Puppet Enterprise LTS 2021.7 Simplifies Security
Introducing Puppet Enterprise LTS 2021.7
We’re pleased to introduce updates to Puppet Enterprise that give infrastructure operations teams the insights they need to manage and protect infrastructure and complex workflows in a simple yet powerful way. With Puppet Enterprise 2021.7, teams gain automatic access control and a host of system insights related to runs and events.
Let Access Control Work For You
Security and stability are the two main aspects of Long-Term Support (LTS) releases. Puppet Enterprise 2021.7 has strengthened and automated the prevention of unauthorized system access within an organization, firstly through automatic synchronization of LDAP user details and group membership, and secondly through group membership requirements.
Prior to this release, user details and group membership for LDAP-based users only refreshed when users logged in. Now, LDAP group bindings, user names, and descriptions update automatically every 30 minutes (by default) for every LDAP user in the system. If a user is no longer present in LDAP or has no group bindings, all user-group associations are removed from the user and all of the user's known tokens are revoked.
This automatic refresh is adjustable via a new parameter and can still be disabled if required, but this low-effort, useful failsafe improves overall security when active. Learn more configuring RBAC and token-based authentication settings.
Similarly, users not assigned to any group can be blocked from logging in until their role has been defined and membership granted. This setting is off by default and will not prevent access upon upgrade, so to enable it or learn more, go to the Require LDAP group membership doc to log in. For additional role-based access control, RBAC endpoints have been added to the API and allow for fine-grained tuning of roles, groups, permissions and users.
Additional security updates are included in the upgrade to Postgres 14 in Puppet Enterprise LTS 2021.7.
Gain Valuable Operational Insights
Being able to ask for and receive system performance and functional data is the first step to understand change impact, opportunities for efficiency gains, and overall system health. To that end, Puppet Enterprise LTS 2021.7 now includes expanded metrics collection and capabilities that won’t impact performance. The metrics collector and database modules are now included in PE and enabled by default, along with thorough documentation for further Orchestrator data collection via the Metrics API v2.
For keeping your PE installation in an ideal state, the pe_status_check module has been bundled with PE. This powerful logging tool provides detailed system information upon request, including certificate validity and expiration status for all nodes. Read about the pe_status_check module to learn how the module works and how to get the module's reports.
At the jobs and plan level, events have been expanded to allow queries based on start and stop timestamps, while orchestrator agent and task event data now include additional information for start time, end time, duration, and status. In-progress tasks can now be easily stopped, providing additional options for system tuning and remediation.
Additional Enhancements
This release includes a number of enhancements to make it easier for customers to onboard and use Puppet Enterprise. From performance improvements for increased scalability to planning upgrades more efficiently, this release continues to build on customer value by enabling teams with a more streamlined way to automate and manage their infrastructure. Key capabilities include:
- Improved resource management: API access to stop in-progress tasks, whether hung or not
- Customized login messages: Use the RBAC API to set the disclaimer text on the console login page
- Updated components: We are now shipping JRuby and Bouncy Castle 1.70, which has improved support for TLS 1.3.
- Expanded platform support for Agents:
- macOS 12 M1
- Ubuntu (General Availability kernels) 22.04 x86_64
- Microsoft Windows 11
- For client tools:
- Ubuntu (General Availability kernels) 22.04 x86_64
- macOS 12 M1, M2
- And for patch management:
- Ubuntu (General Availability kernels) 22.04 x86_64
- Microsoft Windows 11
In summary, Puppet Enterprise LTS 2021.7 brings access control and operational insights for better, easier system management, along with stability and performance improvements to help you deliver and scale your dev-ops environments.
Learn More
- Experiment with Google Cloud LDAP or FreeIPA LDAP
- Why move from Open Source Puppet to Puppet Enterprise