Skip to content
Tags give the ability to mark specific points in history as being important
  • release/005.012
    91d5cf85 · version release/005.012 ·
  • release/latest
    91d5cf85 · version release/005.012 ·
  • release/005.010
    42fdee29 · Update NEWS for release ·
    release/005.010 (2017-10-02)
        [kerberos] Use three rather than four "kdc" lines in
        /etc/krb5.conf. [adamhl]
        Starting the work to make the code Puppet 4 compatible. [adamhl]
        [ssh] Add $extra_gssapi_only_users parameter listing any extra
        accounts that should skip Duo (i.e., service accounts). [adamhl]
        [postfix] Remove the transport lines which allowed mail
        to route via published MX records, because that is moving entirely
        off-campus Instead, just have everything go through
        (which still has an on-campus presence). [akkornel]
  • release/005.009
  • release/005.008
    8e69d474 · release/005.008 ·
  • release/005.007
    c595058a · release/005.007 ·
  • release/005.006
  • release/005.005
  • release/005.004
  • release/005.003
    e94099c9 · release/005.003 ·
  • release/005.002
    18ab92e2 · make release/005.002 ·
  • release/005.001
  • release/005.000
    release/005.000 (2016-11-21)
        This release has a number of breaking changes.
        [duo] base::duo has been completely reworked into a type plus a common
        class.  Clients which use Duo for their own purposes should create an
        instance of base::duo::config, which will create a Duo PAM config file for
        them to use.  See README.duo for more information.
        [ipmi] A complete rework of base::ipmi.      The base::noipmi class no
        longer exists.  Instead, IPMI support should be disabled by setting
        base::ipmi::ensure to "absent".  IPMI kernel modules, and ipmievd, should
        still be automatically disabled on virtual systems, even when
        "ensure => present"; in those cases, the IPMI client tools will still be
        installed.  Code has been updated for Debian 8 and Ubuntu 16.04.
        [os/debian] All aptitude operations are now performed in a new phase,
        called "aptitude".  The "aptitude" phase is configured to run before
        Clients which rely on aptitude being up-to-date must no longer
        "require => Exec['aptitude update']".  The nature of Puppet phases will
        ensure that aptitude is already updated.
        Clients installing their own custom sources are advised to move all of that
        into separate classes, and to put those classes into a new phase of their
        own.  This new phase should "require => Phase['aptitude']" and
        "before => Phase['main']", to ensure proper execution sequencing.
        [os/debian] Add two Hiera-configurable parameters to base::os::debian::apt:
        * apt_cache_notin_tmp.  If true, use a different directory to store package
        scripts that need to be run during package install/upgrade.
        * apt_cache_tmp_dir.  When apt_cache_notin_tmp is true, this is the
        directory to use for package scripts.
        [postfix/sender] A new type: base::postfix::sender.  This is similar to
        base::postfix::recipient, except it is used to rewrite sender addresses
        instead of recipient addresses.
        It is suggested that clients use base::postfix::sender to ensure that
        emails sent 'from' "" or "" are
        instead being sent 'from' either "" or
        [ssh] A fairly large rework of SSH code.  Support has been added for
        treating "alternate accounts" (.root, .admin, root., and admin.) the same
        as root.  Code has also been updated to account for changes to base::duo.
        Support has also been added to completely disable password authentication.
        Support for Ed25519 keys is also included (though disabled by default).
        Finally, pam_afs is now configurable: It can be disabled on systems that do
        not use AFS.
        See README.ssh for more information on how to use the code.
        [sudo] Complete rework of base::sudo, including configurable support for
        Duo.  Anyone in the "sudo" or "wheel" group gets sudo access.  If Duo is
        enabled, anyone on a specified list is able to sudo without a password, but
        with a two-step run.  Fail-secure is supported, as is using the GECOS field
        to specify the username that Puppet should actually use.
        See README.sudo for more information on how to use the code.
        [syslog] Some fixes for Ubuntu.
        [os/debian] Fix the $PATH used by aptitude.
        [puppetclient] Fix a filter-syslog regex error.
  • release/004.063
    d4d4562f · Update NEWS for release ·
    release/004.063 (2016-10-17)
        [ipmi] EL package requires (like EL6, EL7 only has available OpenIPMI,
        and not OpenIPMI-tools. (jlent)  Fix ipmievd configuration for Ubuntu.
        [os] Update the Ubuntu-to-Debian mapping. (akkornel)  Enable the
        debian-stanford backports for Unbuntu distros based on Wheezy and Jessie.
        (akkornel)  Also add additional Ubuntu-specific backports. (akkornel)
        Also remove daemontools as a default install on systemd Ubuntu. (akkornel)
        [ntp] Add the SRCF time server, make sure NTP is installed, and disable
        systemd-timesyncd on RHEL 8.
        [xinetd] Make sure inetd is removed before xinetd is installed. (akkornel)
        [wallet] Make sure the base::wallet::client class is included when
        required. (akkornel)
  • release/004.062
    c68ad098 · update NEWS file a bit ·
    Various quick fixes related to Oracle Linux:
    [os] Fix references applicable to Oracle Linux
    [cron] Address cron-related package not available on Oracle Linux
    [puppetclient] Address lack of versionlock on Oracle Linux (jlent)
  • release/004.060
  • release/004.059
  • release/004.058
    31be0a7b · release/004.058 ·
  • release/004.057
    Stop PAM file override on Jessie, filter-syslog fixes, Puppet 2.X template
  • release/004.056