There are multiple changes incoming, some of them are already being introduced in the latest Puppet releases.
Certificate authority is being rewritten to Clojure and it will be directly executed by Trapperkeeper. This implementation will not use any of the Ruby code, but it will keep backwards compatibility with older versions. Both implementations will be kept in parallel till the new implementation is fully functional. Some of the features expected are as follows:
- Management unified in a single command
- Improved support to cloud environments, with facilities to make it easier to authorize and remove nodes
- CA completely separated from the master, what can help in high availability scenarios
This reimplementation will provide a more efficient and more maintainable service, in the line of most of the changes we'll see in the next releases of Puppet.
On package management, we can also expect improvements in the near future. We'll also see changes in the general behavior of the package resource and better support for some types of packages.
One of the most anticipated changes in this area is the possibility of installing multiple packages at once. There are some scenarios where atomicity in the installation or replacement of multiple packages would be welcomed. Also, most package managers support the installation of multiple packages in a single command, which used to be more efficient and would make performance improvements in Puppet. One of the proposed implementations requires a batch processing subsystem that would group the execution of multiple resources of the same type and provider. We might see some advances on this in the near future.
Another expected feature in this area is the support for PIP and virtualenv to manage Python dependencies, it may need to add new providers for that.
Windows provider will also receive support for msp and msu packages, as well as other improvements.
There are some changes that are happening in the use of faces in the Puppet ecosystem.
Lots of faces are going to be deprecated or heavily modified in future versions:
- The
facefile is going to be removed as it doesn't provide much functionality over filebuckets, and which one must be used is confusing; filebuckets documentation and support will be improved. - Faces related to certificates as
ca,cert,certificate,certificate_request,certificate_revocation_list, andkeyare confusing for lots of users, who in most cases just need the functionality provided bypuppet cert. There are open discussions about how to reorganize these faces. - There are doubts about other faces such as
statusorreportthat might be useful, but are difficult to use or understand in the current implementations. Changes or deprecations will probably be seen in these faces. - In previous chapters we saw that faces included in older modules for cloud management are not being migrated to newer implementations, that dedicate their efforts to have adequate resource types.
And in general, slowly, the use of faces is being discouraged in favor of using Puppet more as a library when trying to extend configuration. This makes it easier to have a consistent API that can be used by the community to create other tools, instead of having a big and unmaintainable collection of faces.