-
The install_agent plugin has been officially removed. The
install_agentplugin was deprecated in version 1.35 in favor of thepuppet_agentplugin, and is now removed. The plugins have the exact same behavior. -
Support for plan method
Target.new(<uri>, <options>)will be dropped in Bolt 2.0. UseTarget.new(<config>), whereconfigis a hash with the same structure used to define targets in the inventory V2 file. See the docs for more information and examples. -
Support for
optionskey in the hash parameter forTarget.new()plan function will be dropped in Bolt 2.0. UseTarget.new(<config>), whereconfigis a hash with the same structure used to define targets in the inventory V2 file. See the docs for more information and examples.
-
SSH commands will run from the home directory of the run-as user, not the connected user (#1518)
Connecting via SSH and then switching users will now run as though it had connected as the new user in the first place, using that user's home directory as the working directory.
-
Support for the
bolt-inventory-pdbcommand will be dropped in Bolt 2.0. Users can use the puppetdb inventory plugin with a v2 inventory file to lookup targets from PuppetDB. -
Support for the v1 inventory files will be dropped in Bolt 2.0. Inventory files can be migrated automatically using the
bolt project migratecommand.
-
Packages for Fedora 31 (#1373)
Bolt packages are now available for Fedora 31.
-
Node definitions are supported when applying manifest code (#1338)
Node definitions can now be used with
bolt apply(but not yet withapply()blocks in plans). This makes it easier to reuse existing Puppet codebases with Bolt. -
Support trusted external facts (#1431)
A new Bolt configuration option
trusted-external-commandconfigures the path to the executable on the Bolt controller to run to retrieve trusted external facts. If configured, trusted external facts are available when running Bolt. This feature is experimental in both Puppet and Bolt, and this API may change or be removed.
-
New
file::joinplan function (#837)The new plan function,
file::join, allows you to join file paths using the separator/.
-
The ssh configuration option
key-datawas not compatible with thefutureflag (#1504)Bolt no longer attempts to expand a
private-keyconfigurationHashwhenkey-datais being used in conjunction with thefuturesetting.
-
Plan language objects available inside apply blocks (#1244)
Previously, plan language objects (Result, ApplyResult, ResultSet, and Target) were not available inside apply blocks as objects, only as flat data. They're now accessible as read-only objects, where functions that modify the object (such as
$target.set_var) are not available but functions that read data (such as$target.vars) can be used. -
run_planplan function will specify a plan's$targetsparameter using the second positional argument (#1446)When running a plan with a
$targetsparameter with therun_planplan function, the second positional argument can be used to specify the$targetsparameter. If a plan has a$nodesparameter, the second positional argument will only specify the$nodesparameter. -
Add
script-diroption for specifying predictable subpath to the tmpdirWhen uploading files to remote targets, Bolt uploads them to a tmpdir which includes a randomized directory name. The
script-diroption sets a predictable subdirectory fortmpdirwhere files will be uploaded. -
Bundled content updated to use
$targetsparameter (#1376)Plans that are part of the
canary,puppetdb_fact, andaggregatemodules have been updated to use a$targetsparameter instead of$nodes. Theaggregate::nodesplan still uses a$nodesparameter, but the module now includes aaggregate::targetsplan that uses a$targetsparameter. -
Add
sudo-executabletransport configuration option (#1200)When using
run-as, thesudo-executabletransport configuration option can be used to specify an executable to use to run as another user. This option can be set in alocalorsshconfig map or with the--sudo-executableflag on the CLI. This feature is experimental.
-
CLI help text updated to be more consistent with other Puppet tools (#1441)
Bolt's help text has been reformatted to be more consistent with the formatting in other Puppet tools.
-
Packages for Debian 10 (#1444)
Bolt packages are now available for Debian 10.
-
SSH transport sets
sudo-passwordto the same value aspasswordby default (#1425)If
sudo-passwordis not set when usingrun-as, Bolt will set the value ofsudo-passwordto match the value ofpassword. This behavior is gated on the future config option, and will be available by default in Bolt 2.0.
-
Default PuppetDB config lookup used hardcoded path in Windows (#1427)
Bolt will now lookup the default PuppetDB config at
%COMMON_APPDATA%\PuppetLabs\client-tools\puppetdb.confinstead of the hardcoded pathC:\ProgramData\PuppetLabs\client-tools\puppetdb.conf. -
Bolt could not find plans in subdirectories of
plansdirectory (#1473)Bolt now searches for subdir paths, under the
plansdirectory, for plan names when determining if the plan is a Puppet or YAML plan.
-
Added
target_mappingfield interraformandaws_inventoryinventory plugins (#1404)The
terraformandaws_inventoryinventory plugins have a newtarget_mappingfield which accepts a hash of target configuration options and the lookup values to populate them with. -
Ruby helper library for inventory plugins (#1404)
A new library has been added to help write inventory plugins in Ruby:
Use this library to map lookup values to a target's configuration options in a
resolve_referencestask.
-
bolt plan showdisplays plan and parameter descriptions (#1442)bolt plan shownow uses Puppet Strings to parse plan documentation and show plan and parameter descriptions as well as parameter defaults. -
New
remove_from_groupplan function (#1418)The new plan function,
remove_from_group, allows you to remove a target from an inventory group during plan execution. -
Added
target_mappingfield inpuppetdbinventory plugin (#1408)The
puppetdbinventory plugin has a newtarget_mappingfield which accepts a hash of target configuration options and the facts to populate them with.
-
Task metadata can now specify parameter defaults (#1394)
Parameter defaults can be set in the task metadata file and will be used if no value is supplied for the parameter.
-
bolt inventory show --detaildid not display all target aliases (#1379)Bolt now displays aliases from all groups, where a target is a member, in the output for
bolt inventory show --detail. Previously, only the rightmost alias appeared in the output. -
Plugins did not ignore command line flags (#1382)
When running plugins locally to populate config or inventory information, command line flags such as
--run-aswill no longer be applied to the local transport. -
Optional plan parameters referenced in
applyblocks issued warning (#1288)Previously, plan parameters that were explicitly set to
undef(optional parameters) and were referenced in anapplyblock resulted in a warning message when applying Puppet code. The warning is no longer issued when optional parameters are referenced.
-
Addition of a YAML plugin (#1358)
Bolt now includes a plugin to look up data from a YAML file which allows multiple YAML files to be composed into a single Bolt inventory file. This is useful to breakup a large monolithic inventory file or to load user specific data, like credentials, from outside the project directory.
-
Pass value of
--targetsor--nodestoTargetSpec $targetplan parameter (#1175)Bolt now passes the value of
--targetsor--nodesto plans with aTargetSpec $targetsparameter. -
Support
_run_asparameter for puppet_library hook (#1191)Bolt now accepts the
_run_asmetaparameter for puppet_library hooks._run_asspecifies which user the library install task will be executed as. -
Added
--password-promptand--sudo-password-promptto CLI flags (#1269)Two new flags have been added to support users who would like to set a
passwordorsudo-passwordfrom a prompt without using a plugin. A deprecation message will appear when a value is not supplied for--passwordor--sudo-password. -
Subcommand
project migratenew to the CLI (#1377)The CLI now provides the subcommand
project migratewhich migrates Bolt projects to the latest version. When migrating a project the inventory file will be changed fromv1tov2. Changes are made in place and will not preserve comments or formatting. -
Plugin support in
bolt.yml(#1381)Plugin configuration can now be set by looking up data from other plugins. For example, the password for one plugin can be queried from another plugin.
-
Bolt issued an error for unset environment variables with
system::env(#1414)The
system::envfunction no longer errors when the environment variable is unset. -
Results from
file::existsandfile::readableerrored (#1415)The
file::existsandfile::readablefunctions no longer error when the file path is specified relative to a module and the file doesn't exist.
-
New
resolve_referencesplan function (#1365)The new plan function,
resolve_references, accepts a hash of structured data and returns a hash of structured data with all plugin references resolved.
-
Allow optional
--passwordand--sudo-passwordparameters (#1269)Optional parameters for
--passwordand--sudo-passwordwere prematurely removed. The previous behavior of prompting for a password when an argument is not specified for--passwordor--sudo-passwordhas been added back. Arguments will be required in a future version.
-
Change arguments for
--passwordand--sudo-passwordfrom optional to required (#1269)The
--passwordand--sudo-passwordoptions now require a password as an argument. Previously, if the password was omitted the user would be prompted to enter one. To continue to be prompted for a password, use thepromptplugin. -
Favor
--targetsover--nodes(#1375)The
--nodescommand line option has been deprecated in favor of--targets. When using--nodes, a deprecation warning will be displayed.
-
Add
--detailoption forinventory showcommand (#1200)The
inventory showcommand now supports a--detailoption to show resolved configuration for specified targets. -
promptmessages print tostderr(#1269)The
promptplugin now prints messages tostderrinstead ofstdout. -
Subcommand
project initnew to the CLI (#1285)The CLI now provides the subcommand
project initwhich creates a new filebolt.yamlin the current working directory, making the directory a Bolt project directory. -
Bolt issues a warning when inventory overrides a CLI option (#1341)
Bolt issues a warning when an option is set both on the CLI and in the inventory, whether the inventory loads from a file or from the
bolt_inventoryenvironment variable.
-
Some configured paths were relative to Boltdir and some were relative to the current working directory (#1162)
This fix standardizes all configured paths, including the modulepath, to be relative to the Boltdir. It only applies to file-based configs, not command line flags which expand relative to the current working directory. It is gated on the future config option, and will be available by default in Bolt 2.0.
-
Replace
install_agentplugin withpuppet_agentmodule (#1294)The
puppetlabs-puppet_agentmodule now provides the same functionality as theinstall_agentplugin did previously. Theinstall_agentplugin has been removed and thepuppet_agentmodule is now the default plugin for thepuppet_libraryhook. If you do not use the bundledpuppet_agentmodule you will need to update to version2.2.1of the module. If you reference theinstall_agentplugin you will need to now referencepuppet_agentinstead.
-
Support
limitoption fordo_untilfunction (#1270)The
do_untilfunction now supports alimitoption that prevents it from iterating infinitely. -
Improve parameter passing for module plugins (#1322)
In the absence of a
configsection inbolt_plugin.json, Bolt will validate any configuration options inbolt.yamlagainst the schema for each task of the plugin’s hook. Bolt passes the values to the task at runtime and merges them with options set ininventory.yaml.
-
Harmonize JSON and Puppet language
ResultObjects (#1245)Previously the JSON representation of a
Resultobject showed different keys than were available when working with the object in a plan. This feature makes the same keys available in both the JSON representation and the Puppet object. It is only available when thefutureflag is set totruein the bolt configuration file. -
The
add_factsplan function returns aTargetobject (#1211)The
add_factsfunction now returns aTargetobject to match theset_*plan functions for consistency and to allow chaining. This feature is only available when thefutureflag is set totruein the bolt configuration file.
-
Failed to log transport type when making a connection (#1307)
When making a connection to a target node, Bolt now logs the transport type (for example, WinRM or SSH) at debug level.
-
Error when calling
puppet_libraryhook of external plugin (#1321)Bolt no longer errors when calling the
puppet_libraryhook of a module-based plugin. -
apply_prepfailed whenplugin_hookskey was not set using inventory version 2 (#1303)When the
plugin_hookskey was not set for a target/group in inventory version 2, theapply_prepfunction would not work. Bolt now uses the defaultplugin_hooksand honorsplugin_hooksfrom Bolt config when using inventory version 2. -
Unhelpful error message when parsing malformed
yamlfiles (#1296)When parsing a malformed
yamlfile, Bolt now gives an error message containing the path to the file and the line and column in the file where the error originated. -
run_taskfunction didn't respect_noopoption (#1207)When calling the
run_taskfunction from a plan with the_noopmetaparameter,_noopis now passed to the task.
-
Bolt failed to load
azure_inventoryplugin (#1301)Bolt now looks in the default modulepath when loading plugins, so it can successfully load the Azure inventory plugin.
-
When referring to
Targets in log or output, use theirsafe_name(#1243)When using inventory version 2, a
Target'ssafe_nameis theuriminus the password (unless theTargethas an explicitly definedname, in which casesafe_nameis the value ofname). For inventory version 1,safe_nameis the value ofhost. -
The
ResultSettype is now indexable (#1178)When working with
ResultSettypes in plans, use the bracket[]operator to getResultsby index. -
Log file transfer details at debug level (#1256)
When Bolt transfers a file, it logs hostname and filepath details at the debug level. Previously Bolt did not log this information.
-
The plan function
applyincorrectly returned successful if the report was unparseable (#1241)Unexpected results for the result of an
applyare now treated as errors. -
interpreterswith spaces fail with the WinRM transport (#1158)The
interpreterssetting on the WinRM transport now supports spaces in the path to an interpreter. -
Resource Types were not registered while running plans (#1140)
Running
puppetfile generate-typeswill now generate all built-in types and types on the modulepath, and make those resource types available for plan execution.
-
Azure inventory plugin (#1148)
A new module based plugin allows the discovery of Bolt targets from Azure VMs.
-
Clear API for
Target(#1125)An updated
TargetAPI for creating and configuring BoltTargetsduring plan execution with inventory version 2 is now available. -
New stub for
out::messageavailable forBoltSpec::Plans(#1217)Users can now use
BoltSpec::Plansto test plans that contain calls toout::message. -
New sub command
bolt group show(#537)The CLI now provides a new command
bolt group showthat will list all of the groups in the inventory file.
-
Spurious plan failures and warnings on startup
Eliminated a race condition with the analytics client that could cause Bolt operations to fail or extraneous warnings to appear during startup.
-
WARNING: Changes to
aws::ec2,pkcs7, andtaskplugins.To improve consistency of plugin behavior, there are three changes to plugins. The
aws::ec2plugin is now namedaws_inventory. Thepkcs7plugin now expects a field calledencrypted_valuerather thanencrypted-value. The task plugin now expects tasks to return both Target lists and config data under thevaluekey instead of thetargetsorvalueskeys.
-
Tried to read
cacertfile when using WinRM without SSL (#1164)When using the WinRM transport without SSL, Bolt no longer tries to read the
cacertfile. This avoids confusing errors whencacertis not readable. -
Some configuration options would not support file path expansion (#1174)
The
token-fileandcacertfile paths for the PCP transport, and thecacertfile path for the WinRM transport all now support file expansion.
-
Plugins can ship with modules (1.31.0)
Modules can now include Bolt plugins by adding a
bolt_plugin.jsonfile at the top level. Users can configure these task-based plugins inbolt.yaml. (#1133)
- WARNING: Starting with this release the puppetlabs apt repo for trusty (Ubuntu 1404) no longer contains new puppet-bolt packages.
-
applyblocks would ignore the_run_asargument passed to their containing plan (#1167)Apply blocks in sub-plans now honor the parent plan's
_run_asargument. -
Task parameters with
typein the name were filtered out in PowerShell version 2.x or earlier (#1205)PowerShell tasks executed on targets with PowerShell version 2.x or earlier can now use task parameters with the string
typein the name (though a parameter simply namedtypeis still incompatible). PowerShell version 3.x or higher does not have this limitation.
- WARNING: Ubuntu 14.04 support will be dropped in the near future. Users can install Bolt from the Ubuntu 16.04 package.
-
Allow users to configure
apply_prepplan function (#1123)Users can now configure how the Puppet agent gets installed when a plan calls the
apply_prepfunction. Users can configure two plugins:install_agent, which maintains previousapply_prepbehavior and is the defaulttask, which allows users to either use thepuppet_agent::installtask with non-default parameters, or use their own task.
-
Add CHANGELOG.md (#1138)
Bolt now tracks release notes about new features, bug fixes, and deprecation warnings in a
CHANGELOG.mdfile in the root of the repo. This file is updated per pull request. As the CHANGELOG file, I'd argue it's the best file in the whole repo.
-
task showandplan showmodulepaths used incorrect file path separator (#1183)The modulepath displayed by
bolt task showandbolt plan shownow uses an OS-correct file path separator. -
bolt-inventory-pdb was not installed on path (#1172)
During Bolt installation, the
bolt-inventory-pdbtool is now installed on the user's path. -
Task helpers did not print errors (puppetlabs/puppetlabs-ruby_task_helper#5 and puppetlabs/puppetlabs-python_task_helper#)
The Ruby task helper and Python task helper now wrap error results in
{ _error: < error >}and correctly display errors.
-
Tasks with input method
stdinhung with the--ttyoption (#1129)Tasks no longer hang over the SSH transport when the input method is
stdin, the--ttyoption is set, and the--run-asoption is unset. -
Docker transport was incompatible with the Windows Bolt controller (#1060)
When running on Windows, the Docker transport can now execute actions on Linux containers.
-
Remote state files for Terraform inventory plugin
The Terraform plugin for inventory configuration now supports both local and remote state files. (BOLT-1469)
-
Reorganized command reference documentation
The command reference documentation now shows a list of options available for each command, instead of having separate sections for commands and options. (BOLT-1422)
-
Using
--sudo-passwordwithout--run-asraised a warningCLI commands that contain
--sudo-passwordbut not--run-asnow run as expected without any warnings. (BOLT-1514)
-
YAML plans automatically call apply_prep before executing a resources step
Bolt automatically calls
apply_prepon all target nodes before running any resources step in a YAML plan. (BOLT-1451) -
Bolt images are published to Docker Hub
We now publish Bolt container images to the Puppet Docker Hub when releasing new versions. (BOLT-1407)
-
AWS plugin has a new location for configuring information
You now configure the AWS plugin in the configuration file's
pluginsection instead of itsawssection. (BOLT-1501) -
Use Vault KV secrets engine to populate inventory fields
You can now populate inventory configuration fields (such as passwords) by looking up secrets from a Vault KV engine. (BOLT-1424)
-
Users are alerted to analytics policies
When Bolt first runs, it warns users about collecting and sending analytics and gives instructions for turning analytics collection off. (BOLT-1487)
-
Improved documentation for converting plans from YAML to the Puppet language
Bolt documentation explains what structures within a YAML plan can't fully convert into a Puppet language plan. (BOLT-1286)
-
Bolt actions hung over SSH when
ProxyCommandis set in OpenSSH configA new
disconnect-timeoutconfiguration option for the SSH transport ensures that SSH connections are terminated. (BOLT-1423)
-
Calling
get_targetsin manifest blocks with inventory version 2 caused an exceptionget_targetsnow returns a newTargetobject within a manifest block with inventory version 2. When you pass the argumentallwith inventory v2,get_targetsalways returns an empty array. (BOLT-1492) -
Bolt ignored script arguments that contain "="
Bolt now properly recognizes script arguments that contain "=". For example,
bolt script run myscript.sh foo a=b c=d -n mynoderecognizes and uses all three arguments. (BOLT-1412)
-
Use WinRM with Kerberos
You can now use Kerberos to authenticate WinRM connections from a Linux host node. This feature is experimental. (BOLT-126)
-
New analytics about Boltdir usage
Bolt now reports analytics about whether it is using a Boltdir in the default location, a Boltdir in a user-specified location, or a bare
bolt.yamlwithout a Boltdir. (BOLT-1315) -
AWS inventory discovery integration
You can now dynamically load AWS EC2 instances as Bolt targets in the inventory. (BOLT-1328)
-
New analytics for inventory plugins
Bolt now sends an analytics event when it uses the built-in inventory plugins. (BOLT-1410)
-
Bolt debug output showed task and script arguments as Ruby hashes, not JSON
Bolt debug output now prints task and script arguments as JSON instead of Ruby hashes. (BOLT-1456)
-
out::messagedidn't print whenformat=jsonThe
out::messagestandard plan function now prints messages as expected even when it is configured to use JSON. (BOLT-1455)
-
Options for PCP transport now configurable in
bolt.yamlThe
job-poll-timeoutandjob-poll-interviewoptions for the PCP transport are now configurable inbolt.yaml. (BOLT-1425) -
Task plugin improvements
The
taskplugin now enables you to run a task to discover targets or look up configuration information in the version 2 inventory file. (BOLT-1408) -
Ability to see nodes in an inventory group
You can now see what nodes a Bolt command acts on using the
bolt inventory showsubcommand. Pass a targeting option, such as-n node1,node2,-n groupname,-q query,--rerun, and other targeting options to specify which nodes to list. (BOLT-1398) -
Support for an apply step
YAML plans now support applying Puppet resources with a
resourcesstep. (BOLT-1222)
-
Modulepath now handles folder names in uppercase characters on Windows
Bolt now prints a warning stating that it is case sensitive when the specified path is not found but another path is found with different capitalization. For example, if the actual path is
C:\User\Administrator\modulesbut the user specifiesC:\user\administrator\modules, a warning states that the specified path was not used and that the correct path isC:\User\Administrator\modules. (BOLT-1318)
-
out::messagedidn't work insidewithout_default_loggingThe
out::messagestandard library plan function now works within awithout_default_loggingblock. (BOLT-1406) -
Task action stub parameter method incorrectly merged options and arguments
When a task action stub expectation fails, the expected parameters are now properly displayed. (BOLT-1399)
-
lookups removed from target_lookups
We have deprecated the target-lookups key in the experimental inventory file v2. To address this change, migrate any target-lookups entries to targets and move the plugin key in each entry to _plugin.
-
Help text only lists options for a given command
Help text now only shows options for the specified subcommand and action. Previously, all options were displayed in the help text, even if those options did not apply to the specified subcommand and action. (BOLT-1342)
-
Packages for Fedora 30
Bolt packages are now available for Fedora 30. (BOLT-1302)
-
Adds support for embedding eyaml data in the inventory
This change adds a hiera-eyaml compatible pkcs7 plugin and support for embedding eyaml data in the inventory. (BOLT-1270)
-
Allow
$nodesas positional arg forrun_planThis change allows the
run_planfunction to be invoked with$nodesas the second positional argument, so that it can be used the same wayrun_taskis used. (BOLT-1197)
-
catch_errorsfunctionThe new plan function,
catch_errors, accepts a list of types of errors to catch and a block of code to run where, if it errors, the plan continues executing. (BOLT-1316) -
Forge
baseurlsetting inpuppetfileconfigThe
puppetfileconfig section now supports a Forge subsection that you can use to set an alternate Forge location from which to download modules. (BOLT-1376)
-
The
wait_until_availablefunction returned incorrect results using orchestratorWhen using the PCP transport, the plan function
wait_until_availablenow returns error results only for targets that can't be reached. (BOLT-1382) -
PowerShell tasks on localhost didn't use correct default
PS_ARGSPowerShell scripts and tasks run over the local transport on Windows hosts no longer load profiles and are run with the
Bypassexecution policy to maintain parity with the WinRM transport. (BOLT-1358)
-
Proxy configuration
You can now specify an HTTP proxy for
bolt puppetfile installinbolt.yaml, for example:puppetfile: proxy: https://proxy.example.com -
Support for version 4 Terraform state files
Target-lookups using the Terraform plugin are now compatible with the version 4 Terraform state files generated by Terraform version 0.12.x. (BOLT-1341)
-
Prompt for sensitive data from inventory v2
A new
promptplugin in inventory v2 allows setting configuration values via a prompt. (BOLT-1269)
-
Set custom exec commands for Docker transport
New configuration options,
shell-commandandtty, for the Docker transport allow setting custom Docker exec commands. -
Check existence and readability of files
New functions,
file::existsandfile::readable, test whether a given file exists and is readable, respectively. (BOLT-1338) -
Output a message
The new
out::messagefunction can be used to print a message to the user during a plan. (BOLT-1325) -
Return a filtered ResultSet with a ResultSet
A new
filter_setfunction in theResultSetdata type filters aResultSetwith a lambda to return aResultSetobject. (BOLT-1337) -
Improved error handling for unreadable private keys
A more specific warning is now surfaced when an SSH private key can't be read from Bolt configuration. (BOLT-1297)
-
Look up PuppetDB facts in inventory v2
The PuppetDB plugin can now be used to look up configuration values from PuppetDB facts for the
name,uri, andconfiginventory options for each target. (BOLT-1264)
-
Configuration location ~/.puppetlab/bolt.yaml
When the Boltdir was added as the local default configuration directory, the previous directory,
~/.puppetlab/bolt.yaml, was deprecated in favor of~/.puppetlabs/bolt/bolt.yaml. For more information on the current default directory for configfile, inventoryfile and modules, see Configuring Bolt. (BOLT-503)
-
Terraform plugin in inventory v2
A new plugin in inventory v2 loads Terraform state and map resource properties to target parameters. This plugin enables using a Terraform project to dynamically determine the targets to use when running Bolt. (BOLT-1265)
-
Type info available in plans
A new
to_datamethod is available for plan result objects that provides a hash representation of the object. (BOLT-1223) -
Improved logging for apply
The Bolt
applycommand and theapplyfunction from plans now show log messages for changes and failures that happened while applying Puppet code. (BOLT-901)
-
Inventory was loaded for commands that didn't use it
Inventory was loaded even for commands that don't use targets, such as
bolt task show. An error in the inventory could subsequently cause the command to fail. (BOLT-1268) -
YAML plan converter wrapped single-line evaluation steps
The
bolt plan convertcommand wrapped single-line evaluation steps in awithstatement unnecessarily. (BOLT-1299)
-
Convert YAML plans to Puppet plans
You can now convert YAML plans to Puppet plans with the
bolt plan convertcommand. (BOLT-1195) -
Improved error handling for missing commands
A clear error message is now shown when no object is specified on the command line, for example
bolt command run --nodes <NODE_NAME>. (BOLT-1243)
-
Inventory file version 2
An updated version of the inventory file, version 2, is now available for experimentation and testing. In addition to several syntax changes, this version enables setting a human readable name for nodes and dynamically populating groups from PuppetDB queries. This version of the inventory file is still in development and might experience breaking changes in future releases. (BOLT-1232)
-
YAML plan validation
YAML plan validation now alerts on syntax errors before plan execution. (BOLT-1194)
-
File upload stalled with local transport using run-as
The
bolt file uploadcommand stalled when using local the local transport if the destination file existed. (BOLT-1262) -
Rerun file wasn't generated without an existing project directory
If no Bolt project directory existed, a
.rerun.jsonfile wasn't created, preventing you from rerunning failed commands. Bolt now creates a default project directory when one doesn't exist so it can generate.rerun.jsonfiles as expected. (BOLT-1263)
-
Rerun failed commands
Bolt now stores information about the last failed run in a
.rerun.jsonfile in the Bolt project directory. You can use this record to target nodes for the next run using--retry failureinstead of--nodes.For repositories that contain a Bolt project directory, add
$boltdir/.last_failure.jsonto.gitignorefiles.Stored information may include passwords, so if you save passwords in URIs, set
save-failures: falsein your Bolt config file to avoid writing passwords to the.rerun.jsonfile. (BOLT-843)
-
SELinux management didn't work on localhost
Bolt now ships with components similar to the Puppet agent to avoid discrepancies between using a puppet-agent to apply Puppet code locally versus using the Bolt puppet-agent. (BOLT-1244)
-
Packaged hiera-eyaml Gem
Bolt packages now include the hiera-eyaml Gem. (BOLT-1026)
-
Local transport options for
run-as,run-as-command, andsudo-passwordThe local transport now accepts the
run-as,run-as-command,andsudo-passwordoptions on non-Windows nodes. These options escalate the system user (who ran Bolt) to the specified user, and behave like the same options using the SSH transport.\_run_ascan also be configured for individual plan function calls for the local transport. (BOLT-1052) -
Localhost target applies the puppet-agent feature
When the target hostname is
localhost, the puppet-agent feature is automatically added to the target, because the Puppet agent installed with Bolt is present on the local system. This functionality is available on all transports, not just the local transport. (BOLT-1200) -
Tasks use the Bolt Ruby interpreter only for localhost
Bolt sets its own installed Ruby as the default interpreter for all
*.rbscripts running on localhost. Previously, this default was used on all commands run over the local transport; it's now used when the hostname islocalhostregardless of the transport. (BOLT-1205) -
Fact indicates whether Bolt is compiling a catalog
If Bolt is compiling a catalog,
$facts['bolt']is set to true, allowing you to determine whether modules are being used from a Bolt catalog. (BOLT-1199)
-
Linux implementation of the service and package tasks returned incorrect results
The PowerShell and Bash implementations for the service and package tasks are more robust and provide output more consistent with the Ruby implementation. (BOLT-1103, BOLT-1104)
-
YAML plans
You can now write plans in the YAML language. YAML plans run a list of steps in order, which allows you to define simple workflows. Steps can contain embedded Puppet code expressions to add logic where necessary. For more details about YAML plans, see Writing plans in YAML. For an example of a YAML plan in use, see the Puppet blog. (BOLT-1150)
This version also adds analytics data collection about the number of steps and the return type of YAML plans. (BOLT-1193)
-
Support for Red Hat Enterprise Linux 8
A Bolt package is now available for RHEL 8. (BOLT-1204)
-
Improved load time
Bolt startup is now more efficient. (BOLT-1119)
-
Details about Result and ResultSet objects
The Result and ResultSet objects now include information in the JSON output about the action that generated the result. (BOLT-1125)
-
Inventory warning about unexepected keys
An informative warning message is now logged when invalid group or node configuration keys are detected in the inventoryfile. (BOLT-1017)
-
BoltSpec::Run support for uploading files to remote systems
BoltSpec::Run now supports the upload_file action. (BOLT-953)
-
Remote tasks could run on non-remote targets
Remote tasks can now be run only on remote targets (BOLT-1203)
-
known_hosts weren't parsed correctly
Previously, when a valid hostname entry was present in known_hosts and the host-key-check SSH configuration option was set, host key validation could fail when a valid IP address was not included in the known_hosts entry. This behavior was inconsistent with system SSH where the IP address is not required. Host key checking has been updated to match system SSH. (BOLT-495)
-
Plan variables were visible to sub-plans
Variables defined in scope in a plan were visible to sub-plans called with run_plan. (BOLT-1190)
-
Support for Puppet device modules in a manifest block
You can now apply Puppet code on targets that can't run a Puppet agent using the remote transport via a proxy. This is an experimental feature and might change in future minor (y) releases. (BOLT-645)
-
Validation and error handling for invalid PCP tokens
The PCP transport token-file configuration option now includes validation and a more helpful error message. (BOLT-1076)
-
The _run_as option was clobbered by configuration
The run-as configuration option took precedence over the _run_as parameter when calling run_* functions in a plan. The _run_as parameter now has a higher priority than config or CLI. (BOLT-1050)
-
Tasks with certain configuration options failed when using stdin
When both interpreters and run-as were configured, tasks that required parameters to be passed over stdin failed. (BOLT-1155)
-
SMB file transfer on Windows
When transferring files to a Windows host, you can now optionally use the SMB protocol to reduce transfer time. You must have either administrative rights to use an administrative share, like
\host\C$, or use UNC style paths to access existing shares, like\host\share. You can use SMB file transfers only over HTTP, not HTTPS, and SMB3, which supports encryption, is not yet supported. (BOLT-153) -
Interpreter configuration option
An interpreters configuration option enables setting the interpreter that is used to execute a task based on file extension. This options lets you override the shebang defined in the task source code with the path to the executable on the remote system. (BOLT-146)
-
Improved error handling
Clearer error messages now alert you when you use plan functions not meant to be called in manifest blocks. (BOLT-1131)
-
Ruby task helper symbolized only top-level parameter keys
Previously the ruby_task_helperTaskHelper.run method symbolized only-top level parameter keys. Now nested keys are also symbolized. (BOLT-1053)
-
Updated project directory structure
Within your project directory, we now recommend using a directory called site-modules, instead of the more ambiguously named site, to contain any modules not intended to be managed with a Puppetfile. Both site-modules and site are included on the default modulepath to maintain backward compatibility. (BOLT-1108)
-
bolt puppetfile show-modules command
A new bolt puppetfile show-modules command lists the modules, and their versions, installed in the current Boltdir. (BOLT-1118)
-
BoltSpec::Run helpers accept options consistently
All BoltSpec::Run helpers now require the params or arguments argument to be passed. (BOLT-1057)
-
String segments in commands had to be triple-quoted in PowerShell
When running Bolt in PowerShell with commands to be run on *nix nodes, string segments that could be interpreted by PowerShell needed to be triple-quoted. (BOLT-159)
-
bolt task show displays module path
Task and plan list output now includes the module path to help you better understand why a task or plan is not included. (BOLT-1027)
-
PowerShell scripts over the PCP transport
You can now run PowerShell scripts on Windows targets over the PCP transport. (BOLT-830)
-
RSA keys with OpenSSH format
RSA keys stored in the OpenSSH format can now be used for authentication with the SSH transport. (BOLT-1124)
-
Support for new platforms
Bolt packages are now available for Fedora 28 and 29 (BOLT-978), and macOS 10.14 Mojave (BOLT-1040)
-
Unsecured download of the puppet_agent::install task
The bash implementation of the puppet_agent::install task now downloads packages over HTTPS instead of HTTP. This fix ensures the download is authenticated and secures against a man-in-the-middle attack.
-
Hyphens allowed in aliases and group names
Node aliases and group names in the Bolt inventory can now contain hyphens. (BOLT-1022)
-
Unsecured download of the puppet_agent::install_powershell task
The PowerShell implementation of the puppet_agent::install task now downloads Windows .msi files using HTTPS instead of HTTP. This fix ensures the download is authenticated and secures against a man-in-the-middle attack.
-
Improved out-of-the-box tasks
The package and service tasks now select task implementation based on available target features while their platform-specific implementations are private. (BOLT-1049)
-
Respect multiple PuppetDB server_urls
Bolt now tries to connect to all configured PuppetDBserver_urls before failing. (BOLT-938)
-
Bolt crashed if PuppetDB configuration was invalid
If an invalid puppetdb.conf file is detected, Bolt now issues a warning instead of crashing (BOLT-756)
-
Local transport returned incorrect exit status
Local transport now correctly returns an exit code instead of the stat of the process status as an integer. (BOLT-1074)
-
Standard library functions weren't packaged in 1.8.0
Version 1.8.0 didn't include new standard library functions as intended. This release now includes standard library functions in the gem and packages. (BOLT-1065)
-
Standard library functions
Bolt now includes several standard library functions useful for writing plans, including:
- ctrl::sleep
- ctrl::do_until
- file::read
- file::write
- system::env
See Plan execution functions and standard libraries for details. (BOLT-1054)
-
puppet_agent::install task didn't match on Red Hat
The puppet_agent::install task now uses updates in the facts task to resolve Red Hat operating system facts and to download the correct puppet-agent package. (BOLT-997)
-
Configure proxy SSH connections through jump hosts
You can now configure proxy SSH connections through jump hosts from the inventory file with the proxyjump SSH configuration option. (BOLT-1039)
-
Query resource states from a plan
You can now query resource states from a plan with the get_resources function. (BOLT-1035)
-
Specify an array of directories in modulepath
You can now specify an array of directories for the modulepath setting in bolt.yaml, rather than just a string. This change enables using a single bolt.yaml on both *nix and Windows clients. (BOLT-817)
-
Save keystrokes on modulepath, inventoryfile, and verbose
You can now use shortened command options for modulepath (-m), inventoryfile (-i), and verbose (-v). (BOLT-1047)
-
Select module content missing from puppet-bolt package
Previous releases of the puppet-bolt package omitted the python_task_helper and ruby_task_helper modules. These are now included. (BOLT-1036)
-
Remote tasks
You can now run tasks on a proxy target that remotely interacts with the real target, as defined by the run-on option. Remote tasks are useful for targets like network devices that have limited shell environments, or cloud services driven only by HTTP APIs. Connection information for non-server targets, like HTTP endpoints, can be stored in inventory. (BOLT-791)
-
reboot module plan
Bolt now ships with the reboot module, and that module now provides a plan that reboots targets and waits for them to become available. (BOLT-459)
-
Local transport on Windows
The local transport option is now supported on Windows. (BOLT-608)
-
bolt_shim module contents marked as sensitive
The bolt_shim module that enables using Bolt with PE now marks file content as sensitive, preventing it from being logged or stored in a database. (BOLT-815)
-
wait_until_available function didn't work with Docker transport
We merged the Docker transport and wait_until_available function in the same release, and they didn't play nicely together. (BOLT-1018)
-
Python task helper didn't generate appropriate errors
The Python task helper included with Bolt didn't produce an error if an exception was thrown in a task implemented with the helper. (BOLT-1021)
-
Node aliases
You can now specify aliases for nodes in your inventory and then use the aliases to refer to specific nodes. (BOLT-510)
-
Run apply with PE orchestrator without installing puppet_agent module
Bolt no longer requires installing the puppet_agent module in PE in order to run apply actions with the PE orchestrator. (BOLT-940)
-
Bolt apply with orchestrator
A new puppetlabs-apply_helper module enables using Boltapply with orchestrator. For details, see the module README. (BOLT-941)
-
Add targets to a group
A new add_to_group function allows you to add targets to an inventory group during plan execution. (BOLT-942)
-
Additional plan test helpers
The BoltSpec::Plans library now supports unit testing plans that use the _run_as parameter, apply, run_command, run_script, and upload_file. (BOLT-984)
-
Data collection about applied catalogs
If analytics data collection is enabled, we now collect randomized info about the number of statements in a manifest block, and how many resources that produces for each target. (BOLT-644)
-
Docker transport for running commands on containers
A new Docker transport option enables running commands on container instances with the Docker API. The Docker transport is experimental because the capabilities and role of the Docker API might change.(BOLT-962)
-
Wait until all target nodes accept connections
A new wait_until_available function waits until all targets are accepting connections, or triggers an error if the command times out. (BOLT-956)
-
Plans with no return value weren't marked complete in PE
Bolt now correctly reports plan completion to PE for plans that don't return a value. Previously, a plan that didn't return a value incorrectly logged that the plan didn't complete. (BOLT-959)
-
Some functions weren't available in the BoltSpec::Plans library
The BoltSpec::Plans library now supports plans that use without_default_logging and wait_until_available, and includes a setup helper that ensures tasks are found and that notice works. (BOLT-971)
-
Apply Puppet manifest code with bolt apply command
The command bolt apply has been added to apply Puppet manifest code on targets without wrapping them in an apply() block in a plan. Note: This command is in development and subject to change. (BOLT-858)
-
Python and Ruby helper libraries for tasks
Two new libraries have been added to help you write tasks in Ruby and Python:
- https://github.com/puppetlabs/puppetlabs-ruby_task_helper
- https://github.com/puppetlabs/puppetlabs-python_task_helper Use these libraries to parse task input, catch errors, and produce task output. For details, see Task Helpers. (BOLT-906 and BOLT-907)
-
Redacted passwords for printed target objects
When the Target object in a Bolt plan is printed, it includes only the host, user, port, and protocol used. The values for password and sudo-password are redacted. (BOLT-944)
-
Task implementation not located relative to other files in installdir
When you use tasks that include shared code, the task executable is located alongside shared code at _installdir/MODULE/tasks/TASK. (BOLT-931)
-
Share code between tasks
Bolt includes the ability to share code between tasks. A task can include a list of files that it requires, from any module, that it copies over and makes available via a _installdir parameter. This feature is also supported in Puppet Enterprise 2019.0. For more information see, Sharing task code. (BOLT-755)
-
Upgraded WinRM gem dependencies
The following gem dependencies have been upgraded to fix the connection between OMI server on Linux and the WinRM transport:
- winrm 2.3.0
- winrm-fs 1.3.1
- json-schema 2.8.1 (BOLT-929)
-
Mark internal tasks as private
In the task metadata, you can mark internal tasks as private and prevent them from appearing in task list UIs. (BOLT-734)
-
Upload directories via plans
The bolt file upload command and upload_file action now upload directories. For use over the PCP transport these commands require puppetlabs-bolt_shim 0.2.0 or later. (BOLT-191)
-
Support for public-key signature system ed25519
The ed25519 key type is now supported out-of-the-box in Bolt packages. (BOLT-380)
-
Error when puppet_agent task not run as root
The puppet_agent task now checks that it is run as root. When run as another user, it prints and fails with a helpful message. (BOLT-878)
-
Bolt suppresses errors from transport
Previously, Bolt suppressed some exception errors thrown by transports. For example, when the ed25519 gem was not present for an Net::SSH process, the NotImplementedError for ed25519 keys would not appear. These errors are now identified and displayed. (BOLT-922)
-
Loading bolt/executor is "breaking" gettext setup in spec tests
When Bolt is used as a library, it no longer loads code from r10k unless you explicitly require 'bolt/cli'.(BOLT-914)
-
Deprecated functions in stdlib result in Evaluation Error
Manifest blocks will now allow use of deprecated functions from stdlib, and language features governed by the 'strict' setting in Puppet. (BOLT-900)
-
Bolt apply does not provide
clientcertfactapply_prep has been updated to collect agent facts as listed in Puppet agent facts. (BOLT-898)
-
C:\Program Files\Puppet Labs\Bolt\bin\bolt.batis non-functionalWhen moving to Ruby 2.5, the .bat scripts in Bolt packaging reverted to hard-coded paths that were not accurate. As a result Bolt would be unusable outside of PowerShell. The .bat scripts have been fixed so they work from cmd.exe as well. (BOLT-886)