#14343) Lookup in correct inherited scope
36c41e1 (#14343) Test cases for more forms of variable lookup
c0cb0fa (Maint) Close filehandles after read in upstart
Chris Price (3):
dae5539 (#14440) Hack to allow help faces to be used as API
53e0057 Use internal domain name for module tool tests
be6062c Apply commit from master that varies ports during tests
Daniel Pittman (12):
36d959a (#14123) Puppet shouldn''t explode if PATH contains
~nonexistent_user
b4d1c65 (#14127) ssh_authorized_keys grammer fails on blank lines.
603b368 (#14173) Enforce that filebucket paths must be absolute
cde3bee Just change Puppet settings in tests, rather than stubbing.
24d4bb5 Revert "(#11004) Fix regex for pkg provider line
matching"
d5e0cdd (#14288) gem provider should tolerate bad lines.
80fe59d Remove a bad test that can lead to random hangs...
7ce9e17 maint: use relative paths to fixtures.
b26699a (#10146) `-` is not legal in variable names.
37df5c4 (#14615) Final stub fixes for the tests.
cd4bee8 Test SSL setup code, not our stubbing of it.
3a06246 (#8858) Explicitly set SSL peer verification mode.
James Turnbull (1):
b7828ed (#3452) Autorequire user for cron
Jeff McCune (5):
ca313dc (maint) Fix destinations_spec failure on windows
7e92dcb Just change Puppet settings in tests, rather than stubbing.
9b47110 (#13956) Fix failing spec tests
a713f07 (#8778) Make '''' == undef commutative in the DSL
ff052b8 (maint) Add mailmap to identify contributors
Josh Cooper (2):
f40cc71 (#12392): Colorize console output on Windows
ead9d25 (Maint) Color console output when the win32console gem
is installed
Kelsey Hightower (1):
a76d873 (#14424) Expand path of the target directory
Ken Barber (1):
34da6f7 (#13651) Use magenta, not purple in Facter::Util::Colors
Lauri Tirkkonen (1):
8dda6c2 (#14723) Fix http report description
Matthaus Litteken (13):
f240a95 Updating CHANGELOG and lib/puppet.rb for 2.6.15
d174a9f Updating CHANGELOG and lib/puppet.rb for 2.6.16
91827e8 (#14297) Handle upstart services better
b9ed026 (#14297) Update spec tests for upstart provider
6cca061 (#14297) Add acceptance test for upstart provider
3c5ef40 (#14297) Clean up upstart provider and tests
f5d1f74 (#14297) Update upstart provider acceptance tests
466ab49 (#14297) Define agent in upstart acceptance test
a45942b (#14297) Don''t remove tty1 or rsyslog during upstart
acceptance
7c1d8c2 (maint) Disable upstart spec test on windows
e619304 (#14761) Add boot, reboot to excludes list for redhat provider
d110da5 Updating CHANGELOG, conf/redhat/puppet.spec for puppet 2.7.15rc4
da36281 Updated manpages, CHANGELOG, puppet.spec, puppet.rb for 2.7.16rc1.
Michael Kincaid (3):
b601bb4 Update acceptance tests to use confine instead of skip_test loops
2aea708 Revert changes to symbolic_modes.rb -- this test should
indeed be pending (it should eventually work on Windows).
ebf5386 Remove EL-related test changes from this commit.
Moses Mendoza (3):
a731e15 Update CHANGELOG lib/puppet.rb puppet.spec for 2.7.15rc1
cfeb013 Update CHANGELOG puppet.spec for 2.7.15rc2
20c3da3 Update CHANGELOG, conf/redhat/puppet.spec for 2.7.15rc3
Nan Liu (1):
0efb4c2 (#14296) Improve template function error message.
Nick Fagerlund (2):
e862cad Fix broken man page rake task
da5361d Maint: De-genericize Puppet Forge references in module face
Nick Lewis (2):
a7a532c Significantly improve compilation performance when using modules
95b75e1 Fix unit test failure in fileserver due to modules
Patrick Carlisle (13):
c51447d (#13260) Use mktmpdir when downloading packages
0180200 Refactor pkgdmg specs
7ac1ec8 (#13260) Spec test to verify that mktmpdir is used
f7829ec Stub mktmpdir and remove_entry_secure in os x package providers
7e92a7c Fix filebucket specs on Windows
1c9bec0 Fix incorrect argument handling for expire in NodeExpirer
7c7d4b6 Fix #14123 for Windows
d2b3ba0 Revert "Fix incorrect argument handling for expire in
NodeExpirer"
91a4a7d Don''t use features to check for color in logging
ea740f6 Add Puppet::Util::Platform to abstract platform checks
12c5bda Fix a stub of ansicolor that I missed
3b144bf Revert "maint: use relative paths to fixtures."
f4ba59e Use absolute_path in module install spec
R.I.Pienaar (1):
65446c9 Revert "(#5246) Puppetd does not remove it''s pidfile
when it exits"
Stefan Schulte (10):
f6ac1bb (#13645) Do not open a smtp connection if nothing to report
a281c48 (#13645) Add test cases to tagmail_spec
85ee441 maint: refactor integration specs for ssh_authorized_key
402a425 (#14127) Add integration tests for ssh_authorized_key
61e7d3c maint: Fix pkg_spec test
6aa8441 (#11004) Support Solaris 11 output in pkg package provider
e37b536 (#11004) Fix regex for pkg provider line matching
0788ea2 (#14615) Exclude helperscripts in gentoo service provider
060810e maint: Make it easier to test the service provider
f11dfd6 (#14615) Fix provider spec tests to work on non gentoo systems
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.