Release 0.0.27
New Features
- Improve certname validation steps (#258)
- Add a
etcddata store for playbooks (#152) - Support the new Choria Discovery Proxy service (#271)
- Update Hiera files to version 5 and require Puppet
>= 4.9.0(#274)
Bug Fixes
- Correctly report paths when doing
federation traceto the same node as the client (#273)
Discovery Proxy
Should you wish to to use PuppetDB as discovery source up till now you had to open the PuppetDB query port to everyone. This is a potential security risk as PuppetDB holds a wealth of information.
A new service has been created to sit in front of PuppetDB called the Choria Discovery Proxy. This service performs queries on behalf of MCollective and expose only certnames to MCollective clients.
It also enhances the discovery mechanism with the ability to create saved search queries with names like production_acme and later let you address these using -I set:production_acme.
More details can be found on choria.io/docs.
Preview Features
Traditionally MCollective is based on YAML and the networking protocols Ruby specific. In an upcoming version of MCollective a translation layer will exist to support a pure JSON network stack.
This will represent a big improvement in the security of the network as YAML has been shown historically to be problematic but will also increase the language interoperability and improve the story for tools like REST servers.
This version of Choria supports a setting to enable a JSON pure network stack and will require version 2.11.0 of MCollective to function.
Note this is a preview feature as with the move to JSON the network protocol will be further formalised, documented and potentially slightly tweaked. Only enable this is you're prepared for a bit of a rocky ride.
Setting plugin.choria.security.serializer = json will enable this. It should be set on all clients, servers and federation brokers.