puppet 6.16.0-x86-mingw32 → 6.20.0-x86-mingw32

data/lib/puppet/application/device.rb

@@ -155,6 +155,7 @@ you can specify '--server <servername>' as an argument.
   Where to send log messages. Choose between 'syslog' (the POSIX syslog
   service), 'console', or the path to a log file. If debugging or verbosity is
   enabled, this defaults to 'console'. Otherwise, it defaults to 'syslog'.
+  Multiple destinations can be set using a comma separated list (eg: `/path/file1,console,/path/file2`)"
 
   A path ending with '.json' will receive structured output in JSON format. The
   log file will not have an ending ']' automatically written to it due to the

data/lib/puppet/application/doc.rb

@@ -1,7 +1,7 @@
 require 'puppet/application'
 
 class Puppet::Application::Doc < Puppet::Application
-  run_mode :master
+  run_mode :server
 
   attr_accessor :unknown_args, :manifest
 

data/lib/puppet/application/filebucket.rb

@@ -186,8 +186,8 @@ EXAMPLES
     $ puppet filebucket -b /tmp/TestBucket list
     d41d8cd98f00b204e9800998ecf8427e 2015-05-11 09:33:22 /tmp/TestFile2
 
-    ## From a Puppet master, list files in the master bucketdir
-    $ puppet filebucket -b $(puppet config print bucketdir --section master) list
+    ## From a Puppet Server, list files in the server bucketdir
+    $ puppet filebucket -b $(puppet config print bucketdir --section server) list
     d43a6ecaa892a1962398ac9170ea9bf2 2015-05-11 09:27:56 /tmp/TestFile
     7ae322f5791217e031dc60188f4521ef 2015-05-11 09:52:15 /tmp/TestFile
 

data/lib/puppet/application/lookup.rb

@@ -8,7 +8,7 @@ class Puppet::Application::Lookup < Puppet::Application
   RUN_HELP = _("Run 'puppet lookup --help' for more details").freeze
   DEEP_MERGE_OPTIONS = '--knock-out-prefix, --sort-merged-arrays, and --merge-hash-arrays'.freeze
 
-  run_mode :master
+  run_mode :server
 
   # Options for lookup
   option('--merge TYPE') do |arg|
@@ -90,7 +90,13 @@ class Puppet::Application::Lookup < Puppet::Application
 
     exit(Puppet.settings.print_configs ? 0 : 1) if Puppet.settings.print_configs?
 
-    Puppet.settings.use :main, :master, :ssl, :metrics
+    if options[:node]
+      Puppet::Util.skip_external_facts do
+        Puppet.settings.use :main, :server, :ssl, :metrics
+      end
+    else
+      Puppet.settings.use :main, :server, :ssl, :metrics
+    end
 
     setup_terminuses
   end
@@ -102,7 +108,7 @@ class Puppet::Application::Lookup < Puppet::Application
   def help
     <<-HELP
 
-puppet lookup(8) -- #{summary}
+puppet-lookup(8) -- #{summary}
 ========
 
 SYNOPSIS
@@ -364,6 +370,12 @@ Copyright (c) 2015 Puppet Inc., LLC Licensed under the Apache 2.0 License
 
     Puppet[:code] = 'undef' unless options[:compile]
     compiler = Puppet::Parser::Compiler.new(node)
-    compiler.compile { |catalog| yield(compiler.topscope); catalog }
+    if options[:node]
+      Puppet::Util.skip_external_facts do
+        compiler.compile { |catalog| yield(compiler.topscope); catalog }
+      end
+    else
+      compiler.compile { |catalog| yield(compiler.topscope); catalog }
+    end
   end
 end

data/lib/puppet/application/script.rb

@@ -71,6 +71,7 @@ configuration options can also be generated by running puppet with
   Where to send log messages. Choose between 'syslog' (the POSIX syslog
   service), 'eventlog' (the Windows Event Log), 'console', or the path to a log
   file. Defaults to 'console'.
+  Multiple destinations can be set using a comma separated list (eg: `/path/file1,console,/path/file2`)"
 
   A path ending with '.json' will receive structured output in JSON format. The
   log file will not have an ending ']' automatically written to it due to the

data/lib/puppet/application_support.rb

@@ -53,6 +53,13 @@ module Puppet
       route_file = Puppet[:route_file]
       if Puppet::FileSystem.exist?(route_file)
         routes = Puppet::Util::Yaml.safe_load_file(route_file, [Symbol])
+        if routes["server"] && routes["master"]
+          Puppet.warning("Route file #{route_file} contains both server and master route settings.")
+        elsif routes["server"] && !routes["master"]
+          routes["master"] = routes["server"]
+        elsif routes["master"] && !routes["server"]
+          routes["server"] = routes["master"]
+        end
         application_routes = routes[application_name]
         Puppet::Indirector.configure_routes(application_routes) if application_routes
       end

data/lib/puppet/configurer.rb

@@ -53,6 +53,7 @@ class Puppet::Configurer
   def initialize(transaction_uuid = nil, job_id = nil)
     @running = false
     @splayed = false
+    @running_failure = false
     @cached_catalog_status = 'not_used'
     @environment = Puppet[:environment]
     @transaction_uuid = transaction_uuid || SecureRandom.uuid
@@ -65,9 +66,16 @@ class Puppet::Configurer
   # Get the remote catalog, yo.  Returns nil if no catalog can be found.
   def retrieve_catalog(facts, query_options)
     query_options ||= {}
-    result = retrieve_catalog_from_cache(query_options) if Puppet[:use_cached_catalog]
+    if Puppet[:use_cached_catalog] || @running_failure
+      result = retrieve_catalog_from_cache(query_options)
+    end
+
     if result
-      @cached_catalog_status = 'explicitly_requested'
+      if Puppet[:use_cached_catalog]
+        @cached_catalog_status = 'explicitly_requested'
+      elsif @running_failure
+        @cached_catalog_status = 'on_failure'
+      end
 
       Puppet.info _("Using cached catalog from environment '%{environment}'") % { environment: result.environment }
     else
@@ -104,7 +112,7 @@ class Puppet::Configurer
     catalog_conversion_time = thinmark do
       # Will mutate the result and replace all Deferred values with resolved values
       if facts
-        Puppet::Pops::Evaluator::DeferredResolver.resolve_and_replace(facts, result)
+        Puppet::Pops::Evaluator::DeferredResolver.resolve_and_replace(facts, result, Puppet.lookup(:current_environment))
       end
 
       catalog = result.to_ral
@@ -216,9 +224,22 @@ class Puppet::Configurer
         if options[:catalog].nil? && do_failover
           server, port = find_functional_server
           if server.nil?
-            raise Puppet::Error, _("Could not select a functional puppet master from server_list: '%{server_list}'") % { server_list: Puppet.settings.value(:server_list, Puppet[:environment].to_sym, true) }
+            detail = _("Could not select a functional puppet server from server_list: '%{server_list}'") % { server_list: Puppet.settings.value(:server_list, Puppet[:environment].to_sym, true) }
+            if Puppet[:usecacheonfailure]
+              options[:pluginsync] = false
+              @running_failure = true
+
+              server = Puppet[:server_list].first[0]
+              port = Puppet[:server_list].first[1] || Puppet[:serverport]
+
+              Puppet.err(detail)
+            else
+              raise Puppet::Error, detail
+            end
           else
-            report.master_used = "#{server}:#{port}"
+            #TRANSLATORS 'server_list' is the name of a setting and should not be translated
+            Puppet.debug _("Selected puppet server from the `server_list` setting: %{server}:%{port}") % { server: server, port: port }
+            report.server_used = "#{server}:#{port}"
           end
           Puppet.override(server: server, serverport: port) do
             completed = run_internal(options)
@@ -303,6 +324,15 @@ class Puppet::Configurer
               report.environment = @environment
               query_options = nil
               facts = nil
+
+              new_env = Puppet::Node::Environment.remote(@environment)
+              Puppet.push_context(
+                {
+                  current_environment: new_env,
+                  loaders: Puppet::Pops::Loaders.new(new_env, true)
+                },
+                "Local node environment #{@environment} for configurer transaction"
+              )
             else
               Puppet.info _("Using configured environment '%{env}'") % { env: @environment }
             end
@@ -313,19 +343,18 @@ class Puppet::Configurer
         end
       end
 
-      current_environment = Puppet.lookup(:current_environment)
-      if current_environment.name == @environment.intern
-        local_node_environment = current_environment
-      else
-        local_node_environment = Puppet::Node::Environment.create(@environment,
-                                         current_environment.modulepath,
-                                         current_environment.manifest,
-                                         current_environment.config_version)
+      # This is to maintain compatibility with anyone using this class
+      # aside from agent, apply, device.
+      unless Puppet.lookup(:loaders) { nil }
+        new_env = Puppet::Node::Environment.remote(@environment)
+        Puppet.push_context(
+          {
+            current_environment: new_env,
+            loaders: Puppet::Pops::Loaders.new(new_env, true)
+          },
+          "Local node environment #{@environment} for configurer transaction"
+        )
       end
-      Puppet.push_context({
-        :current_environment => local_node_environment, 
-        :loaders => Puppet::Pops::Loaders.new(local_node_environment, true)
-      }, "Local node environment for configurer transaction")
 
       query_options, facts = get_facts(options) unless query_options
       query_options[:configured_environment] = configured_environment
@@ -368,16 +397,29 @@ class Puppet::Configurer
       if !cached_catalog && options[:catalog]
         ral_catalog = options[:catalog]
       else
+        # Ordering here matters. We have to resolve deferred resources in the
+        # resource catalog, convert the resource catalog to a RAL catalog (which
+        # triggers type/provider validation), and only if that is successful,
+        # should we cache the *original* resource catalog. However, deferred
+        # evaluation mutates the resource catalog, so we need to make a copy of
+        # it here. If PUP-9323 is ever implemented so that we resolve deferred
+        # resources in the RAL catalog as they are needed, then we could eliminate
+        # this step.
+        catalog_to_cache = Puppet.override(:rich_data => Puppet[:rich_data]) do
+          Puppet::Resource::Catalog.from_data_hash(catalog.to_data_hash)
+        end
+
         # REMIND @duration is the time spent loading the last catalog, and doesn't
         # account for things like we failed to download and fell back to the cache
         ral_catalog = convert_catalog(catalog, @duration, facts, options)
 
-        # If not noop, commit the cached resource catalog (not ral catalog). Ideally
+        # Validation succeeded, so commit the `catalog_to_cache` for non-noop runs. Don't
+        # commit `catalog` since it contains the result of deferred evaluation. Ideally
         # we'd just copy the downloaded response body, instead of serializing the
         # in-memory catalog, but that's hard due to the indirector.
         indirection = Puppet::Resource::Catalog.indirection
         if !Puppet[:noop] && indirection.cache?
-          request = indirection.request(:save, nil, catalog, environment: Puppet::Node::Environment.remote(catalog.environment))
+          request = indirection.request(:save, nil, catalog_to_cache, environment: Puppet::Node::Environment.remote(catalog_to_cache.environment))
           Puppet.info("Caching catalog for #{request.key}")
           indirection.cache.save(request)
         end
@@ -530,6 +572,14 @@ class Puppet::Configurer
   end
 
   def download_plugins(remote_environment_for_plugins)
-    @handler.download_plugins(remote_environment_for_plugins)
+    begin
+      @handler.download_plugins(remote_environment_for_plugins)
+    rescue Puppet::Error => detail
+      if !Puppet[:ignore_plugin_errors] && Puppet[:usecacheonfailure]
+        @running_failure = true
+      else
+        raise detail
+      end
+    end
   end
 end

data/lib/puppet/configurer/downloader.rb

@@ -11,32 +11,53 @@ class Puppet::Configurer::Downloader
     files = []
     begin
       catalog.apply do |trans|
+        unless Puppet[:ignore_plugin_errors]
+          # Propagate the first failure associated with the transaction. The any_failed?
+          # method returns the first resource status that failed or nil, not a boolean.
+          first_failure = trans.any_failed?
+          if first_failure
+            event = (first_failure.events || []).first
+            detail = event ? event.message : 'unknown'
+            raise Puppet::Error.new(_("Failed to retrieve %{name}: %{detail}") % { name: name, detail: detail })
+          end
+        end
+
         trans.changed?.each do |resource|
           yield resource if block_given?
           files << resource[:path]
         end
       end
     rescue Puppet::Error => detail
-      Puppet.log_exception(detail, _("Could not retrieve %{name}: %{detail}") % { name: name, detail: detail })
+      if Puppet[:ignore_plugin_errors]
+        Puppet.log_exception(detail, _("Could not retrieve %{name}: %{detail}") % { name: name, detail: detail })
+      else
+        raise detail
+      end
     end
     files
   end
 
   def initialize(name, path, source, ignore = nil, environment = nil, source_permissions = :ignore)
     @name, @path, @source, @ignore, @environment, @source_permissions = name, path, source, ignore, environment, source_permissions
-  end
 
-  def catalog
-    catalog = Puppet::Resource::Catalog.new("PluginSync", @environment)
-    catalog.host_config = false
-    catalog.add_resource(file)
-    catalog
   end
 
   def file
-    args = default_arguments.merge(:path => path, :source => source)
-    args[:ignore] = ignore.split if ignore
-    Puppet::Type.type(:file).new(args)
+    unless @file
+      args = default_arguments.merge(:path => path, :source => source)
+      args[:ignore] = ignore.split if ignore
+      @file = Puppet::Type.type(:file).new(args)
+    end
+    @file
+  end
+
+  def catalog
+    unless @catalog
+      @catalog = Puppet::Resource::Catalog.new("PluginSync", @environment)
+      @catalog.host_config = false
+      @catalog.add_resource(file)
+    end
+    @catalog
   end
 
   private

data/lib/puppet/confine.rb

@@ -26,7 +26,7 @@ class Puppet::Confine
         require "puppet/confine/#{name}"
       rescue LoadError => detail
         unless detail.to_s =~ /No such file|cannot load such file/i
-          warn "Could not load confine test '#{name}': #{detail}"
+          Puppet.warning("Could not load confine test '#{name}': #{detail}")
         end
         # Could not find file
         if !Puppet[:always_retry_plugins]
@@ -67,7 +67,7 @@ class Puppet::Confine
   def valid?
     values.each do |value|
       unless pass?(value)
-        Puppet.debug(label + ": " + message(value))
+        Puppet.debug { label + ": " + message(value) }
         return false
       end
     end

data/lib/puppet/confine/any.rb

@@ -19,7 +19,7 @@ class Puppet::Confine::Any < Puppet::Confine
     if @values.any? { |value| pass?(value) }
       true
     else
-      Puppet.debug("#{label}: #{message(@values)}")
+      Puppet.debug { "#{label}: #{message(@values)}" }
       false
     end
   end

data/lib/puppet/defaults.rb

@@ -77,7 +77,8 @@ module Puppet
           the "facter-ng" gem). This is not necessary if Facter 3.x or later is installed.
           This setting is still experimental.',
         :hook    => proc do |value|
-          if value
+          value = munge(value)
+          if value && Puppet::Util::Package.versioncmp(Facter.value('facterversion'), '4.0.0') < 0
             begin
               original_facter = Object.const_get(:Facter)
               Object.send(:remove_const, :Facter)
@@ -347,8 +348,7 @@ module Puppet
       :default => "ansi",
       :type    => :string,
       :desc    => "Whether to use colors when logging to the console.  Valid values are
-        `ansi` (equivalent to `true`), `html`, and `false`, which produces no color.
-        Defaults to false on Windows, as its console does not support ansi colors.",
+        `ansi` (equivalent to `true`), `html`, and `false`, which produces no color."
     },
     :mkusers => {
         :default  => false,
@@ -375,7 +375,7 @@ module Puppet
           from the parent process.
 
           This setting can only be set in the `[main]` section of puppet.conf; it cannot
-          be set in `[master]`, `[agent]`, or an environment config section.",
+          be set in `[server]`, `[agent]`, or an environment config section.",
         :call_hook => :on_define_and_write,
         :hook             => proc do |value|
           Puppet::Util.set_env('PATH', '') if Puppet::Util.get_env('PATH').nil?
@@ -563,7 +563,7 @@ module Puppet
         config = File.expand_path(File.join(settings[:confdir], 'hiera.yaml')) if config.nil?
         config
       end,
-      :desc    => "The hiera configuration file. Puppet only reads this file on startup, so you must restart the puppet master every time you edit it.",
+      :desc    => "The hiera configuration file. Puppet only reads this file on startup, so you must restart the puppet server every time you edit it.",
       :type    => :file,
     },
     :binder_config => {
@@ -590,13 +590,22 @@ module Puppet
     },
     :trusted_external_command => {
       :default  => nil,
-      :desc     => "The external trusted facts script to use.
+      :type     => :file_or_directory,
+      :desc     => "The external trusted facts script or directory to use.
         This setting's value can be set to the path to an executable command that
-        can produce external trusted facts. The command must:
+        can produce external trusted facts or to a directory containing those
+        executable commands. The command(s) must:
 
         * Take the name of a node as a command-line argument.
         * Return a JSON hash with the external trusted facts for this node.
-        * For unknown or invalid nodes, exit with a non-zero exit code.",
+        * For unknown or invalid nodes, exit with a non-zero exit code.
+
+        If the setting points to an executable command, then the external trusted
+        facts will be stored in the 'external' key of the trusted facts hash. Otherwise
+        for each executable file in the directory, the external trusted facts will be
+        stored in the `<basename>` key of the `trusted['external']` hash. For example,
+        if the files foo.rb and bar.sh are in the directory, then `trusted['external']`
+        will be the hash `{ 'foo' => <foo.rb output>, 'bar' => <bar.sh output> }`.",
     },
     :default_file_terminus => {
       :type       => :terminus,
@@ -624,7 +633,7 @@ module Puppet
     :http_proxy_password =>{
       :default    => "none",
       :hook       => proc do |value|
-        if settings[:http_proxy_password] =~ /[@!# \/]/
+        if value =~ /[@!# \/]/
           raise "Passwords set in the http_proxy_password setting must be valid as part of a URL, and any reserved characters must be URL-encoded. We received: #{value}"
         end
       end,
@@ -692,40 +701,54 @@ Valid values are 0 (never cache) and 15 (15 second minimum wait time).
     :environment_timeout => {
       :default    => "0",
       :type       => :ttl,
-      :desc       => "How long the Puppet master should cache data it loads from an
+      :desc       => "How long the Puppet server should cache data it loads from an
       environment.
 
       A value of `0` will disable caching. This setting can also be set to
-      `unlimited`, which will cache environments until the master is restarted
-      or told to refresh the cache.
+      `unlimited`, which will cache environments until the server is restarted
+      or told to refresh the cache. All other values will result in Puppet
+      server evicting expired environments. The expiration time is computed
+      based on either when the environment was created or last accessed, see
+      `environment_timeout_mode`.
 
       You should change this setting once your Puppet deployment is doing
       non-trivial work. We chose the default value of `0` because it lets new
       users update their code without any extra steps, but it lowers the
-      performance of your Puppet master.
-
-      We recommend setting this to `unlimited` and explicitly refreshing your
-      Puppet master as part of your code deployment process.
-
-      * With Puppet Server, you should refresh environments by calling the
-        `environment-cache` API endpoint. See the docs for the Puppet Server
-        [administrative API](https://puppet.com/docs/puppetserver/latest/admin-api/v1/environment-cache.html).
-
-      Any value other than `0` or `unlimited` is deprecated, since most Puppet
-      servers use a pool of Ruby interpreters which all have their own cache
-      timers. When these timers drift out of sync, agents can be served
-      inconsistent catalogs.",
+      performance of your Puppet server. We recommend either:
+
+      * Setting this to `unlimited` and explicitly refreshing your Puppet server
+        as part of your code deployment process.
+
+      * Setting this to a number that will keep your most actively used
+        environments cached, but allow testing environments to fall out of the
+        cache and reduce memory usage. A value of 3 minutes (3m) is a reasonable
+        value. This option requires setting `environment_timeout_mode` to
+        `from_last_used`.
+
+      Once you set `environment_timeout` to a non-zero value, you need to tell
+      Puppet server to read new code from disk using the `environment-cache` API
+      endpoint after you deploy new code. See the docs for the Puppet Server
+      [administrative API](https://puppet.com/docs/puppetserver/latest/admin-api/v1/environment-cache.html).
+      ",
       :hook => proc do |val|
-        unless [0, 'unlimited', Float::INFINITY].include?(val)
-          Puppet.deprecation_warning(<<-WARNING)
-Fine grained control of environment timeouts is deprecated,
-please use `0` or `unlimited` to control default caching behavior
-and the environment-cache endpoint in Puppet Server's administrative
-API to expire the cache as needed
-          WARNING
+        if Puppet[:environment_timeout_mode] == :from_created
+          unless [0, 'unlimited', Float::INFINITY].include?(val)
+            Puppet.deprecation_warning("Evicting environments based on their creation time is deprecated, please set `environment_timeout_mode` to `from_last_used` instead.")
+          end
         end
       end
     },
+    :environment_timeout_mode => {
+      :default => :from_created,
+      :type    => :symbolic_enum,
+      :values  => [:from_created, :from_last_used],
+      :desc => "How Puppet interprets the `environment_timeout` setting when
+      `environment_timeout` is neither `0` nor `unlimited`. If set to
+      `from_created`, then the environment will be evicted `environment_timeout`
+      seconds from when it was created. If set to `from_last_used` then the
+      environment will be evicted `environment_timeout` seconds from when it
+      was last used."
+    },
     :environment_data_provider => {
       :desc       => "The name of a registered environment data provider used when obtaining environment
       specific data. The three built in and registered providers are 'none' (no data), 'function' (data
@@ -814,10 +837,15 @@ API to expire the cache as needed
           only use lowercase letters, numbers, periods, underscores, and dashes. (That is,
           it should match `/\A[a-z0-9._-]+\Z/`.)
         * The special value `ca` is reserved, and can't be used as the certname
-          for a normal node.
+          for a normal node.         
+
+          **Note:** You must set the certname in the main section of the puppet.conf file. Setting it in a different section causes errors.
 
         Defaults to the node's fully qualified domain name.",
-      :hook => proc { |value| raise(ArgumentError, _("Certificate names must be lower case")) unless value == value.downcase }},
+      :call_hook => :on_initialize_and_write,
+      :hook => proc { |value|
+        raise(ArgumentError, _("Certificate names must be lower case")) unless value == value.downcase
+      }},
     :dns_alt_names => {
       :default => '',
       :desc    => <<EOT,
@@ -992,6 +1020,15 @@ EOT
         and reject the CA certificate if the values do not match. This only applies
         during the first download of the CA certificate."
     },
+    :ssl_trust_store => {
+      :default => nil,
+      :type => :file,
+      :desc => "A file containing CA certificates in PEM format that puppet should trust
+        when making HTTPS requests. This **only** applies to https requests to non-puppet
+        infrastructure, such as retrieving file metadata and content from https file sources,
+        puppet module tool and the 'http' report processor. This setting is ignored when
+        making requests to puppet:// URLs such as catalog and report requests.",
+    },
     :ssl_client_ca_auth => {
       :type  => :file,
       :mode  => "0644",
@@ -1091,7 +1128,7 @@ EOT
       :type      => :string,
       :desc      => "Where to send log messages. Choose between 'syslog' (the POSIX syslog
       service), 'eventlog' (the Windows Event Log), 'console', or the path to a log
-      file."
+      file. Multiple destinations can be set using a comma separated list (eg: `/path/file1,console,/path/file2`)"
       # Sure would be nice to set the Puppet::Util::Log destination here in an :on_initialize_and_write hook,
       # unfortunately we have a large number of tests that rely on the logging not resetting itself when the
       # settings are initialized as they test what gets logged during settings initialization.
@@ -1284,7 +1321,7 @@ EOT
     }
   )
 
-  settings.define_settings(:master,
+  settings.define_settings(:server,
     :user => {
       :default    => "puppet",
       :desc       => "The user Puppet Server will run as. Used to ensure
@@ -1340,6 +1377,10 @@ EOT
       with Puppet Server. (eg `puppet facts upload`, `puppet agent`). May be
       overridden by more specific settings (see `ca_port`, `report_port`).",
     },
+    :serverport => {
+      :type => :alias,
+      :alias_for => :masterport
+    },
     :node_name => {
       :default    => 'cert',
       :type       => :enum,
@@ -1536,7 +1577,7 @@ EOT
     :statefile => {
       :default => "$statedir/state.yaml",
       :type => :file,
-      :mode => "0660",
+      :mode => "0640",
       :desc => "Where puppet agent and puppet master store state associated
         with the running configuration.  In the case of puppet master,
         this file reflects the state discovered through interacting
@@ -1558,7 +1599,7 @@ EOT
     :transactionstorefile => {
       :default => "$statedir/transactionstore.yaml",
       :type => :file,
-      :mode => "0660",
+      :mode => "0640",
       :desc => "Transactional storage file for persisting data between
         transactions for the purposes of infering information (such as
         corrective_change) on new data received."
@@ -1684,8 +1725,7 @@ EOT
       :type     => :duration,
       :desc     => "How often puppet agent applies the catalog.
           Note that a runinterval of 0 means \"run continuously\" rather than
-          \"never run.\" If you want puppet agent to never run, you should start
-          it with the `--no-client` option. #{AS_DURATION}",
+          \"never run.\" #{AS_DURATION}",
     },
     :runtimeout => {
       :default  => "1h",
@@ -1701,7 +1741,7 @@ EOT
       and does not need to horizontally scale.",
     },
     :ca_port => {
-      :default    => "$masterport",
+      :default    => "$serverport",
       :desc       => "The port to use for the certificate authority.",
     },
     :preferred_serialization_format => {
@@ -1790,7 +1830,7 @@ EOT
       :desc     => "The server to send transaction reports to.",
     },
     :report_port => {
-      :default  => "$masterport",
+      :default  => "$serverport",
       :desc     => "The port to communicate with the report_server.",
     },
     :report => {
@@ -1830,7 +1870,11 @@ EOT
       :default  => "$statedir/last_run_report.yaml",
       :type     => :file,
       :mode     => "0640",
-      :desc     => "Where puppet agent stores the last run report in yaml format."
+      :desc     => "Where Puppet Agent stores the last run report, by default, in yaml format.
+        The format of the report can be changed by setting the `cache` key of the `report` terminus
+        in the [routes.yaml](https://puppet.com/docs/puppet/latest/config_file_routes.html) file.
+        To avoid mismatches between content and file extension, this setting needs to be
+        manually updated to reflect the terminus changes."
     },
     :graph => {
       :default  => false,
@@ -1890,7 +1934,7 @@ EOT
       already ongoing puppet agent instance.
 
       This argument is by default disabled (value set to 0). In this case puppet agent will
-      immediatly exit if it cannot run at that moment. When a value other than 0 is set, this
+      immediately exit if it cannot run at that moment. When a value other than 0 is set, this
       can also be used in combination with the `maxwaitforlock` argument.
       #{AS_DURATION}",
     },
@@ -1941,9 +1985,26 @@ EOT
       is used for retrieval, so anything that is a valid file source can
       be used here.",
     },
+    :pluginsync => {
+      :default    => true,
+      :type       => :boolean,
+      :desc       => "Whether plugins should be synced with the central server. This setting is
+        deprecated.",
+      :hook => proc { |value|
+        #TRANSLATORS 'pluginsync' is a setting and should not be translated
+        Puppet.deprecation_warning(_("Setting 'pluginsync' is deprecated."))
+      }
+    },
     :pluginsignore => {
         :default  => ".svn CVS .git .hg",
         :desc     => "What files to ignore when pulling down plugins.",
+    },
+    :ignore_plugin_errors => {
+      :default    => true,
+      :type       => :boolean,
+      :desc       => "Whether the puppet run should ignore errors during pluginsync. If the setting
+        is false and there are errors during pluginsync, then the agent will abort the run and
+        submit a report containing information about the failed run."
     }
   )
 
@@ -2088,7 +2149,7 @@ EOT
     }
   )
 
-  settings.define_settings(:master,
+  settings.define_settings(:server,
     :storeconfigs => {
       :default  => false,
       :type     => :boolean,
@@ -2157,12 +2218,18 @@ EOT
    :func3x_check => {
      :default => true,
      :type => :boolean,
-     :desc => <<-'EOT'
+     :desc => <<-'EOT',
        Causes validation of loaded legacy Ruby functions (3x API) to raise errors about illegal constructs that
        could cause harm or that simply does not work. This flag is on by default. This flag is made available
        so that the validation can be turned off in case the method of validation is faulty - if encountered, please
        file a bug report.
      EOT
+     :call_hook => :on_initialize_and_write,
+     :hook => proc do |value|
+       unless value
+         Puppet.deprecation_warning(_("The 'func3x_check' setting is deprecated and will be removed in a future release."))
+       end
+     end
      },
   :tasks => {
     :default => false,