Puppet Forge updates
Puppet Forge updates
forge.puppet.com

Fixed scoring for module releases with no manifests

 

Fix

  

We recently fixed the handling of module releases with no manifests in our scoring service, which caused these releases to receive a zero for the parser component of the score. The parser component of a release score is now ignored for releases with no manifests.

Affected releases were those published between July 22, 2021 and October 7, 2021. These releases have been rescored, and should now show a score based on the lint and metadata score components only.

Updated Forge TLS Config

 

Improvement

 

 

We recently updated the TLS (HTTPS) configuration for the Forge website and API service. We have removed support for TLS versions 1.0 and 1.1. We have also removed support for various ciphers which are no longer considered secure.

Modern browsers and HTTPS clients should be unaffected by this change, however if you are using a very old browser or client library, you may need to upgrade in order to continue to access the Forge website or API service.

UPDATE 1 (9 July 2021): We have determined that versions of JRuby (and specifically, the bundled jruby-openssl gem) that are included with older releases of puppetserver do not support the new TLS configuration.

Specifically, users of puppetserver releases prior to 6.10.0 may experience errors similar to:

ERROR -> Received fatal alert: handshake_failure

when attempting to deploy environments with r10k.

To resolve this issue, you have two options:

Upgrade puppetserver to a version >= 6.10.0 (including any 7.x release), this is the recommended option

OR

Run the command puppetserver gem install jruby-openssl as the appropriate user on any impacted systems to upgrade the jruby-openssl gem in place

If you have any questions or concerns, please email us at forge@puppet.com. Thank you.

Redesigned module search results

 

New

 

 

We’re delighted to announce the release of our new module search results page, the latest iteration of the Forge redesign.

New features include a cleaner design, responsiveness, and a dynamic filtering sidebar, allowing you to refine results by compatibility with operating systems and versions, quality score, endorsements, features and latest release date.

By default, deprecated modules are also now hidden in search results with an option to unhide included in the sidebar.

The redesign of Forge has been heavily influenced by user feedback so if you have any comments or suggestions on this release or anything else, please let us know in the #forge-modules channel in our community Slack.

Forge-Search.png

Send reports to ServiceNow from PE

 

How-to Guide

 

 

Wondering how to send reporting information from Puppet Enterprise to ServiceNow? With our new ServiceNow reporting integration module, Puppet Enterprise can send events that are handled by ServiceNow to create Alerts and Incidents, or create Incidents directly. Learn how to configure and troubleshoot the integration in our newest how-to guide!

Do you have ideas for other how-to guides you'd like to see? Please tell us about them in the #forge-modules channel in our community Slack!

Redesigned module page

 

New

 

 

As a part of our continuing Forge redesign, we’re excited to announce the release of the new module page! An example of this page is puppetlabs-reboot, which contains pretty much everything you could want to know about the module. We know that this is one of the most important pages that Forge users encounter, and while we believe the new responsive design is a big improvement on its own, we also worked to incorporate feedback we’d heard over time.

Rest assured, we plan to keep improving this page, and continue with the redesign across the rest of the Forge. In the meantime, if you have any feedback on the new page or anything else about the Forge, let us know in the #forge-modules channel in our community Slack!

Upcoming Forge IP Address Change

 

New

 

 

On Monday, October 26th, 2020 we will be updating the forge.puppet.com and forgeapi.puppet.com DNS records (as well as the legacy forge.puppetlabs.com and forgeapi.puppetlabs.com records) to point to a new IPv4 address. This change is being made as part of ongoing work to improve the performance and reliability of the Forge website and API service.

The new IP address is 192.69.65.71. This address is already functional and you can configure Puppet to use it via the temporary hostname forgeapi-new.puppet.com. We recommend only using this hostname only for testing purposes, please keep your primary configurations pointed to the default hostname.

We realize that some users have to make firewall exceptions so that their clients can access the Puppet Forge which is why we are pre-announcing this change. To help facilitate a smooth transition, the Forge website and API service will continue to be available on the old IP address until at least Monday, November 9th, 2020.

Users that need to access Forge via the old IP may configure Puppet to use the temporary hostname forgeapi-old.puppet.com. Note that this DNS record will be updated to point to the new IP once the old IP is deactivated. Please be sure to make any necessary updates to your firewall configurations before November 9th, 2020.

The Forge API will continue to be available via IPv6 (as well as IPv4 but on a dynamic set of addresses) through the alternate hostname forgeapi-cdn.puppet.com with no changes.

This is the first time in approximately 5 years that we have changed the Forge IP address.

If you have any questions or concerns, please email us at forge@puppet.com. Thank you.

New password complexity requirements

 

Improvement

 

 

We have recently deployed a couple of changes to improve the password security of the Forge website.

First, we now require all passwords to meet or exceed a certain level of complexity, as defined by the zxcvbn algorithm. We do not have specific rules about characters used, capitalization patterns, etc. but the algorithm takes a variety of factors into account when determining password complexity and will even provide suggestions as to how you can improve a password judged to be not complex enough. You can read more about the zxcvbn algorithm in this blog post by Dropbox.

For passwords that meet our complexity requirements, we now additionally check them against a database of passwords previously exposed in data breaches from other websites or services. It is already a best practice to create a unique password for each website or service where you have an account but this change ensures users don't re-use a password that is at much greater risk of being guessed by a malicious actor. To learn more, visit haveibeenpwned.com.

These new checks and requirements apply to all newly created user accounts as well as existing users who choose to update their password. At this time we are not requiring existing users to update their passwords but may require that in the future.

A more responsive Forge

 

New

 

 

Our redesigned homepage now scales with your browser window! You might not be installing Forge modules from your phone or tablet, but finding the right module and browsing documentation should be easy at all screen sizes, on any device.

Look for more responsive layout updates soon as we continue to roll out our redesign. Let us know what you think - your feedback is always welcome in our community Slack chat!

Classify nodes with your ServiceNow CMDB

 

How-to Guide

 

 

Does your team use ServiceNow? Learn how to use ServiceNow's Configuration Management Database (CMDB) to classify your Puppet nodes in our latest how-to guide. This article shows you how to use our ServiceNow CMDB integration module to leverage your ServiceNow CMDB as a trusted external data source for Puppet Enterprise.

Do you have feedback on this guide or ideas for future guides you'd like to see? Please let us know in the #forge-modules channel in our community Slack!

Provision nodes with vRA 7 and Puppet

 

How-to Guide

 

 

Learn how to provision nodes using the Puppet Plug-in for VMware vRealize Automation (vRA) in our latest how-to guide. This guide covers everything from connecting Puppet and vRA 7 to designing vRA blueprints using Puppet properties.

If you have any feedback on this guide or ideas for future guides you'd like to see, let us know in the #forge-modules channel in our community Slack!