From b672a3ce50d89e3bce0a50532fb86029dcc3a363 Mon Sep 17 00:00:00 2001
From: "A. Karl Kornel" <akkornel@stanford.edu>
Date: Mon, 21 Nov 2016 11:29:33 -0800
Subject: [PATCH] Updated NEWS file for new release
---
NEWS | 70 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 70 insertions(+)
diff --git a/NEWS b/NEWS
index 7e07d7b..b59f960 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,73 @@
+release/005.000 (2016-11-21)
+
+ This release has a number of breaking changes.
+
+ [duo] base::duo has been completely reworked into a type plus a common
+ class. Clients which use Duo for their own purposes should create an
+ instance of base::duo::config, which will create a Duo PAM config file for
+ them to use. See README.duo for more information.
+
+ [ipmi] A complete rework of base::ipmi. The base::noipmi class no
+ longer exists. Instead, IPMI support should be disabled by setting
+ base::ipmi::ensure to "absent". IPMI kernel modules, and ipmievd, should
+ still be automatically disabled on virtual systems, even when
+ "ensure => present"; in those cases, the IPMI client tools will still be
+ installed. Code has been updated for Debian 8 and Ubuntu 16.04.
+
+ [os/debian] All aptitude operations are now performed in a new phase,
+ called "aptitude". The "aptitude" phase is configured to run before
+ "main".
+
+ Clients which rely on aptitude being up-to-date must no longer
+ "require => Exec['aptitude update']". The nature of Puppet phases will
+ ensure that aptitude is already updated.
+
+ Clients installing their own custom sources are advised to move all of that
+ into separate classes, and to put those classes into a new phase of their
+ own. This new phase should "require => Phase['aptitude']" and
+ "before => Phase['main']", to ensure proper execution sequencing.
+
+ [os/debian] Add two Hiera-configurable parameters to base::os::debian::apt:
+
+ * apt_cache_notin_tmp. If true, use a different directory to store package
+ scripts that need to be run during package install/upgrade.
+
+ * apt_cache_tmp_dir. When apt_cache_notin_tmp is true, this is the
+ directory to use for package scripts.
+
+ [postfix/sender] A new type: base::postfix::sender. This is similar to
+ base::postfix::recipient, except it is used to rewrite sender addresses
+ instead of recipient addresses.
+
+ It is suggested that clients use base::postfix::sender to ensure that
+ emails sent 'from' "root@stanford.edu" or "root@hostname.stanford.edu" are
+ instead being sent 'from' either "noreply@stanford.edu" or
+ "shared-mailbox@stanford.edu".
+
+ [ssh] A fairly large rework of SSH code. Support has been added for
+ treating "alternate accounts" (.root, .admin, root., and admin.) the same
+ as root. Code has also been updated to account for changes to base::duo.
+ Support has also been added to completely disable password authentication.
+ Support for Ed25519 keys is also included (though disabled by default).
+ Finally, pam_afs is now configurable: It can be disabled on systems that do
+ not use AFS.
+
+ See README.ssh for more information on how to use the code.
+
+ [sudo] Complete rework of base::sudo, including configurable support for
+ Duo. Anyone in the "sudo" or "wheel" group gets sudo access. If Duo is
+ enabled, anyone on a specified list is able to sudo without a password, but
+ with a two-step run. Fail-secure is supported, as is using the GECOS field
+ to specify the username that Puppet should actually use.
+
+ See README.sudo for more information on how to use the code.
+
+ [syslog] Some fixes for Ubuntu.
+
+ [os/debian] Fix the $PATH used by aptitude.
+
+ [puppetclient] Fix a filter-syslog regex error.
+
release/004.063 (2016-10-17)
[ipmi] EL package requires (like EL6, EL7 only has available OpenIPMI,
--
GitLab