.fixtures.yml

@@ -12,6 +12,7 @@ fixtures:
     git:      'https://github.com/theforeman/puppet-git.git'
     inifile:  'https://github.com/puppetlabs/puppetlabs-inifile.git'
     puppetdb: 'https://github.com/puppetlabs/puppetlabs-puppetdb.git'
+    redis:    'https://github.com/voxpupuli/puppet-redis.git'
     stdlib:   'https://github.com/puppetlabs/puppetlabs-stdlib.git'
     systemd:  'https://github.com/camptocamp/puppet-systemd.git'
     yumrepo_core:

.sync.yml

@@ -1,9 +1,9 @@
 ---
 .travis.yml:
   beaker_sets:
-    - centos7-64
     - centos6-64
     - debian9-64
+    - debian10-64
   env:
     global:
       - PARALLEL_TEST_PROCESSORS=8

.travis.yml

@@ -15,7 +15,7 @@ matrix:
     - rvm: 2.5.1
       env:
         - BEAKER_PUPPET_COLLECTION=puppet5
-        - BEAKER_setfile=centos7-64{hostname=centos7-64.example.com}
+        - BEAKER_setfile=centos6-64{hostname=centos6-64.example.com}
       script: bundle exec rake beaker
       services: docker
       bundler_args: --without development
@@ -26,7 +26,7 @@ matrix:
     - rvm: 2.5.1
       env:
         - BEAKER_PUPPET_COLLECTION=puppet6
-        - BEAKER_setfile=centos7-64{hostname=centos7-64.example.com}
+        - BEAKER_setfile=centos6-64{hostname=centos6-64.example.com}
       script: bundle exec rake beaker
       services: docker
       bundler_args: --without development
@@ -37,7 +37,7 @@ matrix:
     - rvm: 2.5.1
       env:
         - BEAKER_PUPPET_COLLECTION=puppet5
-        - BEAKER_setfile=centos6-64{hostname=centos6-64.example.com}
+        - BEAKER_setfile=debian9-64{hostname=debian9-64.example.com}
       script: bundle exec rake beaker
       services: docker
       bundler_args: --without development
@@ -48,17 +48,6 @@ matrix:
     - rvm: 2.5.1
       env:
         - BEAKER_PUPPET_COLLECTION=puppet6
-        - BEAKER_setfile=centos6-64{hostname=centos6-64.example.com}
-      script: bundle exec rake beaker
-      services: docker
-      bundler_args: --without development
-      before_install:
-        - echo '{"ipv6":true,"fixed-cidr-v6":"2001:db8:1::/64"}' | sudo tee /etc/docker/daemon.json
-        - sudo service docker restart
-
-    - rvm: 2.5.1
-      env:
-        - BEAKER_PUPPET_COLLECTION=puppet5
         - BEAKER_setfile=debian9-64{hostname=debian9-64.example.com}
       script: bundle exec rake beaker
       services: docker
@@ -70,7 +59,7 @@ matrix:
     - rvm: 2.5.1
       env:
         - BEAKER_PUPPET_COLLECTION=puppet6
-        - BEAKER_setfile=debian9-64{hostname=debian9-64.example.com}
+        - BEAKER_setfile=debian10-64{hostname=debian10-64.example.com}
       script: bundle exec rake beaker
       services: docker
       bundler_args: --without development

CHANGELOG.md

@@ -1,5 +1,28 @@
 # Changelog
 
+## [13.0.0](https://github.com/theforeman/puppet-puppet/tree/13.0.0) (2020-02-12)
+
+[Full Changelog](https://github.com/theforeman/puppet-puppet/compare/12.1.0...13.0.0)
+
+**Breaking changes:**
+
+- Update cipher suites [\#721](https://github.com/theforeman/puppet-puppet/pull/721) ([mmoll](https://github.com/mmoll))
+- Drop listen parameter [\#718](https://github.com/theforeman/puppet-puppet/pull/718) ([ekohl](https://github.com/ekohl))
+
+**Implemented enhancements:**
+
+- Add server\_multithreaded parameter [\#720](https://github.com/theforeman/puppet-puppet/pull/720) ([alexjfisher](https://github.com/alexjfisher))
+- Add Debian 10 [\#716](https://github.com/theforeman/puppet-puppet/pull/716) ([mmoll](https://github.com/mmoll))
+
+**Fixed bugs:**
+
+- Restart Puppet Agent service after updating the package [\#712](https://github.com/theforeman/puppet-puppet/pull/712) ([fraenki](https://github.com/fraenki))
+
+**Merged pull requests:**
+
+- Move parameters to advanced [\#719](https://github.com/theforeman/puppet-puppet/pull/719) ([ekohl](https://github.com/ekohl))
+- Stop acceptance tests on EL7 [\#715](https://github.com/theforeman/puppet-puppet/pull/715) ([ekohl](https://github.com/ekohl))
+
 ## [12.1.0](https://github.com/theforeman/puppet-puppet/tree/12.1.0) (2019-10-25)
 
 [Full Changelog](https://github.com/theforeman/puppet-puppet/compare/12.0.1...12.1.0)
@@ -592,4 +615,4 @@
 * Change fixture URLs from git:// to https:// (Guido Günther)
 
 
-\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)*
+\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)*

Gemfile

@@ -7,7 +7,6 @@ gem 'puppet', ENV.key?('PUPPET_VERSION') ? "~> #{ENV['PUPPET_VERSION']}" : '>= 5
 
 gem 'rake'
 gem 'rspec', '~> 3.0'
-gem 'rdoc', '~> 5.1.0', {"platforms"=>["ruby_21"]}
 gem 'rspec-puppet', '~> 2.3'
 gem 'rspec-puppet-facts', '>= 1.7'
 gem 'puppetlabs_spec_helper', '>= 2.1.1'
@@ -25,7 +24,7 @@ gem 'puppet-lint-unquoted_string-check'
 gem 'puppet-lint-variable_contains_upcase'
 gem 'puppet-lint-version_comparison-check'
 gem 'simplecov'
-gem 'github_changelog_generator', {"git"=>"https://github.com/skywinder/github-changelog-generator", "ref"=>"20ee04ba1234e9e83eb2ffb5056e23d641c7a018", "groups"=>["development"]} if RUBY_VERSION >= '2.2.2'
+gem 'github_changelog_generator', '>= 1.15.0'
 gem 'puppet-blacksmith', '>= 4.1.0', {"groups"=>["development"]}
 gem 'beaker', '>= 4.2.0', {"groups"=>["system_tests"]}
 gem 'beaker-docker', {"groups"=>["system_tests"]}

README.md

@@ -54,6 +54,12 @@ Please see the notes about using puppetlabs/puppetdb 5.x with older versions of
 newer releases of the module and set the values via hiera or an extra include of `puppetdb::globals` with
 `puppetdb_version` defined.
 
+Please also make sure your puppetdb ciphers are compatible with your puppet server ciphers, ie that the two following parameters match:
+```
+puppet::server::cipher_suites
+puppetdb::server::cipher_suites
+```
+
 # Installation
 
 Available from GitHub (via cloning or tarball), [Puppet Forge](https://forge.puppetlabs.com/theforeman/puppet)

manifests/agent.pp

@@ -5,6 +5,6 @@
   contain puppet::agent::config
   contain puppet::agent::service
 
-  Class['puppet::agent::install'] ~> Class['puppet::agent::config']
+  Class['puppet::agent::install'] ~> Class['puppet::agent::config', 'puppet::agent::service']
   Class['puppet::config', 'puppet::agent::config'] ~> Class['puppet::agent::service']
 }

manifests/agent/config.pp

@@ -8,7 +8,6 @@
     'report':            value => $::puppet::report;
     'masterport':        value => $::puppet::port;
     'environment':       value => $::puppet::environment;
-    'listen':            value => $::puppet::listen;
     'splay':             value => $::puppet::splay;
     'splaylimit':        value => $::puppet::splaylimit;
     'runinterval':       value => $::puppet::runinterval;

manifests/config.pp

@@ -7,7 +7,6 @@
   $ca_server           = $::puppet::ca_server,
   $ca_port             = $::puppet::ca_port,
   $dns_alt_names       = $::puppet::dns_alt_names,
-  $listen_to           = $::puppet::listen_to,
   $module_repository   = $::puppet::module_repository,
   $pluginsource        = $::puppet::pluginsource,
   $pluginfactsource    = $::puppet::pluginfactsource,

manifests/init.pp

@@ -4,6 +4,14 @@
 #
 # === Parameters:
 #
+# $show_diff::                              Show and report changed files with diff output
+#
+# $ca_server::                              Use a different ca server. Should be either
+#                                           a string with the location of the ca_server
+#                                           or 'false'.
+#
+# == Advanced puppet parameters
+#
 # $version::                                Specify a specific version of a package to
 #                                           install. The version should be the exact
 #                                           match for your distro.
@@ -18,18 +26,6 @@
 #
 # $port::                                   Override the port of the master we connect to.
 #
-# $listen::                                 Should the puppet agent listen for connections.
-#
-# $listen_to::                              An array of servers allowed to initiate a puppet run.
-#                                           If $listen = true one of three things will happen:
-#                                           1) if $listen_to is not empty then this array
-#                                           will be used.
-#                                           2) if $listen_to is empty and $puppetmaster is
-#                                           defined then only $puppetmaster will be
-#                                           allowed.
-#                                           3) if $puppetmaster is not defined or empty,
-#                                           $fqdn will be used.
-#
 # $pluginsync::                             Enable pluginsync.
 #
 # $splay::                                  Switch to enable a random amount of time
@@ -88,14 +84,8 @@
 #                                           (in seconds) to the timer. Only relevant when
 #                                           runmode is 'systemd.timer'.
 #
-# $show_diff::                              Show and report changed files with diff output
-#
 # $module_repository::                      Use a different puppet module repository
 #
-# $ca_server::                              Use a different ca server. Should be either
-#                                           a string with the location of the ca_server
-#                                           or 'false'.
-#
 # $ca_port::                                Puppet CA port
 #
 # $ca_crl_filepath::                        Path to CA CRL file, dynamically resolves based on
@@ -123,8 +113,6 @@
 #                                           read after the elapsed interval then the
 #                                           connection will be closed.
 #
-# == Advanced puppet parameters
-#
 # $user::                                   Override the name of the puppet user.
 #
 # $group::                                  Override the name of the puppet group.
@@ -260,18 +248,11 @@
 # $server_git_branch_map::                  Git branch to puppet env mapping for the
 #                                           default post receive hook
 #
-# $server_storeconfigs_backend::            Do you use storeconfigs? (note: not required)
-#                                           false if you don't, "active_record" for 2.X
-#                                           style db, "puppetdb" for puppetdb
+# $server_storeconfigs_backend::            Do you use storeconfigs?
+#                                           false if you don't, "puppetdb" for puppetdb
 #
 # $server_certname::                        The name to use when handling certificates.
 #
-# $server_strict_variables::                if set to true, it will throw parse errors
-#                                           when accessing undeclared variables.
-#
-# $server_additional_settings::             A hash of additional settings.
-#                                           Example: {trusted_node_data => true, ordering => 'manifest'}
-#
 # $server_puppetdb_host::                   PuppetDB host
 #
 # $server_puppetdb_port::                   PuppetDB port
@@ -280,6 +261,12 @@
 #
 # === Advanced server parameters:
 #
+# $server_strict_variables::                if set to true, it will throw parse errors
+#                                           when accessing undeclared variables.
+#
+# $server_additional_settings::             A hash of additional settings.
+#                                           Example: {trusted_node_data => true, ordering => 'manifest'}
+#
 # $server_manage_user::                     Whether to manage the server user resource
 #
 # $server_user::                            Name of the puppetmaster user.
@@ -400,6 +387,8 @@
 #                                           503 responses returned when max-queued-requests is enabled. (Puppetserver 5.x only)
 #                                           Defaults to 1800 for Puppetserver >= 5.0
 #
+# $server_multithreaded::                   Use multithreaded jruby. (Puppetserver >= 6.8 only).  Defaults to false.
+#
 # $server_idle_timeout::                    How long the server will wait for a response on an existing connection
 #
 # $server_connect_timeout::                 How long the server will wait for a response to a connection attempt
@@ -540,7 +529,7 @@
 #
 #   class {'puppet':
 #     agent_noop => true,
-#     version    => '2.7.20-1',
+#     version    => '6.11.0-1',
 #   }
 #
 class puppet (
@@ -560,8 +549,6 @@
   Optional[String] $package_provider = $puppet::params::package_provider,
   Optional[Variant[Stdlib::Absolutepath, Stdlib::HTTPUrl]] $package_source = $puppet::params::package_source,
   Integer[0, 65535] $port = $puppet::params::port,
-  Boolean $listen = $puppet::params::listen,
-  Array[String] $listen_to = $puppet::params::listen_to,
   Boolean $pluginsync = $puppet::params::pluginsync,
   Boolean $splay = $puppet::params::splay,
   Variant[Integer[0],Pattern[/^\d+[smhdy]?$/]] $splaylimit = $puppet::params::splaylimit,
@@ -694,6 +681,7 @@
   Integer[0] $server_max_requests_per_instance = $puppet::params::server_max_requests_per_instance,
   Integer[0] $server_max_queued_requests = $puppet::params::server_max_queued_requests,
   Integer[0] $server_max_retry_delay = $puppet::params::server_max_retry_delay,
+  Boolean $server_multithreaded = $puppet::params::server_multithreaded,
   Boolean $server_use_legacy_auth_conf = $puppet::params::server_use_legacy_auth_conf,
   Boolean $server_check_for_updates = $puppet::params::server_check_for_updates,
   Boolean $server_environment_class_cache_enabled = $puppet::params::server_environment_class_cache_enabled,

manifests/params.pp

@@ -9,8 +9,6 @@
   $group               = 'puppet'
   $ip                  = '0.0.0.0'
   $port                = 8140
-  $listen              = false
-  $listen_to           = []
   $pluginsync          = true
   $splay               = false
   $splaylimit          = 1800
@@ -394,13 +392,21 @@
   $server_max_requests_per_instance       = 0
   $server_max_queued_requests             = 0
   $server_max_retry_delay                 = 1800
+  $server_multithreaded                   = false
   $server_idle_timeout                    = 1200000
   $server_web_idle_timeout                = 30000
   $server_connect_timeout                 = 120000
   $server_ca_auth_required                = true
   $server_admin_api_whitelist             = [ 'localhost', $lower_fqdn ]
   $server_ca_client_whitelist             = [ 'localhost', $lower_fqdn ]
-  $server_cipher_suites                   = [ 'TLS_RSA_WITH_AES_256_CBC_SHA256', 'TLS_RSA_WITH_AES_256_CBC_SHA', 'TLS_RSA_WITH_AES_128_CBC_SHA256', 'TLS_RSA_WITH_AES_128_CBC_SHA' ]
+  $server_cipher_suites                   = [
+    'TLS_DHE_RSA_WITH_AES_128_GCM_SHA256',
+    'TLS_DHE_RSA_WITH_AES_256_GCM_SHA384',
+    'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256',
+    'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384',
+    'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256',
+    'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384',
+  ]
   $server_ssl_protocols                   = [ 'TLSv1.2' ]
   $server_ssl_chain_filepath              = "${server_ssl_dir}/ca/ca_crt.pem"
   $server_check_for_updates               = true

manifests/server.pp

@@ -219,6 +219,8 @@
 #                                      503 responses returned when max-queued-requests is enabled. (Puppetserver 5.x only)
 #                                      Defaults to 1800 for Puppetserver >= 5.0
 #
+# $multithreaded::                     Use multithreaded jruby. (Puppetserver >= 6.8 only).  Defaults to false.
+#
 # $idle_timeout::                      How long the server will wait for a response on an existing connection
 #
 # $connect_timeout::                   How long the server will wait for a response to a connection attempt
@@ -418,6 +420,7 @@
   Integer[0] $max_requests_per_instance = $::puppet::server_max_requests_per_instance,
   Integer[0] $max_queued_requests = $puppet::server_max_queued_requests,
   Integer[0] $max_retry_delay = $puppet::server_max_retry_delay,
+  Boolean $multithreaded = $puppet::server_multithreaded,
   Boolean $use_legacy_auth_conf = $::puppet::server_use_legacy_auth_conf,
   Boolean $check_for_updates = $::puppet::server_check_for_updates,
   Boolean $environment_class_cache_enabled = $::puppet::server_environment_class_cache_enabled,

manifests/server/puppetserver.pp

@@ -54,6 +54,9 @@
 #   Sets the upper limit for the random sleep set as a Retry-After
 #   header on 503 responses returned when max-queued-requests is enabled.
 #
+# @param server_multithreaded
+#   Configures the puppetserver to use multithreaded jruby.
+#
 # @example
 #
 #   # configure memory for java < 8
@@ -81,6 +84,7 @@
   $server_max_requests_per_instance       = $::puppet::server::max_requests_per_instance,
   $server_max_queued_requests             = $::puppet::server::max_queued_requests,
   $server_max_retry_delay                 = $::puppet::server::max_retry_delay,
+  $server_multithreaded                   = $::puppet::server::multithreaded,
   $server_ssl_protocols                   = $::puppet::server::ssl_protocols,
   $server_ssl_ca_crl                      = $::puppet::server::ssl_ca_crl,
   $server_ssl_ca_cert                     = $::puppet::server::ssl_ca_cert,

metadata.json

@@ -1,6 +1,6 @@
 {
   "name": "theforeman-puppet",
-  "version": "12.1.0",
+  "version": "13.0.0",
   "author": "theforeman",
   "summary": "Puppet agent and server configuration",
   "license": "GPL-3.0+",
@@ -65,7 +65,8 @@
     {
       "operatingsystem": "Debian",
       "operatingsystemrelease": [
-        "9"
+        "9",
+        "10"
       ]
     },
     {

spec/acceptance/puppetserver_upgrade_5_3_6_to_5_3_7_spec.rb

@@ -1,16 +1,16 @@
 require 'spec_helper_acceptance'
 
-describe 'Scenario: 5.3.6 to 5.3.7 upgrade:', if: ENV['BEAKER_PUPPET_COLLECTION'] == 'puppet5' && fact('lsbdistcodename') != 'bionic' do
+describe 'Scenario: 5.3.6 to 5.3.7 upgrade:', if: ENV['BEAKER_PUPPET_COLLECTION'] == 'puppet5' do
   before(:context) do
     if check_for_package(default, 'puppetserver')
       on default, puppet('resource package puppetserver ensure=purged')
       on default, 'rm -rf /etc/sysconfig/puppetserver /etc/puppetlabs/puppetserver'
       on default, 'rm -rf /etc/puppetlabs/puppet/ssl'
     end
 
-    # puppetserver won't start with lower than 2GB memory
+    # puppetserver won't start with low memory
     memoryfree_mb = fact('memoryfree_mb').to_i
-    raise 'At least 2048MB free memory required' if memoryfree_mb < 256
+    raise 'At least 256MB free memory required' if memoryfree_mb < 256
   end
 
   case fact('osfamily')