Releases: simp/rubygem-simp-cli
Releases · simp/rubygem-simp-cli
Release of 7.0.0
BREAKING CHANGES
- simp kv:
- Updated the
simp kvcommand suite to work with simp-simpkv
Puppet module version >= 0.8.0.- simp-simpkv 0.8.0 changed how global keys are accessed.
- Only impacts sites that explicitly enabled the experimental
simpkv capability.
- Updated the
Changed
- simp config:
- The LOCAL sssd domain is no longer needed for sssd to start. The
sssd::domainsvalue is now only set if the SIMP server is the LDAP server. - Updated LDAP configuration to use 389ds, when the SIMP server is the LDAP
is on EL>7.- Configures the LDAP server to be the SIMP 389ds accounts instance
- Configures the LDAP client to communicate with the 389ds server.
- Moved the mechanism to set the SIMP server's grub password to Puppet.
- The password is now set via
simp_grub::passwordinstead of
grub::password.
- The password is now set via
- Configure
simp_options::ntp::serversinstead of deprecated
simp_options::ntpd::servers. - Bumped
.gemspecdependencies to mitigate CVE-2020-8130 and
CVE-2017-8418 - Changed set/get from
mastertoserverin updates to the puppet
configuration - Changed the check for puppetserver running from a fragile CRL query to the
actualstatusendpoint and moved fromcurlto nativenet/http
- The LOCAL sssd domain is no longer needed for sssd to start. The
Added
- simp config:
- Added option to configure a local user with ssh and sudo privileges
to prevent server lockout, when SIMP is not installed from ISO.- Especially important for cloud instances when the user does not have
console access. - Specified local user will be created if not already present.
- If the specified local user exists and has authorized ssh keys, the keys
will be copied to/etc/ssh/local_keys/, the default location of local user
ssh authorized key files in SIMP.
IMPORTANT: Any future updates to a users's ssh authorized key list must
be made to the user's file in/etc/ssh/local_keys/.
- Especially important for cloud instances when the user does not have
- Set the NTP server defaults for ntpd and chronyd.
simp_options::ntp::serversis intended to be the default NTP server
settings for a SIMP system, regardless of whether it uses ntpd or
chronyd. However, the chrony module does not use simp_options,
because it is not a SIMP-maintained module. To work around this,
simp configwas updated to setchrony::serversto an alias of
simp_options::ntp::serversin hieradata.
- Added option to configure a local user with ssh and sudo privileges
Fixed
- simp config:
- Fixed a bug in which running
simp configmultiple times could result in
multiple/etc/hostsentries for the puppetserver. - Check for both ntpd and chronyd settings when determining the OS defaults
forsimp_options::ntp::server, not just ntpd settings.
- Fixed a bug in which running
Removed
- simp CLI:
- Dropped support for Puppet 5
- Removed support for EL6
- Removed management of puppetdb components since it is no longer enabled by
default.
Pre-release 7.0.0-pre2
BREAKING CHANGES
- simp kv:
- Updated the
simp kvcommand suite to work with simp-simpkv
Puppet module version >= 0.8.0.- simp-simpkv 0.8.0 changed how global keys are accessed.
- Only impacts sites that explicitly enabled the experimental
simpkv capability.
- Updated the
Changed
- simp config:
- The LOCAL sssd domain is no longer needed for sssd to start. The
sssd::domainsvalue is now only set if the SIMP server is the LDAP server. - Updated LDAP configuration to use 389ds, when the SIMP server is the LDAP
is on EL>7.- Configures the LDAP server to be the SIMP 389ds accounts instance
- Configures the LDAP client to communicate with the 389ds server.
- Moved the mechanism to set the SIMP server's grub password to Puppet.
- The password is now set via
simp_grub::passwordinstead of
grub::password.
- The password is now set via
- Configure
simp_options::ntp::serversinstead of deprecated
simp_options::ntpd::servers. - Bumped
.gemspecdependencies to mitigate CVE-2020-8130 and
CVE-2017-8418
- The LOCAL sssd domain is no longer needed for sssd to start. The
Added
- simp config:
- Added option to configure a local user with ssh and sudo privileges
to prevent server lockout, when SIMP is not installed from ISO.- Especially important for cloud instances when the user does not have
console access. - Specified local user will be created if not already present.
- If the specified local user exists and has authorized ssh keys, the keys
will be copied to/etc/ssh/local_keys/, the default location of local user
ssh authorized key files in SIMP.
IMPORTANT: Any future updates to a users's ssh authorized key list must
be made to the user's file in/etc/ssh/local_keys/.
- Especially important for cloud instances when the user does not have
- Set the NTP server defaults for ntpd and chronyd.
simp_options::ntp::serversis intended to be the default NTP server
settings for a SIMP system, regardless of whether it uses ntpd or
chronyd. However, the chrony module does not use simp_options,
because it is not a SIMP-maintained module. To work around this,
simp configwas updated to setchrony::serversto an alias of
simp_options::ntp::serversin hieradata.
- Added option to configure a local user with ssh and sudo privileges
Fixed
- simp config:
- Fixed a bug in which running
simp configmultiple times could result in
multiple/etc/hostsentries for the puppetserver. - Check for both ntpd and chronyd settings when determining the OS defaults
forsimp_options::ntp::server, not just ntpd settings.
- Fixed a bug in which running
Removed
- simp CLI:
- Dropped support for Puppet 5
- Removed support for EL6
Pre-release 7.0.0-pre1
BREAKING CHANGES
- simp kv:
- Updated the
simp kvcommand suite to work with simp-simpkv
Puppet module version >= 0.8.0.- simp-simpkv 0.8.0 changed how global keys are accessed.
- Only impacts sites that explicitly enabled the experimental
simpkv capability.
- Updated the
Changed
- simp config:
- The LOCAL sssd domain is no longer needed for sssd to start. The
sssd::domains value is now only set if the SIMP server is the LDAP server. - Updated LDAP configuration to use 389ds, when the SIMP server is the LDAP
is on EL>7.- Configures the LDAP server to be the SIMP 389ds accounts instance
- Configures the LDAP client to communicate with the 389ds server.
- Moved the mechanism to set the SIMP server's grub password to Puppet.
- The password is now set via simp_grub::password instead of
grub::password.
- The password is now set via simp_grub::password instead of
- Configure
simp_options::ntp::serversinstead of deprecated
simp_options::ntpd::servers. - Bumped .gemspec dependencies to mitigate CVE-2020-8130 and
CVE-2017-8418
- The LOCAL sssd domain is no longer needed for sssd to start. The
Added
- simp config:
- Added option to configure a local user with ssh and sudo privileges
to prevent server lockout, when SIMP is not installed from ISO.- Especially important for cloud instances when the user does not have
console access. - Specified local user will be created if not already present.
- If the specified local user exists and has authorized ssh keys, the keys
will be copied to/etc/ssh/local_keys/, the default location of local user
ssh authorized key files in SIMP.
IMPORTANT: Any future updates to a users's ssh authorized key list must
be made to the user's file in/etc/ssh/local_keys/.
- Especially important for cloud instances when the user does not have
- Set the NTP server defaults for ntpd and chronyd.
simp_options::ntp::serversis intended to be the default NTP server
settings for a SIMP system, regardless of whether it uses ntpd or
chronyd. However, the chrony module does not use simp_options,
because it is not a SIMP-maintained module. To work around this,
simp configwas updated to set chrony::servers to an alias of
simp_options::ntp::serversin hieradata.
- Added option to configure a local user with ssh and sudo privileges
Fixed
- simp config:
- Fixed a bug in which running
simp configmultiple times could result in
multiple /etc/hosts entries for the puppetserver. - Check for both ntpd and chronyd settings when determining the OS defaults
forsimp_options::ntp::server, not just ntpd settings.
- Fixed a bug in which running
Removed
- simp CLI:
- Dropped support for Puppet 5
- Removed support for EL6
Release of 6.1.1
* Thu Oct 15 2020 Trevor Vaughan <tvaughan@onyxpoint.com> - 6.1.1 - Change the local user lockout warning to have simpler instructions
Release of 6.1.0
* Wed Oct 07 2020 Liz Nemsick <lnemsick.simp@gmail.com> - 6.1.0
- Updated SIMP internet repositories configured by 'simp config'
- Now uses simp-project.com repositories via new
``simp::yum::repo::internet_simp`` class
- The packagecloud repositories are no longer being updated.
- Added instructions to the local user lockout warning message in the
bootstrap lock file:
- Explain how to create a metadata.json file with the correct module
dependencies for the sample Puppet code.
- Tell the user to check that they can ssh into the server with the new
user after bootstrap but before rebooting. This step is imperative to
ensure that the user can also get through Puppet-managed
authentication!
- Fixed the following:
- Bug in which `simp config` did not allow DNS domains that did
not include at least one '.'. Domains are now validated
per RFC 3696.
- Typo in a simp cli message about applying FACLs.
- Incorrect path for the location of the SIMP server hieradata file
in the local user lockout warning message in the bootstrap lock file.
- Missing instructions in the local user lockout warning message about
adding `passwd => false` to `simp::user_specification` for users who
log in without a password.
Release of 6.0.3
* Wed Sep 30 2020 Liz Nemsick <lnemsick.simp@gmail.com> - 6.0.3
- Fixed a bug where 'simp config' recommended the wrong SSSD domain,
when the SIMP server was not the LDAP server. It recommended the
'Local' domain, when the appropriate SIMP-created domain with the
'local' (EL6) or 'files' (EL7) provider is 'LOCAL'.
Release of 6.0.2
* Thu Sep 10 2020 Liz Nemsick <lnemsick.simp@gmail.com> - 6.0.2
- Fixed a typo in an error message emitted when `simp config` cannot
proceed because the environment to configure already exists.
- Fixed a bug in `simp environment new` in which the actual failure
messages from a failed `setfacl --restore` execution are not logged.
- Updated HighLine from version 1.7.8 to 2.0.3.
Release of 6.0.1
* Tue Sep 01 2020 Jeanne Greulich <jeanne.greulich@onyxpoint.com> - 6.0.1 - Fix Rakefile issue that prevented RPM from being built from simp-core
Release 6.0.0
* Thu Aug 13 2020 Trevor Vaughan <tvaughan@onyxpoint.com> - 6.0.0
- Allow users to set the SIMP_ENVIRONMENT environment variable to change the
initial environment from 'production' to a custom value
- Fixed an issue where --dry-run would prompt the user to apply instead of
simply skipping to the (skipped) action items and then writing the
~/.simp/simp_conf.yaml file
- Ensure that `simp config` uses the `simp::classes` parameter instead
of `classes` by default
- Accept both `simp::classes` and `classes` as valid existing configurations
* Fri Jan 03 2020 Liz Nemsick <lnemsick.simp@gmail.com> - 6.0.0
- Added simp kv command family to allow users to manage and inspect
entries in a simpkv key/value store
- simp passgen changes
- Split into sub-commands for ease of use:
- 'simp passgen envs': List environments that may have 'simplib::passgen'
passwords
- 'simp passgen list': List names of 'simplib::passgen' passwords
- 'simp passgen remove': Remove 'simplib::passgen' passwords
- 'simp passgen set': Set 'simplib::passgen' passwords
- 'simp passgen show': Show 'simplib::passgen' passwords and other
stored attributes
- Updated to work with simpkv-enabled simplib::passgen. Automatically
detects whether simplib::passgen is operating in legacy mode or
simpkv mode in the specified environment, and then executes password
operations using the appropriate mechanism for that mode.
- When setting passwords, disabled libpwquality/cracklib validation of
user-entered passwords, by default, because not all passwords managed
by simplib::passgen are user passwords. This validation can be
re-enabled with the '--validate' option of the 'simp passgen set' command.
- Added the following command line options when creating passwords
- '--[no-]auto-gen': Whether to auto-generate new passwords.
- '--complexity': Password complexity to use when a password is
auto-generated. Corresponds to the complexity option of simplib::passgen.
- '--[no-]complex-only': Whether to only use only complex characters
when a password is auto-generated. Corresponds to the complex_only
option of simplib::passgen.
key/value store.
- '--[no-]validate': Enabled validation of new passwords with
libpwquality/cracklib.
- '--length': Password length to use when a password is auto-generated.
- Added '--[no-]details' option when showing password information. When
enabled, all available password information is displayed, not just the
current and previous password values.
- simp config changes
- Removed deprecated '--non-interactive' option. Use '--force-defaults'
instead.
* Fri Aug 30 2019 Trevor Vaughan <tvaughan@onyxpoint.com> - 6.0.0
- Fix Puppet Enterprise support
Release of 5.0.3
* Wed Aug 07 2019 Liz Nemsick <lnemsick.simp@gmail.com> - 5.0.3
- Fix errata in instructions on how to prevent possible root lockout
from the SIMP server.