Releases: simp/pupmod-simp-simp
Releases · simp/pupmod-simp-simp
Release of 4.12.0
* Tue Sep 15 2020 Jeanne Greulich <[email protected]> - 4.12.0-0 - Updated sssd/client configuration for EL8 - Do not configure local provider for EL8 - Use the files provider for the local domain for el7 and later - Deprecate sssd client autofs,ssh and sudo settings. The sssd module configures services in sssd::services list. Use that setting to configure those entries. - Configure sssd even if local and ldap are not configured for el8. * Wed Sep 09 2020 Trevor Vaughan <[email protected]> - 4.12.0-0 - Updated simp::mountpoints::proc - Due to updates to polkit that require being added to the /proc gid group - Assign a group and gid by default - Create a group by default - Discover these values from the system if possible
Release of 4.10.0
* Thu Aug 01 2019 Robert Vincent <[email protected]> - 4.10.0-0 - Exclude the `yum` class from all Windows nodes. * Fri Jul 05 2019 Steven Pritchard <[email protected]> - 4.10.0-0 - Add v2 compliance_markup data
Release of 4.9.0
* Tue Jun 25 2019 Liz Nemsick <[email protected]> - 4.9.0-0 - Updated the URLs to the EPEL GPG keys. The URLs have changed. * Tue Jun 18 2019 Trevor Vaughan <[email protected]> - 4.9.0-0 - Add SELinux login context management to `simp::admin` - Update the version of simp-selinux - Update the upper bound on puppetlabs-stdlib
Release of 4.8.1
* Thu May 09 2019 Jeanne Greulich <[email protected]> - 4.8.1-0 - Set permission on /etc/simp and /etc/simp/simp.version to world readable. Puppet needs to be able to read it for simp_version fact.
Release of 4.8.0
* Mon May 06 2019 Liz Nemsick <[email protected]> - 4.8.0-0 - Fixed a bug on el6 systems in which the 'puppetdb-dlo-cleanup' cron job from the puppetdb module could not be created. Cron rejected this job because the puppetdb user did not have cron access. - Added 2 'dead letter office' cleanup configuration parameters to `simp::puppetdb` - simp::puppetdb::automatic_dlo_cleanup which maps directly to puppetdb::automatic_dlo_cleanup - simp::puppetdb::dlo_max_age which maps directly to puppetdb::dlo_max_age * Thu Apr 18 2019 Trevor Vaughan <[email protected]> - 4.8.0-0 - Refactor the simp::mountpoints::tmp to use systemd's tmp.mount target if the system supports systemd. - Added net.ipv6.conf.all.accept_ra to simp::sysctl management - Fixed a bug where the root password field was attempting to set an 'undef' value as Sensitive. - Bumped the supported Puppet version to include Puppet 6 - Removed Puppet 4 from the supported list * Tue Apr 09 2019 Joseph Sharkey <[email protected]> - 4.8.0-0 - Remove Elasticsearch and Grafana GPG Keys - Added missing simp::sysctl value simp::sysctl::net__ipv4__conf__default__log_martians - Remove Elasticsearch and Grafana GPG Keys - Standardized cron datatypes to use the Simplib::Cron::### types. This allows more flexibility in cron scheduling. * Mon Mar 25 2019 Nick Miller <[email protected]> - 4.8.0-0 - Add exceptions to the filebucket management and the vardir/simp management to support running from Bolt * Thu Mar 21 2019 Liz Nemsick <[email protected]> - 4.8.0-0 - Replaced use of the simplib's Puppet 3 array_include function with stdlib's member function - Use simplib::host_is_me in lieu of simplib's Puppet 3 host_is_me - Use simplib::simp_version in lieu of simplib's Puppet 3 simp_version * Wed Mar 20 2019 Joseph Sharkey <[email protected]> - 4.8.0-0 - Added switched out chkrootkit for rkhunter on el7 instances
Release of 4.7.0
4.7.0
This tag was signed with the committer’s verified signature.
trevor-vaughan
Trevor Vaughan
* Mon Mar 11 2019 Liz Nemsick <[email protected]> - 4.7.0-0 - Replaced simp-timezone (temporary SIMP fork) with saz-timezone and set the lower bound to 5.1.1 in the metadata.json * Wed Mar 06 2019 Trevor Vaughan <[email protected]> - 4.7.0-0 - Added the, inert by default, deferred_resources class to all class lists in case the users want to use the functionality. This is particularly relevant to various compliance profiles. * Mon Mar 04 2019 Liz Nemsick <[email protected]> - 4.7.0-0 - Deprecated simp::puppetdb::read_database_ssl. Use simp::puppetdb::read_database_jdbc_ssl_properties which maps directly to puppetdb::server::read_database_jdbc_ssl_properties (puppetdb version >= 7.0.0). - Updated to a minimum puppetdb module version 7.1.0 in the metadata.json and expanded the upper bound accordingly - Expanded the upper bound for the concat and stdlib Puppet modules in the metadata.json - Updated URLs in the README.md * Mon Feb 18 2019 Trevor Vaughan <[email protected]> - 4.7.0-0 - Update the dependency list in metadata.json - Fix the one_shot scenario tests * Fri Feb 15 2019 Liz Nemsick <[email protected]> - 4.7.0-0 - Use simplib::join_mount_opts() in lieu of join_mount_opts(), a deprecated simplib Puppet 3 function. - Use simplib::nets2cidr() in lieu of nets2cidr(), a deprecated simplib Puppet 3 function. - Use Puppet's String() in lieu of to_string(), a deprecated simplib Puppet 3 function. - Use simp_apache::munge_httpd_networks() in lieu of munge_httpd_networks(), a deprecated simp_apache Puppet 3 function. - Use ssh::global_known_hosts() in lieu of ssh_global_known_hosts(), a deprecated ssh Puppet 3 function. * Wed Jan 02 2019 Adam Yohrling <[email protected]> - 4.7.0-0 - Add the ability to set the root user password in `simp::root_user` * Tue Dec 11 2018 Jeanne Greulich <[email protected]> - 4.7.0-0 - Added sysctl value to increase max number of inotify user watches. Default = 8192, New Value 102400 which is roughly 100M on a 64 bit system. - If max number is reached systemctl fails with "Not enough Space on Disk" even though there is plenty of space. - See https://unix.stackexchange.com/questions/13751/kernel-inotify-watch-limit-reached for some helpful information.
Release of 4.6.0
4.6.0
This tag was signed with the committer’s verified signature.
trevor-vaughan
Trevor Vaughan
* Thu Oct 18 2018 Nick Miller <[email protected]> - 4.6.0-0 - Added $simp::server::yum::createrepo_ensure parameter - Changed the package from 'latest' to 'installed' - It will also respect `simp_options::package_ensure` * Wed Oct 17 2018 Jeanne Greulich <[email protected]> - 4.6.0-0 - Update fixtures to use correct branch of timezone. (Soma as in the tracking file for 6.3 * Wed Oct 10 2018 Liz Nemsick <[email protected]> - 4.6.0-0 - Remove unnecessary simp/freeradius dependency in metadata.json * Mon Sep 10 2018 Liz Nemsick <[email protected]> - 4.6.0-0 - Update Hiera 4 to Hiera 5 * Thu Aug 30 2018 Liz Nemsick <[email protected]> - 4.6.0-0 - Fix a usability bug in which simp::server::kickstart did not allow the bootstrap scripts provided by simp::server::kickstart::runpuppet and simp::server::kickstart::simp_client_bootstrap to be configured via hieradata, when those classes were managed by simp::server::kickstart. * Mon Aug 27 2018 Trevor Vaughan <[email protected]> - 4.6.0-0 - Switch from using 'sudosh' as the default logging shell to using 'tlog' - Add a 'simp::admin::default_admin_sudo_cmnds' option to allow users to easily change the default sudo-accessible commands from Hiera. - Ensure that the global filebucket setting occurs prior to class inclusion to match the new Puppet 5 method of setting resource defaults. * Tue Jul 17 2018 Nick Miller <[email protected]> - 4.6.0-0 - Added tests and support for OEL and Puppet 5 - Setting the default filebucket in a module no longer works, so ``simp::enable_filebucketing`` will do nothing in puppet version >= 5 - Fixed some linting issues
Release of 4.5.0
* Wed Jun 20 2018 Trevor Vaughan <[email protected]> - 4.5.0-0 - Use the sudo::user_specification default host list which is correct for almost all cases - Update version range of auditd dependency in metadata.json * Fri Jun 08 2018 Dylan Cochran <[email protected]> - 4.5.0-0 - Add Windows support - Change /root perms to RPM default of 0550 - Change /etc/rc.d/rc.local perms to RPM default of 0755 * Thu May 03 2018 Liz Nemsick <[email protected]> - 4.5.0-0 - Created standalone SIMP client bootstrap script, bootstrap_simp_client. - Created simp::server::kickstart::runpuppet replacement, simp::server::kickstart::simp_client_bootstrap, that manages service files for kickstarting a SIMP client, using bootstrap_simp_client and either a sysv (simp_client_bootstrap) or a systemd (simp_client_bootstrap.service) service script. This replacement provides the following improvements: - Exponential backoff of requests to the Puppet server, to minimize Puppet server overload. - Configurable bootstrap timeout. - An option to force a client reboot on client bootstrap failure. - More effective puppet agent processing. The bootstrapping takes fewer puppet agent runs. - Finer grained control of the bootstrap algorithm. - Error handling - Bootstrap operation errors are now detected and logged. - Failed puppet agent runs are now retried, instead of blindly continuing on. - Timestamped log messages in the bootstrap log file. This includes messages from bootstrap_simp_client, puppet agent, and fixfiles. service start - simp::server::kickstart::runpuppet is deprecated and will be removed in a future release * Fri Apr 27 2018 Nick Miller <[email protected]> - 4.5.0-0 - Add simp::netconsole class to manage the netconsole kernel feature - Fix a few puppet-lint warnings * Fri Apr 27 2018 Liz Nemsick <[email protected]> - 4.5.0-0 - Set permissions of /etc/rc.d/rc.local to 0750, instead of 0770, * Mon Apr 23 2018 Jeanne Greulich <[email protected]> 4.5.0-0 - simp_options::selinux was supposed to determine if the selinux module was included. However, this value was getting overridden by the class lists which independently included the selinux module. This change removes the unused simp_options::selinux setting to eliminate the confusion. See the scenario maps in the data section to see what scenarios include the selinux module. See the selinux module to see how to use puppet to enable/disable selinux. This may change the defaults for selinux in the `simp_lite` scenario. * Tue Apr 17 2018 Trevor Vaughan <[email protected]> - 4.5.0-0 - Narrow the focus of the internal hieradata to ensure correct runs on unsupported OSs - Update unsupported OS tests - Add a test to ensure that an error is throw if an invalid scenario is specified * Mon Apr 16 2018 Liz Nemsick <[email protected]> - 4.5.0-0 - In the runpuppet init script used to bootstrap kickstarted clients, for EL7, persist the hostname retrieved by DHCP as a static hostname. This prevents problems that can arise on EL7 when the DHCP lease expires in the middle of the client bootstrap puppet runs. * Mon Apr 02 2018 Jeanne Greulich <[email protected]> - 4.5.0-0 - changed permission on ctrl-alt-del-capture.service to prevent "no effect" errors in system logs.
Release of 4.4.1
* Thu Mar 29 2018 Trevor Vaughan <[email protected]> - 4.4.1-0 - Ensure that a file exists on EL 6 if portreserve is enabled so that the portreserve service does not flap
Release of 4.4.0
* Tue Mar 27 2018 Liz Nemsick <[email protected]> - 4.4.0-0 - In simp::prelink, ensure prelinking is disabled when the server is in FIPS mode, as FIPS is incompatible with prelinking. * Fri Mar 16 2018 Jeanne Greulich <[email protected]> - 4.4.0-0 - Updated metadata.json to include trlinkin/nsswitch * Wed Mar 14 2018 Nick Miller <[email protected]> - 4.4.0-0 - Fixed a bug where if the `puppet_settings` fact did not exist, users in the `%administrators` group could `rm -rf` any path - The value in the hash was also corrected to `$facts['puppet_settings']['main']['ssldir']` * Fri Mar 09 2018 Liz Nemsick <[email protected]> - 4.4.0-0 - Set the ownership and permissions of puppet/puppetdb.conf in simp::puppetdb, instead of allowing them to be set to those of the process running puppet, if the file needs to be created. This is part of the fix to the failure of SIMP to bootstrap on a system on which root's umask has already been restricted to 077. * Mon Feb 26 2018 Trevor Vaughan <[email protected]> - 4.4.0-0 - Remove management of the 'root' user's groups in the User resource - Works around https://tickets.puppetlabs.com/browse/PUP-8470 * Mon Feb 12 2018 Liz Nemsick <[email protected]> - 4.4.0-0 - Remove non-working mcollective remnants - Remove unnecessary dependency on puppetlabs/inifile. * Mon Jan 22 2018 Nick Miller <[email protected]> - 4.4.0-0 - When the host is a member of an IPA domain, do not include the `simp_openldap::client` class. - Update upper bound for concat dependency * Tue Jan 16 2018 Liz Nemsick <[email protected]> - 4.4.0-0 - Add simp::prelink to the class lists for both the SIMP server and SIMP clients. By default, simp::prelink ensures any prelinking has been removed and that the prelink package is not installed. This satisfies the SCAP Security Guide's OVAL check xccdf_org.ssgproject.content_rule_disable_prelink.