CHANGELOG

* Fri Sep 13 2024 Steven Pritchard <steve@sicura.us> - 8.8.0
- [puppetsync] Update module dependencies to support simp-iptables 7.x

* Wed Aug 07 2024 Sean Peterson <wipeters@gmail.com> - 8.7.2
- Add a [Install] for puppet_agent.timer (#186)

* Wed Jan 17 2024 Richard Gardner <rick@sicura.us> - 8.7.1
- Updated hiera.yaml facts to support puppet 8

* Mon Oct 23 2023 Steven Pritchard <steve@sicura.us> - 8.7.0
- [puppetsync] Add EL9 support

* Wed Oct 11 2023 Steven Pritchard <steve@sicura.us> - 8.6.0
- [puppetsync] Updates for Puppet 8
  - These updates may include the following:
    - Update Gemfile
    - Add support for Puppet 8
    - Drop support for Puppet 6
    - Update module dependencies

* Wed Sep 06 2023 Steven Pritchard <steve@sicura.us> - 8.5.0
- Add AlmaLinux 8 support
- Add support and fixes for Puppet 8 and stdlib 9
- Drop support for Puppet 6
- Update module dependencies
- Update gem dependencies
- Clean up Gemfile for rubocop

* Mon Jul 31 2023 Chris Tessmer <chris.tessmer@onyxpoint.com> - 8.4.0
- Add RockyLinux 8 support

* Sat Jul 30 2022 Trevor Vaughan <trevor@sicura.us> - 8.3.1
- Support puppetlabs-inifile < 6

* Fri Jun 03 2022 Chris Tessmer <chris.tessmer@onyxpoint.com> - 8.3.0
- Update from camptocamp/systemd to puppet/systemd

* Tue Aug 17 2021 Trevor Vaughan <tvaughan@onyxpoint.com> - 8.2.0
- Change all instances of pupmod::master adding items to the `master` section to
  use `server` instead
- Update pupmod::conf to automatically switch `master` to `server`
- Automatically remove items from the puppet config in the `master` section that
  are set in the `server` section
- Added pupmod::master::sysconfig::use_code_cache_flushing to reduce excessive
  memory usage
- Removed SHA1 ciphers from the server cipher list
- Disable the internal Red Hat FIPS option in the puppet server

* Wed Jul 28 2021 Andy Adrian <andy.adrian@onyxpoint.com> - 8.2.0
- Updated pupmod::puppet_server to accept Array as well as single hosts
- Updated pupmod::pass_two to configure server_list when multiple puppet_server
  are specified
- Updated pupmod::server_distribution to check server_list for puppet_user

* Wed Jun 16 2021 Chris Tessmer <chris.tessmer@onyxpoint.com> - 8.2.0
- Removed support for Puppet 5
- Ensured support for Puppet 7 in requirements and stdlib

* Tue Jun 15 2021 Trevor Vaughan <tvaughan@onyxpoint.com> - 8.2.0
- Changed
  - Converted all `cron` items to `systemd` timers
  - Converted the cleanup jobs to `tmpfiles` jobs
  - Converted from the 'params' patter to module data
- Added
  - Purge puppet logs > 30 days by default
  - Disable puppetserver analytics by default

* Wed May 26 2021 Trevor Vaughan <tvaughan@onyxpoint.com> - 8.1.3
- Fixed
  - Fixed a bug where the pupmod::master::sysconfig class was not getting applied
- Changed
  - Default pupmod::set_environment to `false` so that users don't accidentally
    end up with systems in the wrong environment

* Tue Jan 12 2021 Chris Tessmer <chris.tessmer@onyxpoint.com> - 8.1.3
- Removed EL6 support
- Get `certname` from trusted facts ONLY for authenticated remote requests

* Thu Nov 05 2020 Trevor Vaughan <tvaughan@onyxpoint.com> - 8.1.2-0
- Default to TLS1.2 only
- Use `certname` by default and fall back to `fqdn` for bolt, etc..

* Fri Oct 23 2020 Jeanne Greulich <jeanne.greulich@onyxpoint.com> - 8.1.1-0
- Puppet 6.19 has changed the "master" section to "server" in Puppet.settings.
  This fix updates the modules to check puppet_settings[:server] first then
  puppet_settings[:master].

* Tue Sep 22 2020 Trevor Vaughan <tvaughan@onyxpoint.com> - 8.1.0-0
- Set the default puppetserver ciphers to a safe set

* Fri Sep 11 2020 Adam Yohrling <adam.yohrling@onyxpoint.com> - 8.1.0-0
- Added better auto-tuning support for puppetserver, based on best practices
- Added ReservedCodeCache puppetserver support

* Wed Jul 29 2020 Jeanne Greulich <jeanne.greulich@onyxpoint.com> - 8.0.1-0
- Updated upper bound of inifile.

* Tue Jun 23 2020 Adam Yohrling <adam.yohrling@onyxpoint.com> - 8.0.0-0
- Resolved bug with systemd when simp_generate_types disabled

* Tue May 26 2020 Trevor Vaughan <tvaughan@onyxpoint.com> - 8.0.0-0
- Add EL8 Support
- Removed incron support in favor of using systemd path units to run
  simp_generate_types
- Attempts to activate the incron code will result in a warning message
- Add mitigation for https://puppet.com/security/cve/CVE-2020-7942/

* Wed Jan 08 2020 Liz Nemsick <lnemsick.simp@gmail.com> - 8.0.0-0
- Added optional management of the Facter configuration file.

* Mon Jan 06 2020 Michael Morrone <michael.morrone@onyxpoint.com> - 8.0.0-0
- Removed the deprecated CA CRL pull cron job and the corresponding
  pupmod::ca_crl_pull_interval parameter
- Removed deprecated auth.conf support for the legacy pki module and
  the corresponding parameters:
  - pupmod::master::simp_auth::legacy_cacerts_all
  - pupmod::master::simp_auth::legacy_mcollective_all
  - pupmod::master::simp_auth::legacy_pki_keytabs_from_host
- Removed the deprecated pupmod::master::simp_auth::server_distribution parameter

* Tue Nov 19 2019 Luke Stigdon <git@lukestigdon.com> - 7.11.1-0
- Correct pupmod::master::profiler_output_file option name

* Mon Sep 02 2019 Trevor Vaughan <tvaughan@onyxpoint.com> - 7.11.1-0
- Ensure that pupmod::pass_two does not conflict with the internal PE
  configuration code for group ownership of puppet.conf
- Support simp-simplib < 5

* Fri Aug 02 2019 Robert Vincent <pillarsdotnet@gmail.com> - 7.11.1-0
- Support puppetlabs/concat 6.x and puppetlabs/inifile 3.x.

* Thu Jul 04 2019 Trevor Vaughan <tvaughan@onyxpoint.com> - 7.11.0-0
- Add a pupmod::server_distribution function for more accurately determining
  the version of the puppet server installed on the target system.
- Refactor some of the underlying code to use the new function and be safer for
  PE installations.

* Wed Jul 03 2019 Bob Vincent <pillarsdotnet@gmail.com> - 7.11.0-0
- Ensure that the 'environment' setting in puppet.conf is forced into the
  'agent' section.
- Ensure that the 'environment' setting in puppet.conf does not exist in the
  'main' section.

* Fri Jun 28 2019 Steven Pritchard <steven.pritchard@onypoint.com> - 7.11.0-0
- Add v2 compliance_markup data

* Fri Jun 28 2019 Bob Vincent <pillarsdotnet@gmail.com> - 7.10.2-0
- Add ca params for auth-extensions and subject-alt-names.

* Tue May 28 2019 Liz Nemsick <lnemsick.simp@gmail.com> - 7.10.1-0
- No longer hardcode the puppet uid and puppet gid to 52.

* Fri May 17 2019 Robert Vincent <robert.vincent@conning.com> - 7.10.1-0
- Add missing gem-path setting to puppetserver.conf template.

* Mon Mar 25 2019 Joseph Sharkey <shark.bruhaha@gmail.com> - 7.10.0-0
- Standardized cron datatypes to use the Simplib::Cron::### types.  This
  allows more flexibility in cron scheduling.

* Fri Mar 08 2019 Nick Miller <nick.miller@onyxpoint.com> - 7.9.0-0
- Added Puppet 6 support
- Add management of $ssldir and $rundir
- Ensure that the puppet client environment is set to that which is provided by
  the server by default.

* Thu Mar 07 2019 Jeanne Greulich <jeanne.greulich@onyxpoint.com> - 7.9.0-0
- Add fact to list all the jruby jar files in the puppetserver installation
  directory.
- Allow user to change the jar file used to run puppetserver via
  pupmod::master::sysconfig::jruby_jar.
- Change the default jar file for puppetserver to jruby-9k.jar for
  the FOSS puppetserver.  (It is already set to that for PE.)

* Wed Mar 06 2019 Liz Nemsick <lnemsick.simp@gmail.com> - 7.9.0-0
- Update minimum version of inifile Puppet module to 2.5.0
- Fix dependency cycle in a full SIMP system that was introduced by
  the new autorequire of the parent directory of an INI file in the
  ini_setting type
- Expanded the upper limit of the concat and stdlib Puppet module versions
- Updated a URL in the README.md

* Fri Jan 25 2019 Trevor Vaughan <tvaughan@onyxpoint.com> - 7.8.0-0
- Fixed issues with incron rules and the simp_generate_types calls.
  - This was mostly due to bugs in the newer version of incrond. However, this
    module is now extensively tested for safety but will only trigger type
    generation on environment creation or updates to the puppet binaries.
- Fix bug where some SSL settings could not be set for the puppet server
  `webserver` components.
- Added the following *advanced usage* parameters in case users need to set
  parameters that are not presently managed to work around future issues:
  - pupmod::master::server_webserver_options
  - pupmod::master::ca_webserver_options

* Tue Jan 22 2019 Brandon Riden <brandon.riden@onyxpoint.com> - 7.7.1-0
- Set pupmod::master::generate_types: enable => false by default to fix
  bug causing puppet servers to crash.
  - pupmod::master::extra_webserver_sections

* Thu Nov 15 2018 Trevor Vaughan <tvaughan@onyxpoint.com> - 7.7.0-0
- Fix warning about automatic data type munging in the puppet server sysconfig
  template
- Add workaround for Puppet 5 background exec issue to the generate_types exec

* Mon Oct 29 2018 Chris Tessmer <chris.tessmer@onyxpoint.com> - 7.7.0-0
- Remove deprecated `[master] ca` setting when `ca = true` in Puppet 5.5.6+
- Remove `[master] ca` setting in Puppet 6+
- Update badges and contribution guide URL in README.md

* Mon Oct 15 2018 Chris Tessmer <chris.tessmer@onyxpoint.com> - 7.7.0-0
- Add `ensure` parameter to `pupmod::conf``
- Ensure that `trusted_server_facts` is removed for Puppet 5.+ (PUP-6112)

* Tue Sep 11 2018 Steven Pritchard <steven.pritchard@onyxpoint.com> - 7.7.0-0
- Unconditionally manages the puppet service
- Remove the (apparently) broken status logic on the puppet service

* Mon Sep 10 2018 Liz Nemsick <lnemsick.simp@gmail.com> - 7.7.0-0
- Update Hiera 4 to Hiera 5

* Thu Jul 19 2018 Liz Nemsick <lnemsick.simp@gmail.com> - 7.6.1-0
- Fixed bug in which the JAVA tmpdir path for the puppetserver was
  incorrectly set.  This could cause puppetserver RPM upgrades to fail.

* Thu Jul 12 2018 Trevor Vaughan <tvaughan@onyxpoint.com> - 7.6.1-0
- Fixed the new `simp_generate_types` script to ensure that the permissions on
  the created directory are correctly set.

* Thu Jun 14 2018 Nick Miller <nick.miller@onyxpoint.com> - 7.6.1-0
- Cleanup unneeded fixtures and update CI assets
- Remove unused simp/tcpwrappers and simp/logrotate dependencies

* Fri May 04 2018 Trevor Vaughan <tvaughan@onyxpoint.com> - 7.6.0-0
- Changed some 'validate_re' statements to 'assert_type' to remove deprecation
  warnings
- Added 'pupmod::master::generate_types' (enabled by default) which:
  - Adds a script, /usr/local/sbin/simp_generate_types that will run 'puppet
    generate types' either on all environments (when first distributed by
    Puppet) or per environment
  - Adds incron hooks to run 'simp_generate_types' when Ruby files in any
    puppet type have been updated
  - Adds incron hooks to run 'simp_generate_types' on any new environment
  - Adds incron hooks to run 'simp_generate_types' on *all* environments if the
    puppetserver binary is updated
  - All errors are logged to syslog

* Tue Apr 17 2018 Jeanne Greulich <jeanne.greulich@onyxpoint.com> - 7.6.0-0
- Added line in puppet cron to shutdown/disable puppet client service.
- Added check in agent/cron manifest to disable and stop puppet client service
  so it would not run multiple times on newly kickstarted systems.

* Mon Mar 19 2018 Lucas Yamanishi <lucas.yamanishi@onyxpoint.com> - 7.5.0-0
- Fix service name and related resources on Puppet Enterprise (PE)
  - Fix `$tmpdir` setting on PE
  - Fix Puppetserver service management on PE

* Tue Mar 06 2018 Nick Miller <nick.miller@onyxpoint.com> - 7.5.0-0
- pupmod::master::simp_auth
  - Allow tweaking `allow` and `deny` rules for supported keydist auth rules
  - Removed Mcollective auth rules
  - Deprecated `$legacy_cacerts_all` and `$legacy_pki_keytabs_from_host`

* Fri Mar 02 2018 Trevor Vaughan <tvaughan@onyxpoint.com> - 7.5.0-0
- Updated to support Puppet 5
  - Fixed issues with the puppetserver configuration that could have broken
    Puppet 5 system configurations
  - Updated to support new server options
- Fixed issues with autosign and fileserver.conf defined types generating
  incorrect files
- Updated all puppet strings documentation
- Converted all templates to EPP
- Added process limits on the number of JRuby instances started designed to not
  overload the server in terms of either processor power or memory capabilities
- Added OracleLinux support

* Fri Feb 09 2018 Liz Nemsick <lnemsick.simp@gmail.com> - 7.5.0-0
- Add the missing puppetlabs/inifile dependency to the metadata.json
- Fixed puppet-lint problem

* Mon Oct 02 2017 Chris Tessmer <chris.tessmer@onyxpoint.com> - 7.4.1-0
- Fixed bug where `:selinux_config_mode` is tested even when `:selinux` is
  false.

* Mon Sep 11 2017 Liz Nemsick <lnemsick.simp@gmail.com> - 7.4.0-0
- Add SHA256-based option to generate the minute parameter for
  a client's puppet agent cron from its IP address. This option
  is intended mitigate the undesirable clustering of client puppet
  agent runs, when the number of IPs to be transformed is less
  than the minute range over which the randomization is requested
  (60) and/or the client IPs are not linearly assigned.

* Tue Aug 01 2017 Liz Nemsick <lnemsick.simp@gmail.com> - 7.4.0-0
- Ensure OBE 'puppet_crl_pull' cron job from pupmod versions prior
  to 7.3.1 is removed.

* Thu Jul 27 2017 Nick Markowski <nmarkowski@keywcorp.com> - 7.4.0-0
- README updates:
  - Informed users of legacy auth.conf deprecation
  - Provided instructions to reproduce custom auth.conf entries
    in puppet

* Thu Jun 22 2017 Jeanne Greulich <jeanne.greulich@onyxpoint.com> - 7.3.1-0
- fixed the path to the pki_files and krb_files in the auth.conf
  so remote systems could download files.
- Update puppet requirement in metadata.json

* Wed Jun 14 2017 Nick Miller <nick.miller@onyxpoint.com> - 7.3.1-0
- Removed Puppet CRL download, the puppet agent now checks for the expiration of
  the cert automatically

* Mon Jun 05 2017 Nick Markowski <nmarkowski@keywcorp.com> - 7.3.1-0
- Ensure legacy auth.conf is backed up before removing it. This is a
  follow up to SIMP-3049 based on feedback to SIMP-3196.

* Mon May 22 2017 Kendall Moore <kendall.moore@onyxpoint.com> 7.3.1-0
- Added manifest to manage simp-specific puppet master auth requirements
- Disabled puppetserver setting to enable legacy auth.conf by default
- Remove legacy auth.conf placed by the `puppet-agent` package

* Fri May 19 2017 Nick Miller <nick.miller@onyxpoint.com> - 7.3.1-0
- Removed deprecated `audit` metaparameter

* Fri Apr 28 2017 Dylan Cochran <dylan.cochran@onyxpoint.com> - 7.3.1-0
- Use global catalyst to configure package_ensure.
- Add 'puppet_enterprise::profile::database' class definition to the pe_classlist
  and move the postgresql components under that class.
- Add 'puppet_enterprise::profile::primary_master_replica' class definition
  to the class list to work around an issue in production

* Tue Apr 04 2017 Dylan Cochran <dylan.cochran@onyxpoint.com> - 7.3.0-0
- Add 'package_ensure' to allow users to specify that they want to use 'latest' or 'installed'

* Wed Mar 08 2017 Nick Markowski <nmarkowski@keywcorp.com> - 7.2.0-0
- Updated puppetagent_cron:
-  Added `break_puppet_lock` param so users can clearly specify when they wish
   to forcibly enable the puppet agent.
-  Added `max_disable_time param`. Updated logic to determine when to
   forcibly enable a puppet agent, and moved logic into cron.pp for
   user-friendliness.
-  Set maxruntime default of 4 hours

* Wed Mar 01 2017 Nick Miller <nick.miller@onyxpoint.com> - 7.1.1-0
- The previous audit rules relied on the puppet user existing, but in
  newer versions of puppet, the puppet user only exists on the
  puppetserver. This commit only puts auditing on the puppetserver.

* Mon Feb 20 2017 Jeanne Greuich <jeanne.greulich@onyxpoint.com> - 7.1.0-0
- Fix typos in the puppetagent cron script

* Mon Dec 10 2016 Nick Miller <nick.miller@onyxpoint.com> - 7.1.0-0
- Updated assets and versions
- Converted to puppet-strings
- Switched to the new catalyst pattern with simplib::lookup
- Strong typed module
- Set trusted_server_facts to true by default

* Wed Nov 23 2016 Jeanne Greulich <jgreulich.simp@onyxpoint.com> - 7.0.0-0
- update requirement versions

* Mon Nov 21 2016 Chris Tessmer <chris.tessmer@onyxpoint.com> - 7.0.0-0
- Updated to compliance_markup version 2

* Tue Nov 15 2016 Liz Nemsick <lnemsick.simp@gmail.com> - 7.0.0-0
- Updated iptables dependency version

* Thu Nov 10 2016 Nick Miller <nick.miller@onyxpoint.com> - 7.0.0-0
- Removed puppetlast_support puppet_auth resource, it is unneeded

* Fri Sep 30 2016 Trevor Vaughan <tvaughan@onyxpoint.com>, Chris Tessmer <chris.tessmer@onyxpoint.com> - 7.0.0-0
- Upate to work with the latest Puppet 4 and Puppet Server
- Fixed a lot of tests and minor logic problems

* Wed Sep 28 2016 Chris Tessmer <chris.tessmer@onyxpoint.com> - 6.0.7-0
- Fix Forge `haveged` dependency name

* Tue Sep 20 2016 Bryan Howard, Liz Nemsick <lnemsick.simp@gmail.com> - 6.0.6-0
- Fixed bash redirection error in puppetagent_cron.erb

* Thu Jun 30 2016 Nick Markowski <nmarkowski@keywcorp.com> - 6.0.5-0
- Use_haveged is now a global catalyst.

* Tue Jun 28 2016 Nick Miller <nick.miller@onyxpoint.com> - 6.0.4-0
- Added logic to make sure java_max_memory never exceeded 12G

* Mon Jun 27 2016 Nick Markowski <nmarkowski@keywcorp.com> - 6.0.3-0
- Pupmod-haveged included by default to assist with entropy generation.

* Tue Jun 21 2016 Trevor Vaughan <tvaughan@onyxpoint.com> - 6.0.2-0
- Updated the calls to use_iptables to be able to be disabled globally.

* Thu May 19 2016 Trevor Vaughan <tvaughan@onyxpoint.com> - 6.0.1-0
- Made master::reports a private class

* Thu Feb 25 2016 Ralph Wright <ralph.wright@onyxpoint.com> - 6.0.0-24
- Added compliance function support

* Wed Feb 24 2016 Trevor Vaughan <tvaughan@onyxpoint.com> - 6.0.0-24
- Fix the subscribe on the Service['puppet'] resource to not be a hard coded
  path.

* Thu Dec 24 2015 Trevor Vaughan <tvaughahn@onyxpoint.com> - 6.0.0-23
- Fixed minor logic errors
- Now have configuration changes notify Service['puppetserver'] instead of the
  more efficient Exec. This gets around a race condition when the service is
  restarted and the exec fires before the service has fully restarted.
- Fixed issues with the puppetserver_* helper scripts that surfaced due to
  changes in the HTTP responses from the Puppet Server.

* Fri Dec 04 2015 Chris Tessmer <chris.tessmer@onyxpoint.com> - 6.0.0-22
- Replaced all 'lsb*' facts with their (package-independent)
  'operatingsystem*' counterparts.
- Moved parameter validations to the top of each class.

* Mon Nov 09 2015 Chris Tessmer <chris.tessmer@onyxpoint.com> - 6.0.0-21
- migration to simplib and simpcat (lib/ only)

* Wed Nov 04 2015 Chris Tessmer <chris.tessmer@onyxpoint.com> - 6.0.0-20
- Improved logic for  defaults

* Thu Sep 17 2015 Kendall Moore <kmoore@keywcorp.com> - 6.0.0-19
- Ensure keylength is set to 2048 in puppet.conf if FIPS mode is enabled.

* Wed Jun 17 2015 Trevor Vaughan <tvaughan@onyxpoint.com> - 6.0.0-18
- Remove the legacy code that restarted httpd when the Puppet CRL was
  downloaded.

* Tue May 05 2015 Jacob Gingrich <jacob.gingrich@onyxpoint.com> - 6.0.0-17
- Enabled the puppetserver service

* Fri Mar 20 2015 Kendall Moore <kmoore@keywcorp.com> - 6.0.0-16
- Added a puppet_ruby_dir fact to return the location of the
  runtime ruby directory for Puppet on the client.

* Wed Feb 18 2015 Trevor Vaughan <tvaughan@onyxpoint.com> - 6.0.0-16
- Updated to use the refactored Augeasproviders

* Fri Jan 16 2015 Trevor Vaughan <tvaughan@onyxpoint.com> - 6.0.0-15
- Changed puppet-server requirement to puppet
- Added full support for the new Clojure-based Puppet Server
- Removed all support for the Passenger Puppet Master

* Wed Dec 03 2014 Trevor Vaughan <tvaughan@onyxpoint.com> - 6.0.0-14
- Changed 'splay' to false
- Properly handles true/false values in the puppet conf settings.
- Added support for $runinterval, $splaylimit, and $configtimeout
- Added full class validation
- Multiple fixes to the cron script:
  - No longer uses values from the Puppet master to make decisions.
  - Properly differentiates between the run lock file and the manual
    disabling of the system.

* Tue Nov 25 2014 Trevor Vaughan <tvaughan@onyxpoint.com> - 6.0.0-13
- Updated the agent cron job to be able to use alternate run intervals
  as well as support an alternate base for run randomization. This
  means that you can use something *other* than IP address to
  randomize your nodes. Any string will work.

* Fri Oct 17 2014 Trevor Vaughan <tvaughan@onyxpoint.com> - 6.0.0-12
- CVE-2014-3566: Updated protocols to mitigate POODLE.

* Mon Sep 08 2014 Trevor Vaughan <tvaughan@onyxpoint.com> - 6.0.0-11
- Add appropriate confines to the passenger* facts and no longer hard
  code paths.
- Ensure that the puppetmaster init does not fire off alongside httpd.
- Made the change for puppet_manage_all_files conditional on the
  RHEL/CentOS version since this needs to work on both 6 and 7.

* Wed Aug 27 2014 Trevor Vaughan <tvaughan@onyxpoint.com> - 6.0.0-10
- Changed the $passenger_temp_dir selinux type from tmp_t to
  httpd_var_run_t since it is now in /var/run/passenger by default.

* Tue Aug 26 2014 Kendall Moore <kmoore@keywcorp.com> - 6.0.0-9
- Updated the passenger_version fact to return "unknown" when Passenger is not installed.

* Mon Aug 25 2014 Kendall Moore <kmoore@keywcorp.com> - 6.0.0-9
- SELinux boolean puppet_manage_all_files was changed to puppetagent_manage_all_files.

* Mon Jul 14 2014 Trevor Vaughan <tvaughan@onyxpoint.com> - 6.0.0-8
- Updated the code to only enable the puppetmaster init script if passenger is
  not enabled and the init system includes systemd.
- Added a setitng to set 'stringify_facts' to 'false' in the [main]
  section of puppet.conf. This was not made a variable since complex
  facts in other parts of the system will fail without it.

* Tue Jul 01 2014 Adam Yohrling <adam.yohrling@onyxpoint.com> - 6.0.0-7
- Added puppet_auth type to make sure puppet master is able to access
  node REST endpoint for puppetlast script to work
- Added pupmod RPM requirement of pupmod-augeasproviders

* Mon Jun 23 2014 Trevor Vaughan <tvaughan@onyxpoint.com> - 6.0.0-6
- Added a segment for using a passenger service stub to ensure that the
  passenger service can properly run.
- Fixed a bug in the passenger template for apache where the output
  configuration would be incorrect should you have both the master and
  CA ports identically set.
- Fixed SELinux check for when selinux_current_mode is not found.

* Sun Jun 22 2014 Kendall Moore <kmoore@keywcorp.com> - 6.0.0-6
- Removed MD5 file checksums for FIPS compliance.
- Updated puppet conf to set the digest algorithm to SHA-256 by default.

* Fri Jun 13 2014 Trevor Vaughan <tvaughan@onyxpoint.com> - 6.0.0-5
- Updated the code to use environment directories instead of the
  'manifest' option since it is deprecated in Puppet 3.6.

* Fri May 16 2014 Kendall Moore <kmoore@keywcorp.com> - 6.0.0-4
- Updated the passenger manifest to convert the SSL cipher suite to an array
  and updated the passenger template to correspond to this change.

* Sun Apr 20 2014 Trevor Vaughan <tvaughan@onyxpoint.com> - 6.0.0-3
- master::freeze_main is now set to true by default.
- Changed back to /bin/logger since that is correct for RHEL/CentOS 6

* Wed Apr 16 2014 Nick Markowski <nmarkowski@keywcorp.com> - 6.0.0-2
- Selinux booleans now set if mode != disabled
- Fixed some minor errors in rspec tests, and updated them for the
  Selinux change.
- Updated facter value calls to new standard

* Fri Apr 04 2014 Nick Markowski <nmarkowski@keywcorp.com> - 6.0.0-2
- Selinux booleans now set if mode != disabled
- Fixed some minor errors in rspec tests, and updated them for the
  Selinux change.

* Fri Mar 28 2014 Kendall Moore <kmoore@keywcorp.com> - 6.0.0-1
- Updated puppetagent_cron script to ignore output when stopping the puppet service.

* Wed Feb 12 2014 Trevor Vaughan <tvaughan@onyxpoint.com> - 6.0.0-0
- Converted all string booleans to booleans.
- Refactored the entire module to use puppetlabs-inifile for
  puppet.conf management.
- Parameterized as many variables as reasonable in the classes to
  allow for flexibility.
- Added a CRL downloading cron job to update the Puppet CRLs on all
  hosts on a regular basis.
- Updated the puppetmaster init script to ignore mongrel settings and
  reload apache properly on update.
- Added a requirement on puppetlabs-inifile to manage only specific
  entries in puppet.conf.
- This should not break any existing installations but will not
  trap, nor manage, by default all of the values that were previously
  specified.
- A new define pupmod::conf has been added to provide for the
  manipulation of configuration file entries.
- Added basic puppet-rspec tests.
- Set SSLVerifyClient to optional for CA

* Mon Oct 07 2013 Kendall Moore <kmoore@keywcorp.com> - 5.0.0-2
- Updated all erb templates to properly scope variables.

* Tue Oct 01 2013 Trevor Vaughan <tvaughan@onyxpoint.com> - 5.0.0-1
- Fixed change to pupmod::passenger::add_site which changed the name of the
  site and, therefore, the name of the file in /etc/httpd/conf.d. This caused a
  conflict on upgrade.

* Tue Sep 24 2013 Kendall Moore <kmoore@keywcorp.com> - 5.0.0-0
- Require puppet 3.X and puppet-server 3.X because of an upgrade to use
  hiera instead of extdata.
- Updated the config.ru and apache_passenger templates as well as the passenger::add_site
  manifest to support new passenger options in Puppet 3.1.
- Updated puppetagent_cron template by changing lockfile variable according to Puppet 3.

* Tue Sep 24 2013 Trevor Vaughan <tvaughan@onyxpoint.com> - 4.2.0-5
- Moved the passenger temp directory from /tmp to /var/run/passenger.
  The permissions on the socket files were simply too permissive to
  have hanging about in /tmp. Puppetmaster_switch and the init script
  were updated to accommodate the change.

* Thu Aug 15 2013 Trevor Vaughan <tvaughan@onyxpoint.com> - 4.2.0-4
- Re-introduced the passenger_root fact but made it more intelligent.
- Set the passenger_root variable to $::passenger_root by default.

* Thu Jun 13 2013 Trevor Vaughan <tvaughan@onyxpoint.com> - 4.2.0-3
- Added audit rules that will watch the /etc/puppet directory tree for writes
  or attribute changes not performed by the puppet user.

* Tue Feb 05 2013 Kendall Moore <kmoore@keywcorp.com> - 4.2.0-2
- Created Cucumber tests to check basic puppet server and client features

* Tue Jan 29 2013 Trevor Vaughan <tvaughan@onyxpoint.com> - 4.2.0-1
- Added +ExportCertData to SSLOptions.

* Mon Dec 10 2012 Trevor Vaughan <tvaughan@onyxpoint.com> - 4.2.0-0
- Updated the apache_passenger template to support most of the passenger
  options.
- Attempt to keep half as many puppetmaster instances running as are specified
  or calculated at all times. This should make response time better overall.
- Removed the passenger_root fact since the EPEL version of passenger doesn't
  supply the utils.
- This is another mid-level jump due to the fact that EPEL split out
  the native Passenger libraries! These are included in the associated
  patch set but there's no good way to tie them together explicitly so
  be careful!

* Wed Nov 28 2012 Trevor Vaughan <tvaughan@onyxpoint.com> - 4.1.0-0
- Critical update to fix an issue where unowned files at the root level were
  getting recursively chowned to puppet.puppet.
- Moved all of the singleton defines to classes which will cause some files in
  simp-bootstrap to be reconfigured.

* Thu Jul 05 2012 Trevor Vaughan <tvaughan@onyxpoint.com> - 4.0.0-5
- Fixed a typo where we had 'dbpasword' instead of 'dbpassword' for
  the server configuration.
- Updated the server and client configuration files with the options
  for the latest version.

* Thu Jun 07 2012 Trevor Vaughan <tvaughan@onyxpoint.com> - 4.0.0-4
- Ensure that Arrays in templates are flattened.
- Call facts as instance variables.
- Optimized the find command for 'gem_permissions'.
- Moved mit-tests to /usr/share/simp...
- Updated pp files to better meet Puppet's recommended style guide.

* Fri Mar 02 2012 Trevor Vaughan <tvaughan@onyxpoint.com> - 4.0.0-3
- Removed puppetd cron job from running systems since it conflicted with the
  new puppetagent cron job.
- Improved test stubs.

* Tue Jan 31 2012 Trevor Vaughan <tvaughan@onyxpoint.com> - 4.0.0-2
- Remove newserver.erb, this fact is no longer required.

* Mon Dec 26 2011 Trevor Vaughan <tvaughan@onyxpoint.com> - 4.0.0-1
- Updated the spec file to not require a separate file list.
- Scoped all of the top level variables.

* Mon Nov 14 2011 Trevor Vaughan <tvaughan@onyxpoint.com> - 4.0.0-0
- Updated to ensure that the puppet cron using /usr/bin/logger instead of /bin/logger.

* Mon Oct 10 2011 Trevor Vaughan <tvaughan@onyxpoint.com> - 2.0.0-3
- Updated to put quotes around everything that need it in a comparison
  statement so that puppet > 2.5 doesn't explode with an undef error.

* Tue Aug 09 2011 Trevor Vaughan <tvaughan@onyxpoint.com> - 2.0.0-2
- Ensure that autosign.conf is 644.

* Mon Apr 18 2011 Trevor Vaughan <tvaughan@onyxpoint.com> - 2.0.0-1
- Update the puppet cron job to properly unlock. This was broken in previous
  releases. This feature is important in the case that puppet dies unexpectedly
  and leaves a lock file behind. The default is set to 4 times the croninterval
  and will not exceed 4 hours.
- Ensure that Passenger and Mongrel configuration files are not in the Apache
  space if attempting to run under a Mongrel server. Users should now have the
  ability to seamlessly switch between all three types of servers.
- Updated puppetmaster_switch exec to properly require files and only run if it
  has changed.
- Ensure that mongrel and passenger can switch between each other effectively.
- Changed all instances of defined(Class['foo']) to defined('foo') per the
  directions from the Puppet mailing list.
- Updated to use concat_build and concat_fragment types.

* Mon Apr 18 2011 Morgan Haskel <morgan.haskel@onyxpoint.com> - 2.0.0-1
- Changed puppet://$puppet_server/ to puppet:///
- Added two stock classes, cluster_client and cluster_master, for enabling NFS
  to help cluster puppet servers.

* Tue Jan 11 2011 Trevor Vaughan <tvaughan@onyxpoint.com> - 2.0.0-0
- Refactored for SIMP-2.0.0-alpha release
- Puppet.conf updated to deal with puppet deprecations
- svckill.rb added to puppet.conf postrun_command
- 'puppet' uid/gid changed to 52

* Tue Oct 26 2010 Maintenance - 1-5
- Converting all spec files to check for directories prior to copy.

* Tue Aug 03 2010 Trevor Vaughan <tvaughan@onyxpoint.com> - 1.0-4
- Updated puppetmaster init script to work with passenger.

* Thu Jul 22 2010 Trevor Vaughan <tvaughan@onyxpoint.com> - 1.0-3
- Removed all instances of 'daemonize' from templates as this caused horrible
  problems with activerecord.

* Thu Jul 01 2010 Trevor Vaughan <tvaughan@onyxpoint.com> - 1.0-2
- Updated puppetmaster_switch to work with external CA.
- Updated the configuration for Passenger to properly utilize CRLs.
- Added the ability for Passenger to listen on both 8140 and 8141 by default
  for legacy purposes.

* Thu Jul 01 2010 Morgan Haskel <morgan.haskel@onyxpoint.com> - 1.0-2
- Added templates needed for clustered puppetmasters.

* Wed Jun 16 2010 Trevor Vaughan <tvaughan@onyxpoint.com> - 1.0-1
- Added a fact that determines the passenger root directory if passenger is installed.

* Thu Jun 03 2010 Trevor Vaughan <tvaughan@onyxpoint.com> - 1.0-0
- Made server permissions changes less aggressive.

* Tue May 25 2010 Trevor Vaughan <tvaughan@onyxpoint.com> - 0.1-40
- Updated Passenger.

* Mon May 03 2010 Trevor Vaughan <tvaughan@onyxpoint.com> - 0.1-39
- Modified gem package names for Mongrel.

* Tue Apr 27 2010 Trevor Vaughan <tvaughan@onyxpoint.com> - 0.1-38
- Added the ability to set the 'certname' option in pupmod::client::main_conf

* Wed Mar 17 2010 Trevor Vaughan <tvaughan@onyxpoint.com> - 0.1-37
- Added the --no-splay option to the puppet runs in puppetmaster_switch.sh. This
  massively speeds things up if you have to re-run it later for some reason.

* Tue Feb 23 2010 Trevor Vaughan <tvaughan@onyxpoint.com> - 0.1-36
- Removed the 'nice' ability added in 0.1-33 as it propogates the nice value to
  all spawned services.

* Wed Feb 17 2010 Trevor Vaughan <tvaughan@onyxpoint.com> - 0.1-35
- Refactored the code to be more maintainable.
- Added the variables:
  $cronminute
  $cronhour
  $cronmonthday
  $cronmonth
  $cronweekday

  to pupmod::client::client_conf to allow users to set their own complete cron
  schedule for puppet runs. $croninterval still works but will be overridden if
  you set $cronminute to anything other than 'nil'.

* Thu Jan 28 2010 Trevor Vaughan <tvaughan@onyxpoint.com> - 0.1-33
- Added the ability to 'nice' the puppet cron job. The default 'nice' value is
  now '1'.

* Thu Jan 14 2010 Trevor Vaughan <tvaughan@onyxpoint.com> - 0.1-32
- Fixed typo in puppetd.cron in if comparison. Ignoring the override will now
  function properly.

* Thu Dec 31 2009 Trevor Vaughan <tvaughan@onyxpoint.com> - 0.1-31
- Fixed puppetmaster_switch.sh.  All instances of --no-show-diff have been
  changed to --no-show_diff.

* Thu Nov 05 2009 Trevor Vaughan <tvaughan@onyxpoint.com> - 0.1-30
- Prevent the puppetmaster_switch.sh script from printing diff information to
  the logs.