Please see the SIMP Community Edition (CE) 6.2.0-0 Changelog for general information, upgrade guidance, and compatibility notes.
This is a bug fix release in the 6.3.X series of SIMP to address the following issues:
SIMP-5974: Ensure that the
puppet generate typeswould not overwhelm the puppet server due to an upstream bug in the incron package. This involved both pinning the incron version to a version that did not have bugs as well as reducing the footprint of the monitored files in the filesystem. See When should I run puppet generate types? for additional information.
The version of
incronthat shipped with SIMP 6.3.0 did not have issues, but the update in upstream EPEL did and affects all uses of incron, not just
pupmod::master::generate_types. We strongly advise that you remove the
0.5.12-6package from your upstream repositories and use the following Hiera configuration to ensure that your SIMP
6.3.0-0installation does not upgrade.--- yum::config_options: exclude="incron"
If you previously disabled
pupmod::master::generate_typesthen be advised that you will need to manually run
puppet generate typeson your environments if you upgrade the
puppetserverpackages or if you add a new environment to your system.
See the When should I run puppet generate types? for additional information.
SIMP-5480: Fix a bug in the default
sssd settingswhere the minimum allowed
1and the maximum allowed
0to align properly with the
SIMP-5932: Allow users to specify a timeout for
simp bootstrapto address slow systems.
SIMP-5975: Allow users to specify SSL settings for the puppet server.
Incron::MaskData Type denoting valid incron masks
Added support for new options starting in
Automatically strip out options not supported by earlier versions for seamless backward compatibility
Add ability to set
Pin incron to
0.5.10via data in modules since
0.5.12as currently published in EPEL can cause catastrophic system failure.
Fixed issues where a large number of
incronwatches may overload the system.
The module is now extensively tested against large numbers of environments but will still cause load if a large number of environments are created at once.
Fixed a bug where some SSL settings could not be set in the puppetserver
Added the following advanced usage parameters in case users need to set parameters that are not presently managed to work around future issues:
Ensure that IPA fact does not hang indefinitely.
Added ‘defined type’ lookup capability,
simplib::dlookupthat provides a consistent method for retrieving defined type parameters from Hiera in an opt-in manner. (Required for fixing the
Fixed YARD documentation issues
min_idsettings across the board to
1to match the sssd defaults, since they really have nothing to do with the target system’s relationship with a centralized authentication service.
The original setting of the
max_idsettings to the
login.defsdefaults was a bug since, per the man page, this would preclude sssd from recognizing items outside of that range at all. The relevance of the
local login.defssettings (system specific) and the sssd settings (global authentication source) are completely irrelevant to one another and should not have been bound together.
sssd::provider::ldap_access_orderparameter to support the
ppolicyrelated options that were added in sssd
sssd::provider::ldap::ldap_access_orderdefault. This will deny a locked account even it access is being attempted via a SSH key.
Add ability for users to override
stunnel::instanceoptions either globally or by specific identified instances using the new
sniis not applicable on EL6
retryis only applicable when
execis specified and needed to be translated from a boolean to
sessionis only applicable on EL6
simp bootstrapoption to set the wait time for the puppetserver to start during the bootstrap process.
Adjusted the help message so that it fits within a 80-character console window.
220.127.116.11. Upgrading from previous SIMP 6.X versions
There are known issues when upgrading from Puppet 4 to Puppet 5. Make sure you read the Upgrading SIMP before attempting an upgrade.
Tlog currently has a bug where session information may not be logged. The
immediate mitigation to this is the fact that pam_tty_audit is the primary
mode of auditing with
sudosh being in place for a better
overall tracking and behavior analysis experience.
Tlog has a second bug where the application fails if a user does not have a TTY.
This has been mitigated by the SIMP wrapper script simply bypassing
a TTY is not present.