Tags give the ability to mark specific points in history as being important
-
7.0.0
c24a57c7 · ·Release of 7.0.0 * Tue Sep 07 2021 Trevor Vaughan <tvaughan@onyxpoint.com> - 7.0.0 - Changed set/get from `master` to `server` in updates to the puppet configuration - Changed the check for puppetserver running from a fragile CRL query to the actual `status` endpoint and moved from `curl` to native `net/http` - Removed management of puppetdb components since it is no longer enabled by default. * Thu Jun 24 2021 Liz Nemsick <lnemsick.simp@gmail.com> - 7.0.0 - Removed support for EL6 - simp kv breaking changes: - Updated the `simp kv` command suite to work with simp-simpkv Puppet module version >= 0.8.0. - simp-simpkv 0.8.0 changed how global keys are accessed. - Only impacts sites that explicitly enabled the experimental simpkv capability. - simp CLI changes: - Dropped support for Puppet 5. - simp config changes: - Updated LDAP configuration to use 389ds, when the SIMP server is the LDAP is on EL>7. - Configures the LDAP server to be the SIMP 389ds accounts instance - Configures the LDAP client to communicate with the 389ds server. - Updated the logic that extracts existing DNS configuration to handle scenarios in which /etc/resolv.conf is not available. - Added option to configure a local user with ssh and sudo privileges to prevent server lockout, when SIMP is not installed from ISO. - Especially important for cloud instances when the user does not have console access. - Specified local user will be created if not already present. - If the specified local user exists and has authorized ssh keys, the keys will be copied to /etc/ssh/local_keys/, the default location of local user ssh authorized key files in SIMP. IMPORTANT: Any future updates to a users's ssh authorized key list must be made to the user's file in /etc/ssh/local_keys/. - Moved the mechanism to set the SIMP server's grub password to Puppet. - The password is now set via simp_grub::password instead of grub::password. - Fixed a bug in which running `simp config` multiple times could result in multiple /etc/hosts entries for the puppetserver. - Removed the OBE action that created an updates repo in /var/www/yum and disabled CentOS repos, when SIMP was installed via ISO. - Updated the list of packages to verify when SIMP is not installed via ISO. * Thu Jun 17 2021 Jeanne Greulich <jeanne.greulich@onyxpoint.com> - 7.0.0 - simp config changes: - The LOCAL sssd domain is no longer needed for sssd to start. The sssd::domains value is now only set if the SIMP server is the LDAP server. - Configure simp_options::ntp::servers instead of deprecated simp_options::ntpd::servers. - Set the NTP server defaults for ntpd and chronyd. simp_options::ntp::servers is intended to be the default NTP server settings for a SIMP system, regardless of whether it uses ntpd or chronyd. However, the chrony module does not use simp_options, because it is not a SIMP-maintained module. To work around this, `simp config` was updated to set chrony::servers to an alias of simp_options::ntp::servers in hieradata. - Check for both ntpd and chronyd settings when determining the OS defaults for simp_options::ntp::server, not just ntpd settings. * Thu Dec 10 2020 Chris Tessmer <chris.tessmer@onyxpoint.com> - 7.0.0 - Bumped .gemspec dependencies to mitigate CVE-2020-8130 -
7.0.0-pre2
c15517ab · ·7.0.0-pre2 Pre-release 7.0.0-pre2 - simp kv: - Updated the `simp kv` command suite to work with simp-simpkv Puppet module version >= 0.8.0. - simp-simpkv 0.8.0 changed how global keys are accessed. - Only impacts sites that explicitly enabled the experimental simpkv capability. - simp config: - The LOCAL sssd domain is no longer needed for sssd to start. The sssd::domains value is now only set if the SIMP server is the LDAP server. - Updated LDAP configuration to use 389ds, when the SIMP server is the LDAP is on EL>7. - Configures the LDAP server to be the SIMP 389ds accounts instance - Configures the LDAP client to communicate with the 389ds server. - Moved the mechanism to set the SIMP server's grub password to Puppet. - The password is now set via simp_grub::password instead of grub::password. - Configure simp_options::ntp::servers instead of deprecated simp_options::ntpd::servers. - Bumped .gemspec dependencies to mitigate [CVE-2020-8130] and [CVE-2017-8418] - simp config: - Added option to configure a local user with ssh and sudo privileges to prevent server lockout, when SIMP is not installed from ISO. - Especially important for cloud instances when the user does not have console access. - Specified local user will be created if not already present. - If the specified local user exists and has authorized ssh keys, the keys will be copied to /etc/ssh/local_keys/, the default location of local user ssh authorized key files in SIMP. IMPORTANT: Any future updates to a users's ssh authorized key list must be made to the user's file in /etc/ssh/local_keys/. - Set the NTP server defaults for ntpd and chronyd. simp_options::ntp::servers is intended to be the default NTP server settings for a SIMP system, regardless of whether it uses ntpd or chronyd. However, the chrony module does not use simp_options, because it is not a SIMP-maintained module. To work around this, `simp config` was updated to set chrony::servers to an alias of simp_options::ntp::servers in hieradata. - simp config: - Fixed a bug in which running `simp config` multiple times could result in multiple /etc/hosts entries for the puppetserver. - Check for both ntpd and chronyd settings when determining the OS defaults for simp_options::ntp::server, not just ntpd settings. - simp CLI: - Dropped support for Puppet 5 - Removed support for EL6 -
7.0.0-pre1
a70f6571 · ·Pre-release 7.0.0-pre1 #### BREAKING CHANGES - simp kv: - Updated the `simp kv` command suite to work with simp-simpkv Puppet module version >= 0.8.0. - simp-simpkv 0.8.0 changed how global keys are accessed. - Only impacts sites that explicitly enabled the experimental simpkv capability. #### Changed - simp config: - The LOCAL sssd domain is no longer needed for sssd to start. The sssd::domains value is now only set if the SIMP server is the LDAP server. - Updated LDAP configuration to use 389ds, when the SIMP server is the LDAP is on EL>7. - Configures the LDAP server to be the SIMP 389ds accounts instance - Configures the LDAP client to communicate with the 389ds server. - Moved the mechanism to set the SIMP server's grub password to Puppet. - The password is now set via simp_grub::password instead of grub::password. - Configure simp_options::ntp::servers instead of deprecated simp_options::ntpd::servers. - Bumped .gemspec dependencies to mitigate [CVE-2020-8130] and [CVE-2017-8418] #### Added - simp config: - Added option to configure a local user with ssh and sudo privileges to prevent server lockout, when SIMP is not installed from ISO. - Especially important for cloud instances when the user does not have console access. - Specified local user will be created if not already present. - If the specified local user exists and has authorized ssh keys, the keys will be copied to /etc/ssh/local_keys/, the default location of local user ssh authorized key files in SIMP. IMPORTANT: Any future updates to a users's ssh authorized key list must be made to the user's file in /etc/ssh/local_keys/. - Set the NTP server defaults for ntpd and chronyd. simp_options::ntp::servers is intended to be the default NTP server settings for a SIMP system, regardless of whether it uses ntpd or chronyd. However, the chrony module does not use simp_options, because it is not a SIMP-maintained module. To work around this, `simp config` was updated to set chrony::servers to an alias of simp_options::ntp::servers in hieradata. #### Fixed - simp config: - Fixed a bug in which running `simp config` multiple times could result in multiple /etc/hosts entries for the puppetserver. - Check for both ntpd and chronyd settings when determining the OS defaults for simp_options::ntp::server, not just ntpd settings. #### Removed - simp CLI: - Dropped support for Puppet 5 - Removed support for EL6 -
6.1.0
580beed8 · ·Release of 6.1.0 * Wed Oct 07 2020 Liz Nemsick <lnemsick.simp@gmail.com> - 6.1.0 - Updated SIMP internet repositories configured by 'simp config' - Now uses simp-project.com repositories via new ``simp::yum::repo::internet_simp`` class - The packagecloud repositories are no longer being updated. - Added instructions to the local user lockout warning message in the bootstrap lock file: - Explain how to create a metadata.json file with the correct module dependencies for the sample Puppet code. - Tell the user to check that they can ssh into the server with the new user after bootstrap but before rebooting. This step is imperative to ensure that the user can also get through Puppet-managed authentication! - Fixed the following: - Bug in which `simp config` did not allow DNS domains that did not include at least one '.'. Domains are now validated per RFC 3696. - Typo in a simp cli message about applying FACLs. - Incorrect path for the location of the SIMP server hieradata file in the local user lockout warning message in the bootstrap lock file. - Missing instructions in the local user lockout warning message about adding `passwd => false` to `simp::user_specification` for users who log in without a password. -
6.0.3
eccd8f64 · ·Release of 6.0.3 * Wed Sep 30 2020 Liz Nemsick <lnemsick.simp@gmail.com> - 6.0.3 - Fixed a bug where 'simp config' recommended the wrong SSSD domain, when the SIMP server was not the LDAP server. It recommended the 'Local' domain, when the appropriate SIMP-created domain with the 'local' (EL6) or 'files' (EL7) provider is 'LOCAL'. -
6.0.2
bfdccbc7 · ·Release of 6.0.2 * Thu Sep 10 2020 Liz Nemsick <lnemsick.simp@gmail.com> - 6.0.2 - Fixed a typo in an error message emitted when `simp config` cannot proceed because the environment to configure already exists. - Fixed a bug in `simp environment new` in which the actual failure messages from a failed `setfacl --restore` execution are not logged. - Updated HighLine from version 1.7.8 to 2.0.3. -
6.0.0
957e3edb · ·Release 6.0.0 * Thu Aug 13 2020 Trevor Vaughan <tvaughan@onyxpoint.com> - 6.0.0 - Allow users to set the SIMP_ENVIRONMENT environment variable to change the initial environment from 'production' to a custom value - Fixed an issue where --dry-run would prompt the user to apply instead of simply skipping to the (skipped) action items and then writing the ~/.simp/simp_conf.yaml file - Ensure that `simp config` uses the `simp::classes` parameter instead of `classes` by default - Accept both `simp::classes` and `classes` as valid existing configurations * Fri Jan 03 2020 Liz Nemsick <lnemsick.simp@gmail.com> - 6.0.0 - Added simp kv command family to allow users to manage and inspect entries in a simpkv key/value store - simp passgen changes - Split into sub-commands for ease of use: - 'simp passgen envs': List environments that may have 'simplib::passgen' passwords - 'simp passgen list': List names of 'simplib::passgen' passwords - 'simp passgen remove': Remove 'simplib::passgen' passwords - 'simp passgen set': Set 'simplib::passgen' passwords - 'simp passgen show': Show 'simplib::passgen' passwords and other stored attributes - Updated to work with simpkv-enabled simplib::passgen. Automatically detects whether simplib::passgen is operating in legacy mode or simpkv mode in the specified environment, and then executes password operations using the appropriate mechanism for that mode. - When setting passwords, disabled libpwquality/cracklib validation of user-entered passwords, by default, because not all passwords managed by simplib::passgen are user passwords. This validation can be re-enabled with the '--validate' option of the 'simp passgen set' command. - Added the following command line options when creating passwords - '--[no-]auto-gen': Whether to auto-generate new passwords. - '--complexity': Password complexity to use when a password is auto-generated. Corresponds to the complexity option of simplib::passgen. - '--[no-]complex-only': Whether to only use only complex characters when a password is auto-generated. Corresponds to the complex_only option of simplib::passgen. key/value store. - '--[no-]validate': Enabled validation of new passwords with libpwquality/cracklib. - '--length': Password length to use when a password is auto-generated. - Added '--[no-]details' option when showing password information. When enabled, all available password information is displayed, not just the current and previous password values. - simp config changes - Removed deprecated '--non-interactive' option. Use '--force-defaults' instead. * Fri Aug 30 2019 Trevor Vaughan <tvaughan@onyxpoint.com> - 6.0.0 - Fix Puppet Enterprise support -
5.0.3
44eaa3e0 · ·Release of 5.0.3 * Wed Aug 07 2019 Liz Nemsick <lnemsick.simp@gmail.com> - 5.0.3 - Fix errata in instructions on how to prevent possible root lockout from the SIMP server. -
5.0.2
7f5557e2 · ·Release of 5.0.2 * Tue Jul 30 2019 Liz Nemsick <lnemsick.simp@gmail.com> - 5.0.2 - Flesh out incomplete instructions on how to prevent possible root lockout from the SIMP server. - Fixed a typo in `simp environment new` built-in help. - Fixed errata in `simp environment fix` built-in help. -
5.0.1
b9d8bea6 · ·Release of 5.0.1 * Thu Jul 11 2019 Michael Morrone <michael.morrone@onyxpoint.com> - 5.0.1 - Fixed a bug in which the tftpboot images copied into the rsync space in SIMP's secondary environment were not world readable. This prevented clients from PXE booting. -
5.0.0
a0e59b51 · ·Release for 5.0.0 * Tue Jun 11 2019 Chris Tessmer <chris.tessmer@onyxpoint.com> - 5.0.0 - Added 'simp environment' command - Added `simp environment new` subcommand - Added `simp environment fix` subcommand - Added `simp puppetfile generate` command - `simp puppetfile` command - `simp puppetfile generate` sub-command - Fixed various annoyances that prevented local smoke tests with `bin/simp` - Avoid using AIO Puppet with `USE_AIO_PUPPET=no` - Load all `simp` commands without `simp config` failing in non-puppetserver environments (`simp config` still fails as expected) - Moved logger to `Simp::Cli::Logging` - Fixed gem dependency-related warning when `simp` is run on real OSes - Updated dependency constraints in gemspec - Removed unnecessary ENV wrapper from gemspec - Documented changes in README.md * Fri Jun 07 2019 Liz Nemsick <lnemsick.simp@gmail.com> - 5.0.0 - 'simp' change: - Standardized help mechanism to be -h at all levels (main, command, subcommand) - Added descriptions to top level help command list - Added 'rsync' and 'git' to the RPM requires list. - 'simp' change: - Fixed bug in which the wrong Facter environment variable was set - 'simp config' changes: - Created a placeholder for where the OmniEnvController from the future 'simp environment' command would be used to set up the initial SIMP puppet and secondary environments. - Mock use of 'simp environment' code to set up the initial SIMP puppet and secondary environments. - Now require the user to use a new command line option, '--force-config', when the user wants to re-configure an existing SIMP puppet environment - Changed default environment from 'simp' (with corresponding 'production' link) to 'production' - Restricted non-root user to only be able to run in '--dry-run' mode. This was all that the user could actually do, but, without enforcement, lead to unexpected failures. - Fixed a bug in which the check for Puppet Enterprise was incorrect. This resulted in incorrect puppetserver ports. - Reworked questionnaire to allow the user to opt out of LDAP all together - Removed code that loaded the scenario YAML files - Defer most actions until after all information has been gathered, instead of running them immediately. - When queries are appropriate, ask the user if they want to apply the configuration. - Group the deferred actions logically, so that the sequence of actions makes sense to the user. - Improved introductory text and descriptions of a few items that have been confusing for users - Removed the ability for a non-root user to set the Puppet digest algorithm. This was a bug. - In cli::network::interface item, try to recommend an interface that has an IPv4 address set. Also print out the list of available interfaces and their corresponding IPv4 addresses (when set) in the description. - In cli::network::hostname item, when `hostname -A` returns more than one entry, iterate through all entries to try to find one that passes FQDN validation, instead of grabbing the first one. - Fail when the default, non-interactive value for a data item fails validation. - Added simp-cli version to the answers file as a YAML entry. - 'simp bootstrap' changes: No longer checks for the 'simp' Puppet and secondary environments (with their corresponding 'production' links) and fails if they do not exist. Instead, checks for the existence of SIMP Puppet and secondary 'production' environments and fails if both are not present. - Checks validity of manifests in the 'production' environment, not 'simp' environment, as the link that made them equivalent is OBE. - Fixed a bug in which the check for Puppet Enterprise was incorrect. This would result in Puppet FOSS-specific bootstrap operations being executed. - Added an additional puppet agent tagged run on the bootstrap port - Added more log messages to make bootstrap process more clear * Wed Apr 03 2019 Jim Anderson <thesemicolons@protonmail.com> - 5.0.0 - Added message to bootstrap.rb indicating that puppetserver has been reconfigured to listen on a specific port. This message will be displayed if the port is changed to 8140, or if it remains on 8150. - Fixed bug in which 'simp config' failed to find the template SIMP server host YAML file, puppet.your.domain.yaml, from /usr/share simp/environments/simp. This bug caused subsequent 'simp config' runs to fail, when the SIMP server hostname had changed from the hostname used in the first 'simp config' run. * Mon Mar 18 2019 Trevor Vaughan <tvaughan@onyxpoint.com> - 5.0.0 - Ensure that a FQDN is used when running `simp config` - Ensure that a FQDN is set when running `simp bootstrap` - Fixed a bug where the web-routes.conf file was not being overwritten with a pristine copy. This meant that multiple calls to `simp bootstrap` would fail due to leftover CA entries in the file. The error provided is not clear and has been provided upstream to Puppet, Inc. - Fixed a typo in an info block that would cause 'simp bootstrap' to fail if it had already been successfully run. -
4.4.0
c35a9864 · ·Release of 4.4.0 * Tue Jan 15 2019 Liz Nemsick <lnemsick.simp@gmail.com> - 4.4.0 - Added a `simp bootstrap` option to set the wait time for the puppetserver to start during the bootstrap process. -
-
4.3.1
bd5ab457 · ·Release of 4.3.1 * Tue Nov 27 2018 Jeanne Greulich <jeanne.greulich@onyxpoint.com> - 4.3.1 - Added missing dependencies to the rubygem-simp-cli.spec file
-
4.3.0
dd4ffb34 · ·Release of 4.3.0 * Tue Oct 12 2018 Chris Tessmer <chris.tessmer@onyxpoint.com> - 4.3.0 - `simp config` removes the deprecated Puppet setting `trusted_server_facts` - Add `:version` to `Simp::Cli::Utils.puppet_info` * Tue Oct 09 2018 Chris Tessmer <chris.tessmer@onyxpoint.com> - 4.3.0 - Fixed `simp bootstrap` errors in puppetserver 5+: - No longer overwrites `web-routes.conf` (fixes fatal configuration error) - No longer adds `-XX:MaxPermSize` for Java >= 8 (fixes warnings at restart) * Mon Oct 01 2018 Liz Nemsick <lnemsick.simp@gmail.com> - 4.3.0 - Update 'simp config' to support environment-specific Hiera 5 configuration provided by SIMP-6.3.0. - Assumes a legacy Hiera 3 configuration, when the 'simp' environment only contains a 'hieradata' directory. - Assumes a Hiera 5 configuration configuration, when the 'simp' environment contains both a 'hiera.yaml' file and a 'data/' directory. - Fails to run otherwise, as neither stock SIMP configuration has been found and 'simp config' cannot safely modify hieradata. -
4.2.0
caabbaac · ·Release of 4.2.0 * Sun Jul 15 2018 Trevor Vaughan <tvaughan@onyxpoint.com> - 4.2.0 - Stripped trailing whitespace - Adjusted bootstrap to detect PE and avoid operations that are detrimental to proper operation - Made a few adjustments for overall safety - Fixed dependency loading for 'highline/import' by clearing the gem cache -
4.1.0
def7cd96 · ·Release of 4.1.0 * Mon Apr 23 2018 Jeanne Greulich <jeanne.greulich@onyxpoint.com> - 4.1.0 - removed simp_options::selinux references in tests. - update setting of grub2 password to use augeausproviders_grub. * Wed Apr 11 2018 Liz Nemsick <lnemsick.simp@gmail.com> - 4.1.0 - 'simp config' bug fixes - Fixed bug in which '{' and '}' characters in console error messages resulted in obscure Ruby parsing failures. - Fixed bug in which existing non-local NTP servers configuration was not presented to the user as a recommended value for simp_options::ntpd::servers. - Fixed a bug in simp config in which the grub password could be **silently** generated and set when the -f option was used. The user would have no way to figuring out the value of the grub password in that scenario. - 'simp config' enhancements - Reworked password entry to act more like traditional Linux password changing programs - Improved input validation and error handling: - Improved password validation. This validation now uses pwscore, when available. cracklib-check is used otherwise. **CAUTION**: Existing passwords may not pass current validation. - When interactive operation is permitted, always query the user for replacement values for invalid answers provided by file or command command line KEY=VALUE input. Previously, for items that 'simp config' would normally automatically assign without user input, 'simp config' would automatically (and sometimes silently), replace the invalid values. This both hid errors and yielded unexpected settings. - Verify <password, password hash> pairs provided by file or command line KEY=VALUE input are valid. Previously, a user could pre-assign LDAP Bind/Sync passwords that did not match their respective password hashes. - Log problems with invalid answers provided by file or command line KEY=VALUE input when the answer is processed, not when it is first read in. Previously, validation error messages were totally disassociated from the values causing the errors. - Added an option to disable queries (-D,--disable-queries) whether or not an input answers file is being used. This feature is a functioning replacement for the previously removed -ff capability. - Deprecated the --non-interactive long name of -f in favor of a more accurately-named replacement, --force-defaults. --non-interactive will be removed in a future release. - 'simp passgen' - Fixed bug in which password filenames containing one or more '.' characters could not be listed, added, or removed. - Added password auto-generation capability to password setting operation. - Added backup of password salt files, when passwords are backed up. - Per security best practices, when a password is updated, now removes the salt file corresponding to an old password. - Improved password validation. This validation now uses pwscore, when available. cracklib-check is used otherwise. **CAUTION**: Existing passwords may not pass current validation. - General updates - No longer emit Ruby backtraces for errors for which a backtrace provides no additional information. -
4.0.5
ee69ecfa · ·Release of 4.0.5 * Fri Mar 16 2018 Trevor Vaughan <tvaughan@onyxpoint.com> - 4.0.5 - Prior to bootstrap, we now ensure that the site.pp and site module code is valid so that we don't have confusing delays after waiting for multiple failing Puppet runs. - Clarified the message when bootstrap is locked - Ensured that backtraces are not displayed to the user on known bootstrap failure cases * Mon Mar 12 2018 Liz Nemsick <lnemsick.simp@gmail.com> - 4.0.5 - Set the ownership and permissions of files generated by simp cli, instead of allowing them to be set to those of the root user. This is part of the fix to the failure of SIMP to bootstrap on a system on which root's umask has already been restricted to 077. * Thu Feb 08 2018 Liz Nemsick <lnemsick.simp@gmail.com> - 4.0.5 - Fix bug in which simp config failed to set the GRUB password on a CentOS 6 system booted using EFI * Wed Jan 31 2018 Liz Nemsick <lnemsick.simp@gmail.com> - 4.0.5 - Clarify confusing svckill::mode description provided by simp config - Use modern OS facts in simp config, instead of legacy facts that require LSB packages to be installed.